urlhaus_monitor 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/urlhaus_monitor/entry.rb +77 -26
  3. data/lib/urlhaus_monitor/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0c76d3e7849c7a747f538e71ec181064e3c1ddfd782a776dd575e36787ef3474
4
- data.tar.gz: 7e63116b773fd023bf94a93461765b7d2b89c63fb996968d8c95769e4f90d64e
3
+ metadata.gz: 75302864cc798a6416eb7555f623d2f4fdfaed0e6b4c84699d389f7fea4b507c
4
+ data.tar.gz: ee06d211fe279b4e94bf00e61efe41855ce6e84284404e3c12485fee636a7f82
5
5
  SHA512:
6
- metadata.gz: 88566b40be5de7f2d002bd660b2e74090cc7e2e616503b6c1d8219d9e32aff7e40491d17d81e1b1bc1f6cd9f7a90da3796fceb7e42156d06306f5781bb35a1af
7
- data.tar.gz: bc6304a7279c0ff154f0c9c1c9a735136f5e9a91fd45e049c70dfc2ccdab0f408f04d7e6ac26db1dcd8e5af7d3f68bf4c74c1950008c835f6cb571f737fbd3fa
6
+ metadata.gz: ba1d9cb86ca0e123f3e64458d769b7916dfa1ad5cfef8126c6c757504e4412dd5048b09b93f8e0600b2551ed9cb3d785009914e33708b1f93f6804acf95c4800
7
+ data.tar.gz: ce75f0beaca133ce632659b90c007ee449446f7f70e43cdc604cdfc7ee90b950246bb3ebbf82eab36f85dd8c7165a40bdee67ab523081b12d8adc1c193ae784d
data/lib/urlhaus_monitor/entry.rb CHANGED
@@ -15,16 +15,13 @@ module URLhausMonitor
15
15
 
16
16
  def initialize(line)
17
17
  parts = CSV.parse(line.chomp).flatten
18
- raise ArgumentError, "#{line} is not valid." unless parts.length == 8
18
+ raise ArgumentError, "#{line} is not valid." unless parts.length == 8 || parts.length == 9
19
19
 
20
- @date_added = parts.shift
21
- @url = parts.shift
22
- @url_status = parts.shift
23
- @threat = parts.shift
24
- @host = parts.shift
25
- @ip_address = parts.shift
26
- @asnumber = parts.shift
27
- @country = parts.shift
20
+ if parts.length == 8
21
+ parse_without_tags parts
22
+ else
23
+ parse_with_tags parts
24
+ end
28
25
  end
29
26
 
30
27
  def defanged_url
@@ -32,38 +29,92 @@ module URLhausMonitor
32
29
  end
33
30
 
34
31
  def defanged_host
35
- @defanged_host ||= host.gsub(/\./, "[.]")
32
+ @defanged_host ||= host.gsub(/\./, "[.]")
33
+ end
34
+
35
+ def title
36
+ "#{defanged_url} (#{defanged_host} / #{ip_address} / #{date_added}) : #{threat}"
36
37
  end
37
38
 
38
39
  def vt_link
39
- "https://www.virustotal.com/#/domain/#{host}"
40
+ return nil unless _vt_link
41
+
42
+ {
43
+ type: "button",
44
+ text: "Lookup on VirusTotal",
45
+ url: _vt_link,
46
+ }
47
+ end
48
+
49
+ def urlscan_link
50
+ return nil unless _urlscan_link
51
+
52
+ {
53
+ type: "button",
54
+ text: "Lookup on urlscan.io",
55
+ url: _urlscan_link,
56
+ }
40
57
  end
41
58
 
42
59
  def urlhaus_link
43
- "https://urlhaus.abuse.ch/host/#{host}/"
60
+ return nil unless _urlhaus_link
61
+
62
+ {
63
+ type: "button",
64
+ text: "Lookup on URLhaus",
65
+ url: _urlhaus_link,
66
+ }
44
67
  end
45
68
 
46
- def title
47
- "#{defanged_url} (#{defanged_host} / #{ip_address}) (#{date_added})"
69
+ def actions
70
+ [vt_link, urlscan_link, urlhaus_link].compact
48
71
  end
49
72
 
50
73
  def to_attachements
51
74
  [
52
75
  {
53
- fallback: "urlhaus link",
54
- title: defanged_host,
55
- title_link: urlhaus_link,
56
- footer: "urlhaus.abuse.ch",
57
- footer_icon: "http://www.google.com/s2/favicons?domain=urlhaus.abuse.ch"
58
- },
59
- {
60
- fallback: "vt link",
61
- title: defanged_host,
62
- title_link: vt_link,
63
- footer: "virustotal.com",
64
- footer_icon: "http://www.google.com/s2/favicons?domain=virustotal.com"
76
+ text: defanged_host,
77
+ fallback: "VT & urlscan.io links",
78
+ actions: actions
65
79
  }
66
80
  ]
67
81
  end
82
+
83
+ private
84
+
85
+ def _vt_link
86
+ "https://www.virustotal.com/#/domain/#{host}"
87
+ end
88
+
89
+ def _urlscan_link
90
+ "https://urlscan.io/domain/#{host}"
91
+ end
92
+
93
+ def _urlhaus_link
94
+ "https://urlhaus.abuse.ch/host/#{host}/"
95
+ end
96
+
97
+ def parse_without_tags(parts)
98
+ @date_added = parts.shift
99
+ @url = parts.shift
100
+ @url_status = parts.shift
101
+ @threat = parts.shift
102
+ @host = parts.shift
103
+ @ip_address = parts.shift
104
+ @asnumber = parts.shift
105
+ @country = parts.shift
106
+ end
107
+
108
+ def parse_with_tags(parts)
109
+ @date_added = parts.shift
110
+ @url = parts.shift
111
+ @url_status = parts.shift
112
+ @threat = parts.shift
113
+ @tags = parts.shift
114
+ @host = parts.shift
115
+ @ip_address = parts.shift
116
+ @asnumber = parts.shift
117
+ @country = parts.shift
118
+ end
68
119
  end
69
120
  end
data/lib/urlhaus_monitor/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module URLhausMonitor
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: urlhaus_monitor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-24 00:00:00.000000000 Z
11
+ date: 2019-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler