diff --git a/src/lib/searcher/index.ts b/src/lib/searcher/index.ts index 83c2ab10..e4912939 100644 --- a/src/lib/searcher/index.ts +++ b/src/lib/searcher/index.ts @@ -9,3 +9,4 @@ export { SecurityTrails } from "./securitytrails"; export { Shodan } from "./shodan"; export { Urlscan } from "./urlscan"; export { VirusTotal } from "./virustotal"; +export { XForceExchange} from "./xforce-exchange"; diff --git a/src/lib/searcher/virustotal.ts b/src/lib/searcher/virustotal.ts index 3c7ab4ca..dcd91150 100644 --- a/src/lib/searcher/virustotal.ts +++ b/src/lib/searcher/virustotal.ts @@ -1,6 +1,5 @@ import * as crypto from "crypto-js"; import * as url from "url"; -import { Scanner } from "../scanner/scanner"; import { Searcher } from "./searcher"; export class VirusTotal implements Searcher { diff --git a/src/lib/searcher/xforce-exchange.ts b/src/lib/searcher/xforce-exchange.ts new file mode 100644 index 00000000..7bc231dc --- /dev/null +++ b/src/lib/searcher/xforce-exchange.ts @@ -0,0 +1,25 @@ +import { Searcher } from "./searcher"; + +export class XForceExchange implements Searcher { + + public endpoint: string; + public name: string; + public supportedTypes: string[] = ["ip", "domain", "hash"]; + + constructor() { + this.endpoint = "https://exchange.xforce.ibmcloud.com"; + this.name = "X-Force-Exchange"; + } + + public searchByIP(query) { + return `${this.endpoint}/ip/${query}`; + } + + public searchByDomain(query) { + return `${this.endpoint}/url/${query}`; + } + + public searchByHash(query) { + return `${this.endpoint}/malware/${query}`; + } +} diff --git a/src/lib/selector.ts b/src/lib/selector.ts index 0f6e6b63..46bc95c6 100644 --- a/src/lib/selector.ts +++ b/src/lib/selector.ts @@ -12,6 +12,7 @@ import { Shodan, Urlscan, VirusTotal, + XForceExchange, } from "./searcher"; export interface AnalyzerEntry { @@ -40,6 +41,7 @@ export class Selector { new Shodan(), new Urlscan(), new VirusTotal(), + new XForceExchange(), ]; protected scanners: Scanner[] = [ diff --git a/src/spec/searcher/xforce-exchange.spec.ts b/src/spec/searcher/xforce-exchange.spec.ts new file mode 100644 index 00000000..b93cac16 --- /dev/null +++ b/src/spec/searcher/xforce-exchange.spec.ts @@ -0,0 +1,26 @@ +import { expect } from "chai"; +import "mocha"; +import { XForceExchange } from "../../lib/searcher"; + +describe("VirusTotal", () => { + const xforce = new XForceExchange(); + describe("#searchByIP", () => { + it("should return URL", () => { + expect(xforce.searchByIP("1.1.1.1")).to.equal("https://exchange.xforce.ibmcloud.com/ip/1.1.1.1"); + }); + }); + describe("#searchByDomain", () => { + it("should return URL", () => { + expect(xforce.searchByDomain("github.com")). + to.equal("https://exchange.xforce.ibmcloud.com/url/github.com"); + }); + }); + describe("#searchByHash", () => { + it("should return URL", () => { + expect(xforce.searchByHash("44d88612fea8a8f36de82e1278abb02f")). + to.equal("https://exchange.xforce.ibmcloud.com/malware/44d88612fea8a8f36de82e1278abb02f"); + expect(xforce.searchByHash("3395856ce81f2b7382dee72602f798b642f14140")). + to.equal("https://exchange.xforce.ibmcloud.com/malware/3395856ce81f2b7382dee72602f798b642f14140"); + }); + }); +}); diff --git a/src/spec/selector.spec.ts b/src/spec/selector.spec.ts index 3a54dd35..55b74ab7 100644 --- a/src/spec/selector.spec.ts +++ b/src/spec/selector.spec.ts @@ -1,16 +1,16 @@ import { expect } from "chai"; import "mocha"; import { AnalyzerEntry, Selector } from "../lib/selector"; -import { PublicWWW } from "../lib/searcher"; describe("Seletor", () => { const stats = { - // domainbigdata, findsubdomains, pulsedive, securitytrails, urlscan, virustotal + text(3) - domain: 6, - // hybridanalysis, pulsedive, virustotal - hash: 3, - // securitytrails, pulsedive, urlscan - ip: 4, + // domainbigdata, findsubdomains, pulsedive, securitytrails + // urlscan, virustotal, xforce-exchange + domain: 7, + // hybridanalysis, pulsedive, virustotal, xforceexchange + hash: 4, + // securitytrails, pulsedive, urlscan, virustotal, xforceexchange + ip: 5, // shodan, censys, publicwww text: 3, // urlscan, pulsedive, virustotal