urlhaus_monitor 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/urlhaus_monitor/entry.rb +77 -26
- data/lib/urlhaus_monitor/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 75302864cc798a6416eb7555f623d2f4fdfaed0e6b4c84699d389f7fea4b507c
|
4
|
+
data.tar.gz: ee06d211fe279b4e94bf00e61efe41855ce6e84284404e3c12485fee636a7f82
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ba1d9cb86ca0e123f3e64458d769b7916dfa1ad5cfef8126c6c757504e4412dd5048b09b93f8e0600b2551ed9cb3d785009914e33708b1f93f6804acf95c4800
|
7
|
+
data.tar.gz: ce75f0beaca133ce632659b90c007ee449446f7f70e43cdc604cdfc7ee90b950246bb3ebbf82eab36f85dd8c7165a40bdee67ab523081b12d8adc1c193ae784d
|
@@ -15,16 +15,13 @@ module URLhausMonitor
|
|
15
15
|
|
16
16
|
def initialize(line)
|
17
17
|
parts = CSV.parse(line.chomp).flatten
|
18
|
-
raise ArgumentError, "#{line} is not valid." unless parts.length == 8
|
18
|
+
raise ArgumentError, "#{line} is not valid." unless parts.length == 8 || parts.length == 9
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
@ip_address = parts.shift
|
26
|
-
@asnumber = parts.shift
|
27
|
-
@country = parts.shift
|
20
|
+
if parts.length == 8
|
21
|
+
parse_without_tags parts
|
22
|
+
else
|
23
|
+
parse_with_tags parts
|
24
|
+
end
|
28
25
|
end
|
29
26
|
|
30
27
|
def defanged_url
|
@@ -32,38 +29,92 @@ module URLhausMonitor
|
|
32
29
|
end
|
33
30
|
|
34
31
|
def defanged_host
|
35
|
-
@defanged_host ||=
|
32
|
+
@defanged_host ||= host.gsub(/\./, "[.]")
|
33
|
+
end
|
34
|
+
|
35
|
+
def title
|
36
|
+
"#{defanged_url} (#{defanged_host} / #{ip_address} / #{date_added}) : #{threat}"
|
36
37
|
end
|
37
38
|
|
38
39
|
def vt_link
|
39
|
-
|
40
|
+
return nil unless _vt_link
|
41
|
+
|
42
|
+
{
|
43
|
+
type: "button",
|
44
|
+
text: "Lookup on VirusTotal",
|
45
|
+
url: _vt_link,
|
46
|
+
}
|
47
|
+
end
|
48
|
+
|
49
|
+
def urlscan_link
|
50
|
+
return nil unless _urlscan_link
|
51
|
+
|
52
|
+
{
|
53
|
+
type: "button",
|
54
|
+
text: "Lookup on urlscan.io",
|
55
|
+
url: _urlscan_link,
|
56
|
+
}
|
40
57
|
end
|
41
58
|
|
42
59
|
def urlhaus_link
|
43
|
-
|
60
|
+
return nil unless _urlhaus_link
|
61
|
+
|
62
|
+
{
|
63
|
+
type: "button",
|
64
|
+
text: "Lookup on URLhaus",
|
65
|
+
url: _urlhaus_link,
|
66
|
+
}
|
44
67
|
end
|
45
68
|
|
46
|
-
def
|
47
|
-
|
69
|
+
def actions
|
70
|
+
[vt_link, urlscan_link, urlhaus_link].compact
|
48
71
|
end
|
49
72
|
|
50
73
|
def to_attachements
|
51
74
|
[
|
52
75
|
{
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
footer: "urlhaus.abuse.ch",
|
57
|
-
footer_icon: "http://www.google.com/s2/favicons?domain=urlhaus.abuse.ch"
|
58
|
-
},
|
59
|
-
{
|
60
|
-
fallback: "vt link",
|
61
|
-
title: defanged_host,
|
62
|
-
title_link: vt_link,
|
63
|
-
footer: "virustotal.com",
|
64
|
-
footer_icon: "http://www.google.com/s2/favicons?domain=virustotal.com"
|
76
|
+
text: defanged_host,
|
77
|
+
fallback: "VT & urlscan.io links",
|
78
|
+
actions: actions
|
65
79
|
}
|
66
80
|
]
|
67
81
|
end
|
82
|
+
|
83
|
+
private
|
84
|
+
|
85
|
+
def _vt_link
|
86
|
+
"https://www.virustotal.com/#/domain/#{host}"
|
87
|
+
end
|
88
|
+
|
89
|
+
def _urlscan_link
|
90
|
+
"https://urlscan.io/domain/#{host}"
|
91
|
+
end
|
92
|
+
|
93
|
+
def _urlhaus_link
|
94
|
+
"https://urlhaus.abuse.ch/host/#{host}/"
|
95
|
+
end
|
96
|
+
|
97
|
+
def parse_without_tags(parts)
|
98
|
+
@date_added = parts.shift
|
99
|
+
@url = parts.shift
|
100
|
+
@url_status = parts.shift
|
101
|
+
@threat = parts.shift
|
102
|
+
@host = parts.shift
|
103
|
+
@ip_address = parts.shift
|
104
|
+
@asnumber = parts.shift
|
105
|
+
@country = parts.shift
|
106
|
+
end
|
107
|
+
|
108
|
+
def parse_with_tags(parts)
|
109
|
+
@date_added = parts.shift
|
110
|
+
@url = parts.shift
|
111
|
+
@url_status = parts.shift
|
112
|
+
@threat = parts.shift
|
113
|
+
@tags = parts.shift
|
114
|
+
@host = parts.shift
|
115
|
+
@ip_address = parts.shift
|
116
|
+
@asnumber = parts.shift
|
117
|
+
@country = parts.shift
|
118
|
+
end
|
68
119
|
end
|
69
120
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: urlhaus_monitor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-05-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|