Merge pull request #32 from ninoseki/add-xforce-exchange-support

Add X-Force-Exchange support
ninoseki · Jul 21, 2018 · 5743628 · 5743628
2 parents 17056b1 + bfd73ed
commit 5743628
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 8 deletions.
diff --git a/src/lib/searcher/index.ts b/src/lib/searcher/index.ts
@@ -9,3 +9,4 @@ export { SecurityTrails } from "./securitytrails";
 export { Shodan } from "./shodan";
 export { Urlscan } from "./urlscan";
 export { VirusTotal } from "./virustotal";
+export { XForceExchange} from "./xforce-exchange";
diff --git a/src/lib/searcher/virustotal.ts b/src/lib/searcher/virustotal.ts
@@ -1,6 +1,5 @@
 import * as crypto from "crypto-js";
 import * as url from "url";
-import { Scanner } from "../scanner/scanner";
 import { Searcher } from "./searcher";
 
 export class VirusTotal implements Searcher {

diff --git a/src/lib/searcher/xforce-exchange.ts b/src/lib/searcher/xforce-exchange.ts
@@ -0,0 +1,25 @@
+import { Searcher } from "./searcher";
+
+export class XForceExchange implements Searcher {
+
+  public endpoint: string;
+  public name: string;
+  public supportedTypes: string[] = ["ip", "domain", "hash"];
+
+  constructor() {
+    this.endpoint = "https://exchange.xforce.ibmcloud.com";
+    this.name = "X-Force-Exchange";
+  }
+
+  public searchByIP(query) {
+    return `${this.endpoint}/ip/${query}`;
+  }
+
+  public searchByDomain(query) {
+    return `${this.endpoint}/url/${query}`;
+  }
+
+  public searchByHash(query) {
+    return `${this.endpoint}/malware/${query}`;
+  }
+}
diff --git a/src/lib/selector.ts b/src/lib/selector.ts
@@ -12,6 +12,7 @@ import {
   Shodan,
   Urlscan,
   VirusTotal,
+  XForceExchange,
 } from "./searcher";
 
 export interface AnalyzerEntry {
@@ -40,6 +41,7 @@ export class Selector {
     new Shodan(),
     new Urlscan(),
     new VirusTotal(),
+    new XForceExchange(),
   ];
 
   protected scanners: Scanner[] = [

diff --git a/src/spec/searcher/xforce-exchange.spec.ts b/src/spec/searcher/xforce-exchange.spec.ts
@@ -0,0 +1,26 @@
+import { expect } from "chai";
+import "mocha";
+import { XForceExchange } from "../../lib/searcher";
+
+describe("VirusTotal", () => {
+  const xforce = new XForceExchange();
+  describe("#searchByIP", () => {
+    it("should return URL", () => {
+      expect(xforce.searchByIP("1.1.1.1")).to.equal("https://exchange.xforce.ibmcloud.com/ip/1.1.1.1");
+    });
+  });
+  describe("#searchByDomain", () => {
+    it("should return URL", () => {
+      expect(xforce.searchByDomain("github.com")).
+        to.equal("https://exchange.xforce.ibmcloud.com/url/github.com");
+    });
+  });
+  describe("#searchByHash", () => {
+    it("should return URL", () => {
+      expect(xforce.searchByHash("44d88612fea8a8f36de82e1278abb02f")).
+        to.equal("https://exchange.xforce.ibmcloud.com/malware/44d88612fea8a8f36de82e1278abb02f");
+      expect(xforce.searchByHash("3395856ce81f2b7382dee72602f798b642f14140")).
+        to.equal("https://exchange.xforce.ibmcloud.com/malware/3395856ce81f2b7382dee72602f798b642f14140");
+    });
+  });
+});
diff --git a/src/spec/selector.spec.ts b/src/spec/selector.spec.ts
@@ -1,16 +1,16 @@
 import { expect } from "chai";
 import "mocha";
 import { AnalyzerEntry, Selector } from "../lib/selector";
-import { PublicWWW } from "../lib/searcher";
 
 describe("Seletor", () => {
   const stats = {
-    // domainbigdata, findsubdomains, pulsedive, securitytrails, urlscan, virustotal + text(3)
-    domain: 6,
-    // hybridanalysis, pulsedive, virustotal
-    hash: 3,
-    // securitytrails, pulsedive, urlscan
-    ip: 4,
+    // domainbigdata, findsubdomains, pulsedive, securitytrails
+    // urlscan, virustotal, xforce-exchange
+    domain: 7,
+    // hybridanalysis, pulsedive, virustotal, xforceexchange
+    hash: 4,
+    // securitytrails, pulsedive, urlscan, virustotal, xforceexchange
+    ip: 5,
     // shodan, censys, publicwww
     text: 3,
     // urlscan, pulsedive, virustotal