Merge pull request #70 from ninoseki/add-dnpedia-lookup

feat: add DNPedia lookup
ninoseki · Sep 30, 2019 · 46019b4 · 46019b4
2 parents 60a0d11 + a07892c
commit 46019b4
Show file tree

Hide file tree

Showing 7 changed files with 132 additions and 1 deletion.
diff --git a/lib/mihari.rb b/lib/mihari.rb
@@ -30,9 +30,10 @@ def emitters
 require "mihari/analyzers/basic"
 require "mihari/analyzers/censys"
 require "mihari/analyzers/crtsh"
+require "mihari/analyzers/dnpedia"
 require "mihari/analyzers/onyphe"
-require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/securitytrails_domain_feed"
+require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"
 require "mihari/analyzers/urlscan"
 require "mihari/analyzers/virustotal"

diff --git a/lib/mihari/analyzers/dnpedia.rb b/lib/mihari/analyzers/dnpedia.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "dnpedia"
+
+module Mihari
+  module Analyzers
+    class DNPedia < Base
+      attr_reader :query
+      attr_reader :title
+      attr_reader :description
+      attr_reader :tags
+
+      def initialize(query, title: nil, description: nil, tags: [])
+        super()
+
+        @query = query
+        @title = title || "DNPedia domain lookup"
+        @description = description || "query = #{query}"
+        @tags = tags
+      end
+
+      def artifacts
+        lookup || []
+      end
+
+      private
+
+      def api
+        @api ||= ::DNPedia::API.new
+      end
+
+      def lookup
+        res = api.search(query)
+        rows = res.dig("rows") || []
+        rows.map do |row|
+          [row.dig("name"), row.dig("zoneid")].join(".")
+        end
+      rescue ::DNPedia::Error => _e
+        nil
+      end
+    end
+  end
+end
diff --git a/lib/mihari/cli.rb b/lib/mihari/cli.rb
@@ -89,6 +89,16 @@ def crtsh(query)
       end
     end
 
+    desc "dnpedia [QUERY]", "DNPedia domain lookup by a given query"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
+    method_option :tags, type: :array, desc: "tags"
+    def dnpedia(query)
+      with_error_handling do
+        run_analyzer Analyzers::DNPedia, query: query, options: options
+      end
+    end
+
     desc "import_from_json", "Give a JSON input via STDIN"
     def import_from_json(input = nil)
       with_error_handling do

diff --git a/mihari.gemspec b/mihari.gemspec
@@ -36,6 +36,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "addressable", "~> 2.7"
   spec.add_dependency "censu", "~> 0.2"
   spec.add_dependency "crtsh-rb", "~> 0.1"
+  spec.add_dependency "dnpedia", "~> 0.1"
   spec.add_dependency "email_address", "~> 0.1"
   spec.add_dependency "hachi", "~> 0.2"
   spec.add_dependency "lightly", "~> 0.3"

diff --git a/spec/analyzers/dnpeida_spec.rb b/spec/analyzers/dnpeida_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+RSpec.describe Mihari::Analyzers::DNPedia, :vcr do
+  let(:tags) { %w(test) }
+  let(:query) { "%apple%" }
+
+  subject { described_class.new(query, tags: tags) }
+
+  describe "#artifacts" do
+    it do
+      subject.artifacts
+    end
+  end
+end
diff --git a/spec/cli_spec.rb b/spec/cli_spec.rb
@@ -80,6 +80,15 @@
     end
   end
 
+  describe "#dnpedia" do
+    before { allow(Mihari::Analyzers::DNPedia).to receive(:new).and_return(mock) }
+
+    it do
+      subject.start ["dnpedia", query]
+      expect(mock).to have_received(:run).once
+    end
+  end
+
   describe "#alerts" do
     let(:mock) { double("AlertViewer") }
     let(:alerts) {

diff --git a/spec/fixtures/vcr_cassettes/Mihari_Analyzers_DNPedia/_artifacts/1_1_1.yml b/spec/fixtures/vcr_cassettes/Mihari_Analyzers_DNPedia/_artifacts/1_1_1.yml