Class: ThreatExpert::Search

Inherits:

Object

• Object
• ThreatExpert::Search

Defined in:

lib/threatexpert/search.rb

Constant Summary

@@baseurl =

'http://www.threatexpert.com'

Instance Method Summary

• #_parse_list(nextpage) ⇒ Object
• #_parse_report(page) ⇒ Object
• #initialize ⇒ Search constructor

  A new instance of Search.

• #md5(hash) ⇒ Object
• #name(mwname) ⇒ Object

Constructor Details

#initialize ⇒ Search

Returns a new instance of Search.

# File 'lib/threatexpert/search.rb', line 8

def initialize
end

Instance Method Details

#_parse_list(nextpage) ⇒ Object

# File 'lib/threatexpert/search.rb', line 21

def _parse_list(nextpage)
  hashes = []
  while nextpage
    page = open(nextpage).read
    nextpage = nil
    n = Nokogiri::HTML.parse(page)
    n.xpath('//a').each do |a|
      if a['href'] =~ /report\.aspx\?md5=([0-9a-fA-F]{32,128})/
        hashes << $1
      elsif a.text == 'Next'
        nextpage = "http://www.threatexpert.com/"+a['href']
      end
    end
  end
  hashes
end

#_parse_report(page) ⇒ Object

# File 'lib/threatexpert/search.rb', line 38

def _parse_report(page)
  page = open(page).read
  return nil if page =~ /<status>not_found<\/status>/
  Crack::XML.parse(page)
end

#md5(hash) ⇒ Object

# File 'lib/threatexpert/search.rb', line 11

def md5(hash)
  url = @@baseurl+"/report.aspx?md5=#{hash}&xml=1"
  _parse_report(url)
end

#name(mwname) ⇒ Object

# File 'lib/threatexpert/search.rb', line 16

def name(mwname)
  url = @@baseurl+"/reports.aspx?find=#{mwname}"
  _parse_list(url)
end