mihari 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8de738680ca57bdaf9ba336692c3cad0be84cfffc055eef2785fd7c1c3bf32d6
-  data.tar.gz: e6cda3a6e8d0f9c49728e6d04284332fe7f820287078e83fdd5cfa1ede4c27fc
+  metadata.gz: 4a0fd2207c7c92a24cbeda2fb328ecca19db331aa00132b3f6d361d6f8b4b6fd
+  data.tar.gz: 77b42d18d1509f6a33be27d38064298b726fa3244364d468714926d2878c3e89
 SHA512:
-  metadata.gz: '0238a0da4e31a5146aa4fc5b8ed16b012a9d874657e1ae69ede3ad0bc7ec6c95a74374160b6871e5eade40d90455f54c5522fe17b33d200e0898f7c748629619'
-  data.tar.gz: 9d60cae8a47366f44eebed73fc78ed0d21c239131636d87be6621af255b669b3ef5abb5649a4d3ae8ba77120f06939cf74bf52f78d07fa4535369bec426a88aa
+  metadata.gz: 14bbf6da4dffb24e0fb3c696bc664970a33784298b7fd09d24c9e792262b27a8eebd229fa1b0d17218e1116590acda49b56d4afff0bbc147c8c661dc545df811
+  data.tar.gz: 308620e95164284b5370985899ed524705b64808a2ceb073af404e619901a0dc00277653e2e0eb41e83d5a9db4678577436fe28a78c5e8accb2534dd5362ae22

data/README.md

@@ -10,10 +10,10 @@ mihari(`見張り`) is a sidekick tool for [TheHive](https://github.com/TheHive-
 
 ## How it works
 
-- mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts from the query results.
-- mihari checks whether a TheHive instance contains the artifacts or not.
+- mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts from the results.
+- mihari checks whether TheHive contains the artifacts or not.
   - If it doesn't contain the artifacts:
-    - mihari creates an alert with the artifacts on the TheHive instance.
+    - mihari creates an alert on TheHive.
     - mihari sends a notification to Slack. (Optional)
     - mihari creates an event on MISP. (Optional)
 
@@ -51,7 +51,7 @@ docker pull ninoseki/mihari
 
 ## Basic usage
 
-mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh, CIRCL passive DNS/SSL and VirusTotal by default.
+mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh, CIRCL passive DNS/SSL, PassiveTotal and VirusTotal by default.
 
 ```bash
 $ mihari
@@ -64,7 +64,8 @@ Commands:
   mihari help [COMMAND]                       # Describe available commands or one specific command
   mihari import_from_json                     # Give a JSON input via STDIN
   mihari onyphe [QUERY]                       # Onyphe datascan lookup by a given query
-  mihari securitytrails [IP|DOMAIN]           # SecurityTrails resolutions lookup by a given ip or domain
+  mihari passivetotal [IP|DOMAIN|EMAIL|SHA1]  # PassiveTotal lookup by a given ip / domain / email / SHA1 certificate fingerprint
+  mihari securitytrails [IP|DOMAIN|EMAIL]     # SecurityTrails lookup by a given ip, domain or email
   mihari securitytrails_domain_feed [REGEXP]  # SecurityTrails new domain feed lookup by a given regexp
   mihari shodan [QUERY]                       # Shodan host lookup by a given query
   mihari status                               # Show the current configuration status
@@ -157,9 +158,11 @@ All configuration is done via ENV variables.
 | SLACK_CHANNEL          | Slack channel name             | Optional (default: `#general`) |
 | CENSYS_ID              | Censys API ID                  | Optional                       |
 | CENSYS_SECRET          | Censys secret                  | Optional                       |
-| CIRCL_PASSIVE_USERNAME | CIRCL passive DNS/SSL username | Optional                       |
 | CIRCL_PASSIVE_PASSWORD | CIRC_ passive DNS/SSL password | Optional                       |
+| CIRCL_PASSIVE_USERNAME | CIRCL passive DNS/SSL username | Optional                       |
 | ONYPHE_API_KEY         | Onyphe API key                 | Optional                       |
+| PASSIVETOTAL_API_KEY   | PassiveTotal API key           | Optional                       |
+| PASSIVETOTAL_USERNAME  | PassiveTotal username          | Optional                       |
 | SECURITYTRAILS_API_KEY | SecurityTrails API key         | Optional                       |
 | SHODAN_API_KEY         | Shodan API key                 | Optional                       |
 | VIRUSTOTAL_API_KEY     | VirusTotal API key             | Optional                       |
@@ -220,20 +223,6 @@ mihari caches execution results in `/tmp/mihari` and the default cache duration
 
 ```bash
 $ docker run --rm ninoseki/mihari
-Commands:
-  mihari alerts                               # Show the alerts on TheHive
-  mihari censys [QUERY]                       # Censys IPv4 lookup by a given...
-  mihari crtsh [QUERY]                        # crt.sh lookup by a given query
-  mihari help [COMMAND]                       # Describe available commands o...
-  mihari import_from_json                     # Give a JSON input via STDIN
-  mihari onyphe [QUERY]                       # Onyphe datascan lookup by a g...
-  mihari securitytrails [IP|DOMAIN]           # SecurityTrails resolutions lo...
-  mihari securitytrails_domain_feed [REGEXP]  # SecurityTrails new domain fee...
-  mihari shodan [QUERY]                       # Shodan host lookup by a given...
-  mihari status                               # Show the current configuratio...
-  mihari urlscan [QUERY]                      # urlscan lookup by a given query
-  mihari virustotal [IP|DOMAIN]               # VirusTotal resolutions lookup...
-
 # Note that you should pass configurations via environment variables
 $ docker run --rm ninoseki/mihari -e THEHIVE_API_ENDPOINT="http://THEHIVE_URL" -e THEHIVE_API_KEY="API KEY" mihari
 # or

data/lib/mihari.rb

@@ -10,6 +10,11 @@ module Mihari
       []
     end
     memoize :emitters
+
+    def analyzers
+      []
+    end
+    memoize :analyzers
   end
 end
 
@@ -21,6 +26,8 @@ require "mihari/artifact"
 require "mihari/cache"
 require "mihari/type_checker"
 
+require "mihari/configurable"
+
 require "mihari/the_hive/base"
 require "mihari/the_hive/alert"
 require "mihari/the_hive/artifact"
@@ -33,6 +40,7 @@ require "mihari/analyzers/circl"
 require "mihari/analyzers/crtsh"
 require "mihari/analyzers/dnpedia"
 require "mihari/analyzers/onyphe"
+require "mihari/analyzers/passivetotal"
 require "mihari/analyzers/securitytrails_domain_feed"
 require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"

data/lib/mihari/analyzers/base.rb

@@ -5,10 +5,7 @@ require "parallel"
 module Mihari
   module Analyzers
     class Base
-      def initialize
-        @the_hive = TheHive.new
-        @cache = Cache.new
-      end
+      include Configurable
 
       # @return [Array<String>, Array<Mihari::Artifact>]
       def artifacts
@@ -47,8 +44,20 @@ module Mihari
         puts "Emission by #{emitter.class} is failed: #{e}"
       end
 
+      def self.inherited(child)
+        Mihari.analyzers << child
+      end
+
       private
 
+      def the_hive
+        @the_hive ||= TheHive.new
+      end
+
+      def cache
+        @cache ||= Cache.new
+      end
+
       # @return [Array<Mihari::Artifact>]
       def normalized_artifacts
         @normalized_artifacts ||= artifacts.map do |artifact|
@@ -58,15 +67,15 @@ module Mihari
 
       def uncached_artifacts
         @uncached_artifacts ||= normalized_artifacts.reject do |artifact|
-          @cache.cached? artifact.data
+          cache.cached? artifact.data
         end
       end
 
       # @return [Array<Mihari::Artifact>]
       def unique_artifacts
-        return uncached_artifacts unless @the_hive.valid?
+        return uncached_artifacts unless the_hive.valid?
 
-        @unique_artifacts ||= @the_hive.artifact.find_non_existing_artifacts(uncached_artifacts)
+        @unique_artifacts ||= the_hive.artifact.find_non_existing_artifacts(uncached_artifacts)
       end
 
       def set_unique_artifacts

data/lib/mihari/analyzers/basic.rb

@@ -3,14 +3,12 @@
 module Mihari
   module Analyzers
     class Basic < Base
-      attr_reader :title
+      attr_accessor :title
       attr_reader :description
       attr_reader :artifacts
       attr_reader :tags
 
       def initialize(title:, description:, artifacts:, tags: [])
-        super()
-
         @title = title
         @description = description
         @artifacts = artifacts

data/lib/mihari/analyzers/censys.rb

@@ -10,9 +10,6 @@ module Mihari
       attr_reader :query
       attr_reader :tags
 
-      CENSYS_ID_KEY = "CENSYS_ID"
-      CENSYS_SECRET_KEY = "CENSYS_SECRET"
-
       def initialize(query, title: nil, description: nil, tags: [])
         super()
 
@@ -24,34 +21,22 @@ module Mihari
 
       def artifacts
         ipv4s = []
+
         res = api.ipv4.search(query: query)
         res.each_page do |page|
-          page.each { |result| ipv4s << result.ip }
+          ipv4s << page.map(&:ip)
         end
 
-        ipv4s
-      end
-
-      # @return [true, false]
-      def valid?
-        censys_id? && censys_secret?
+        ipv4s.flatten
       end
 
       private
 
-      # @return [true, false]
-      def censys_id?
-        ENV.key? CENSYS_ID_KEY
-      end
-
-      # @return [true, false]
-      def censys_secret?
-        ENV.key? CENSYS_SECRET_KEY
+      def config_keys
+        %w(CENSYS_ID CENSYS_SECRET)
       end
 
       def api
-        raise ArgumentError, "#{CENSYS_ID_KEY} and #{CENSYS_SECRET_KEY} are required" unless valid?
-
         @api ||= ::Censys::API.new
       end
     end

data/lib/mihari/analyzers/circl.rb

@@ -26,6 +26,10 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(CIRCL_PASSIVE_USERNAME CIRCL_PASSIVE_PASSWORD)
+      end
+
       def api
         @api ||= ::PassiveCIRCL::API.new
       end

data/lib/mihari/analyzers/onyphe.rb

@@ -29,6 +29,10 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(ONYPHE_API_KEY)
+      end
+
       def api
         @api ||= ::Onyphe::API.new
       end

data/lib/mihari/analyzers/passivetotal.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require "passivetotal"
+
+module Mihari
+  module Analyzers
+    class PassiveTotal < Base
+      attr_reader :query
+      attr_reader :type
+
+      attr_reader :title
+      attr_reader :description
+      attr_reader :tags
+
+      def initialize(query, title: nil, description: nil, tags: [])
+        super()
+
+        @query = query
+        @type = TypeChecker.type(query)
+
+        @title = title || "PassiveTotal lookup"
+        @description = description || "query = #{query}"
+        @tags = tags
+      end
+
+      def artifacts
+        lookup || []
+      end
+
+      private
+
+      def config_keys
+        %w(PASSIVETOTAL_USERNAME PASSIVETOTAL_API_KEY)
+      end
+
+      def api
+        @api ||= ::PassiveTotal::API.new
+      end
+
+      def valid_type?
+        %w(ip domain mail).include? type
+      end
+
+      def lookup
+        case type
+        when "domain"
+          passive_dns_lookup
+        when "ip"
+          passive_dns_lookup
+        when "mail"
+          reverse_whois_lookup
+        when "hash"
+          ssl_lookup
+        else
+          raise ArgumentError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+        end
+      rescue ::PassiveTotal::Error => _e
+        nil
+      end
+
+      def passive_dns_lookup
+        res = api.dns.passive_unique(query)
+        res.dig("results") || []
+      end
+
+      def reverse_whois_lookup
+        res = api.whois.search(query: query, field: "email")
+        results = res.dig("results") || []
+        results.map do |result|
+          result.dig("domain")
+        end.flatten.compact.uniq
+      end
+
+      def ssl_lookup
+        res = api.ssl.history(query)
+        results = res.dig("results") || []
+        results.map do |result|
+          result.dig("ipAddresses")
+        end.flatten.compact.uniq
+      end
+    end
+  end
+end

data/lib/mihari/analyzers/securitytrails.rb

@@ -5,21 +5,21 @@ require "securitytrails"
 module Mihari
   module Analyzers
     class SecurityTrails < Base
-      attr_reader :indicator
+      attr_reader :query
       attr_reader :type
 
       attr_reader :title
       attr_reader :description
       attr_reader :tags
 
-      def initialize(indicator, title: nil, description: nil, tags: [])
+      def initialize(query, title: nil, description: nil, tags: [])
         super()
 
-        @indicator = indicator
-        @type = TypeChecker.type(indicator)
+        @query = query
+        @type = TypeChecker.type(query)
 
         @title = title || "SecurityTrails lookup"
-        @description = description || "indicator = #{indicator}"
+        @description = description || "query = #{query}"
         @tags = tags
       end
 
@@ -29,12 +29,16 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(SECURITYTRAILS_API_KEY)
+      end
+
       def api
         @api ||= ::SecurityTrails::API.new
       end
 
       def valid_type?
-        %w(ip domain).include? type
+        %w(ip domain mail).include? type
       end
 
       def lookup
@@ -43,28 +47,33 @@ module Mihari
           domain_lookup
         when "ip"
           ip_lookup
+        when "mail"
+          mail_lookup
         else
-          raise ArgumentError, "#{indicator}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+          raise ArgumentError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
         end
       rescue ::SecurityTrails::Error => _e
         nil
       end
 
       def domain_lookup
-        result = api.history.get_all_dns_history(indicator, "a").to_h
-        records = result.dig(:records) || []
+        result = api.history.get_all_dns_history(query, "a")
+        records = result.records || []
         records.map do |record|
-          values = record.dig(:values) || []
-          values.map { |value| value.dig(:ip) }
-        end.compact.flatten.uniq
+          (record.values || []).map(&:ip)
+        end.flatten.compact.uniq
       end
 
       def ip_lookup
-        result = api.domains.search( filter: { ipv4: indicator }).to_h
-        records = result.dig(:records) || []
-        records.map do |record|
-          record.dig(:hostname)
-        end.compact.uniq
+        result = api.domains.search( filter: { ipv4: query })
+        records = result.records || []
+        records.map(&:hostname).compact.uniq
+      end
+
+      def mail_lookup
+        result = api.domains.search( filter: { whois_email: query })
+        records = result.records || []
+        records.map(&:hostname).compact.uniq
       end
     end
   end

data/lib/mihari/analyzers/securitytrails_domain_feed.rb

@@ -31,6 +31,10 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(SECURITYTRAILS_API_KEY)
+      end
+
       def api
         @api ||= ::SecurityTrails::API.new
       end

data/lib/mihari/analyzers/shodan.rb

@@ -31,6 +31,10 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(SHODAN_API_KEY)
+      end
+
       def api
         @api ||= ::Shodan::API.new
       end

data/lib/mihari/analyzers/virustotal.rb

@@ -29,6 +29,10 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(VIRUSTOTAL_API_KEY)
+      end
+
       def api
         @api = ::VirusTotal::API.new
       end

data/lib/mihari/cli.rb

@@ -56,7 +56,7 @@ module Mihari
       end
     end
 
-    desc "securitytrails [IP|DOMAIN]", "SecurityTrails resolutions lookup by a given ip or domain"
+    desc "securitytrails [IP|DOMAIN|EMAIL]", "SecurityTrails lookup by a given ip, domain or email"
     method_option :title, type: :string, desc: "title"
     method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
@@ -109,6 +109,16 @@ module Mihari
       end
     end
 
+    desc "passivetotal [IP|DOMAIN|EMAIL|SHA1]", "PassiveTotal lookup by a given ip / domain / email / SHA1 certificate fingerprint"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
+    method_option :tags, type: :array, desc: "tags"
+    def passivetotal(query)
+      with_error_handling do
+        run_analyzer Analyzers::PassiveTotal, query: query, options: options
+      end
+    end
+
     desc "import_from_json", "Give a JSON input via STDIN"
     def import_from_json(input = nil)
       with_error_handling do

data/lib/mihari/configurable.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Configurable
+    def configured?
+      config_keys.all? { |key| ENV.key? key }
+    end
+
+    def configuration_status
+      return nil if config_keys.empty?
+
+      names = config_keys.join(" and ")
+      be_verb = config_keys.length == 1 ? "is" : "are"
+      status = configured? ? "found" : "missing"
+      "#{names} #{be_verb} #{status}"
+    end
+
+    def config_keys
+      []
+    end
+  end
+end

data/lib/mihari/emitters/base.rb

@@ -3,6 +3,8 @@
 module Mihari
   module Emitters
     class Base
+      include Configurable
+
       def self.inherited(child)
         Mihari.emitters << child
       end

data/lib/mihari/emitters/misp.rb

@@ -27,6 +27,10 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(MISP_API_ENDPOINT MISP_API_KEY)
+      end
+
       def build_attribute(artifact)
         ::MISP::Attribute.new(value: artifact.data, type: to_misp_type(type: artifact.data_type, value: artifact.data))
       end

data/lib/mihari/emitters/slack.rb

@@ -122,6 +122,12 @@ module Mihari
 
         notifier.notify(text: text, attachments: attachments)
       end
+
+      private
+
+      def config_keys
+        %w(SLACK_WEBHOOK_URL)
+      end
     end
   end
 end

data/lib/mihari/emitters/the_hive.rb

@@ -3,13 +3,6 @@
 module Mihari
   module Emitters
     class TheHive < Base
-      attr_reader :the_hive
-
-      def initialize
-        @the_hive = Mihari::TheHive.new
-        @cache = Cache.new
-      end
-
       # @return [true, false]
       def valid?
         the_hive.valid?
@@ -30,8 +23,20 @@ module Mihari
 
       private
 
+      def config_keys
+        %w(THEHIVE_API_ENDPOINT THEHIVE_API_KEY)
+      end
+
+      def the_hive
+        @the_hive ||= Mihari::TheHive.new
+      end
+
+      def cache
+        @cache ||= Cache.new
+      end
+
       def save_as_cache(data)
-        @cache.save data
+        cache.save data
       end
     end
   end

data/lib/mihari/status.rb

@@ -3,16 +3,7 @@
 module Mihari
   class Status
     def check
-      {
-        censys: { status: censys?, message: censys },
-        misp: { status: misp?, message: misp },
-        onyphe: { status: onyphe?, message: onyphe },
-        securitytrails: { status: securitytrails?, message: securitytrails },
-        shodan: { status: shodan?, message: shodan },
-        slack: { status: slack?, message: slack },
-        the_hive: { status: the_hive?, message: the_hive },
-        virustotal: { status: virustotal?, message: virustotal },
-      }.map do |key, value|
+      statuses.map do |key, value|
         [key, convert(value)]
       end.to_h
     end
@@ -30,68 +21,24 @@ module Mihari
       }
     end
 
-    def securitytrails?
-      ENV.key? "SECURITYTRAILS_API_KEY"
-    end
-
-    def securitytrails
-      securitytrails? ? "SECURITYTRAILS_API_KEY is found" : "SECURITYTRAILS_API_KEY is missing"
-    end
-
-    def virustotal?
-      ENV.key?("VIRUSTOTAL_API_KEY")
-    end
-
-    def virustotal
-      virustotal? ? "VIRUSTOTAL_API_KEY is found" : "VIRUSTOTAL_API_KEY is missing"
-    end
-
-    def onyphe?
-      ENV.key? "ONYPHE_API_KEY"
-    end
-
-    def onyphe
-      onyphe? ? "ONYPHE_API_KEY is found" : "ONYPHE_API_KEY is missing"
-    end
-
-    def censys?
-      ENV.key?("CENSYS_ID") && ENV.key?("CENSYS_SECRET")
-    end
-
-    def censys
-      censys? ? "CENSYS_ID and CENSYS_SECRET are found" : "CENSYS_ID and CENSYS_SECRET are missing"
-    end
+    def statuses
+      (Mihari.analyzers + Mihari.emitters).map do |klass|
+        name = klass.to_s.downcase.split("::").last.to_s
 
-    def shodan?
-      ENV.key? "SHODAN_API_KEY"
+        [name, build_status(klass)]
+      end.to_h.compact
     end
 
-    def shodan
-      shodan? ? "SHODAN_API_KEY is found" : "SHODAN_API_KEY is missing"
-    end
+    def build_status(klass)
+      is_analyzer = klass.ancestors.include?(Mihari::Analyzers::Base)
 
-    def slack?
-      ENV.key? "SLACK_WEBHOOK_URL"
-    end
-
-    def slack
-      slack? ? "SLACK_WEBHOOK_URL is found" : "SLACK_WEBHOOK_URL is missing"
-    end
-
-    def the_hive?
-      ENV.key?("THEHIVE_API_ENDPOINT") && ENV.key?("THEHIVE_API_KEY")
-    end
-
-    def the_hive
-      the_hive? ? "THEHIVE_API_ENDPOINT and THEHIVE_API_KEY are found" : "THEHIVE_API_ENDPOINT and THEHIVE_API_KEY are are missing"
-    end
-
-    def misp?
-      ENV.key?("MISP_API_ENDPOINT") && ENV.key?("MISP_API_KEY")
-    end
+      instance = is_analyzer ? klass.new("dummy") : klass.new
+      status = instance.configured?
+      message = instance.configuration_status
 
-    def misp
-      misp? ? "MISP_API_ENDPOINT and MISP_API_KEY are found" : "MISP_API_ENDPOINT and MISP_API_KEY are are missing"
+      message ? { status: status, message: message } : nil
+    rescue ArgumentError => _e
+      nil
     end
   end
 end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "0.10.0"
+  VERSION = "0.11.0"
 end

data/mihari.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "coveralls", "~> 0.8"
   spec.add_development_dependency "fakefs", "~> 0.20"
-  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.8"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 5.0"
@@ -44,8 +44,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency "misp", "~> 0.1"
   spec.add_dependency "net-ping", "~> 2.0"
   spec.add_dependency "onyphe", "~> 0.2"
-  spec.add_dependency "parallel", "~> 1.17"
+  spec.add_dependency "parallel", "~> 1.18"
   spec.add_dependency "passive_circl", "~> 0.1"
+  spec.add_dependency "passivetotalx", "~> 0.1"
   spec.add_dependency "public_suffix", "~> 4.0"
   spec.add_dependency "securitytrails", "~> 0.2"
   spec.add_dependency "shodanx", "~> 0.2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-10-01 00:00:00.000000000 Z
+date: 2019-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -282,14 +282,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '1.18'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '1.18'
 - !ruby/object:Gem::Dependency
   name: passive_circl
   requirement: !ruby/object:Gem::Requirement
@@ -304,6 +304,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: passivetotalx
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: public_suffix
   requirement: !ruby/object:Gem::Requirement
@@ -431,6 +445,7 @@ files:
 - lib/mihari/analyzers/crtsh.rb
 - lib/mihari/analyzers/dnpedia.rb
 - lib/mihari/analyzers/onyphe.rb
+- lib/mihari/analyzers/passivetotal.rb
 - lib/mihari/analyzers/securitytrails.rb
 - lib/mihari/analyzers/securitytrails_domain_feed.rb
 - lib/mihari/analyzers/shodan.rb
@@ -439,6 +454,7 @@ files:
 - lib/mihari/artifact.rb
 - lib/mihari/cache.rb
 - lib/mihari/cli.rb
+- lib/mihari/configurable.rb
 - lib/mihari/emitters/base.rb
 - lib/mihari/emitters/misp.rb
 - lib/mihari/emitters/slack.rb
@@ -479,7 +495,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: A framework for continuous malicious hosts monitoring.