RubyGems - mihari - Versions diffs - 0.17.4 → 1.1.1 - Mend

mihari 0.17.4 → 1.1.1

Files changed (53) hide show

checksums.yaml +4 -4
data/.gitignore +3 -0
data/.rubocop.yml +155 -0
data/.travis.yml +7 -1
data/Gemfile +2 -0
data/README.md +41 -72
data/config/pre_commit.yml +3 -0
data/docker/Dockerfile +1 -1
data/lib/mihari.rb +12 -8
data/lib/mihari/alert_viewer.rb +16 -34
data/lib/mihari/analyzers/base.rb +7 -19
data/lib/mihari/analyzers/basic.rb +3 -1
data/lib/mihari/analyzers/binaryedge.rb +3 -3
data/lib/mihari/analyzers/censys.rb +2 -2
data/lib/mihari/analyzers/circl.rb +2 -2
data/lib/mihari/analyzers/onyphe.rb +3 -3
data/lib/mihari/analyzers/passivetotal.rb +2 -2
data/lib/mihari/analyzers/pulsedive.rb +2 -2
data/lib/mihari/analyzers/securitytrails.rb +2 -2
data/lib/mihari/analyzers/securitytrails_domain_feed.rb +2 -2
data/lib/mihari/analyzers/shodan.rb +2 -2
data/lib/mihari/analyzers/virustotal.rb +2 -2
data/lib/mihari/analyzers/zoomeye.rb +2 -2
data/lib/mihari/cli.rb +13 -4
data/lib/mihari/config.rb +68 -2
data/lib/mihari/configurable.rb +1 -1
data/lib/mihari/database.rb +68 -0
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/database.rb +29 -0
data/lib/mihari/emitters/misp.rb +8 -1
data/lib/mihari/emitters/slack.rb +4 -2
data/lib/mihari/emitters/stdout.rb +2 -1
data/lib/mihari/emitters/the_hive.rb +28 -14
data/lib/mihari/models/alert.rb +11 -0
data/lib/mihari/models/artifact.rb +27 -0
data/lib/mihari/models/tag.rb +10 -0
data/lib/mihari/models/tagging.rb +10 -0
data/lib/mihari/notifiers/slack.rb +7 -4
data/lib/mihari/serializers/alert.rb +12 -0
data/lib/mihari/serializers/artifact.rb +9 -0
data/lib/mihari/serializers/tag.rb +9 -0
data/lib/mihari/slack_monkeypatch.rb +16 -0
data/lib/mihari/status.rb +1 -1
data/lib/mihari/type_checker.rb +1 -1
data/lib/mihari/version.rb +1 -1
data/mihari.gemspec +13 -6
metadata +140 -36
data/lib/mihari/artifact.rb +0 -36
data/lib/mihari/cache.rb +0 -35
data/lib/mihari/the_hive.rb +0 -42
data/lib/mihari/the_hive/alert.rb +0 -25
data/lib/mihari/the_hive/artifact.rb +0 -33
data/lib/mihari/the_hive/base.rb +0 -14

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  class Artifact
-    attr_reader :data
-    #
-    # @param [String] data
-    # @param [String, nil] message
-    #
-    def initialize(data, message: nil)
-      @data = data
-      @message = message
-    end
-    # @return [String, nil]
-    def data_type
-      TypeChecker.type data
-    end
-    # @return [String]
-    def message
-      @mesasge || data
-    end
-    # @return [true, false]
-    def valid?
-      !data_type.nil?
-    end
-    # @return [Hash]
-    def to_h
-      { data: data, data_type: data_type, message: message }
-    end
-  end
-end

data/lib/mihari/cache.rb DELETED

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-require "lightly"
-module Mihari
-  class Cache
-    DEFAULT_CACHE_DIR = "/tmp/mihari"
-    def initialize
-      @data = Lightly.new(life: "7d", dir: DEFAULT_CACHE_DIR)
-    end
-    def cached?(key)
-      return false unless @data.enabled?
-      begin
-        @data.cached? key
-      rescue Errno::ENOENT => _e
-        false
-      end
-    end
-    def save(*keys)
-      return unless @data.enabled?
-      begin
-        keys.flatten.each do |key|
-          @data.save key, true
-        end
-      rescue Errno::ENOENT => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/the_hive.rb DELETED

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-require "net/ping"
-require "uri"
-module Mihari
-  class TheHive
-    attr_reader :artifact
-    attr_reader :alert
-    def initialize
-      @artifact = Artifact.new
-      @alert = Alert.new
-    end
-    # @return [true, false]
-    def valid?
-      api_endpont? && api_key? && ping?
-    end
-    private
-    # @return [true, false]
-    def api_endpont?
-      ENV.key? "THEHIVE_API_ENDPOINT"
-    end
-    # @return [true, false]
-    def api_key?
-      ENV.key? "THEHIVE_API_KEY"
-    end
-    def ping?
-      base_url = ENV.fetch("THEHIVE_API_ENDPOINT")
-      base_url = base_url.end_with?("/") ? base_url[0..-2] : base_url
-      url = "#{base_url}/index.html"
-      http = Net::Ping::HTTP.new(url)
-      http.ping?
-    end
-  end
-end

data/lib/mihari/the_hive/alert.rb DELETED

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  class TheHive
-    class Alert < Base
-      # @return [Array]
-      def list(range: "all", sort: "-date")
-        alerts = api.alert.search({ source: "mihari" }, range: range, sort: sort)
-        alerts.sort_by { |alert| -alert.dig("createdAt") }
-      end
-      # @return [Hash]
-      def create(title:, description:, artifacts:, tags: [])
-        api.alert.create(
-          title: title,
-          description: description,
-          artifacts: artifacts,
-          tags: tags,
-          type: "external",
-          source: "mihari"
-        )
-      end
-    end
-  end
-end

data/lib/mihari/the_hive/artifact.rb DELETED

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  class TheHive
-    class Artifact < Base
-      # @return [Array]
-      def search(data:, data_type:, range: "all")
-        api.artifact.search({ data: data, data_type: data_type }, range: range)
-      end
-      # @return [Array]
-      def search_all(data:, range: "all")
-        api.artifact.search({ data: data }, range: range)
-      end
-      # @return [true, false]
-      def exists?(data:, data_type:)
-        res = search(data: data, data_type: data_type, range: "0-1")
-        !res.empty?
-      end
-      # @return [Array<Mihari::Artifact>]
-      def find_non_existing_artifacts(artifacts)
-        data = artifacts.map(&:data)
-        results = search_all(data: data)
-        keys = results.map { |result| result.dig("data") }.compact.uniq
-        artifacts.reject do |artifact|
-          keys.include? artifact.data
-        end
-      end
-    end
-  end
-end

data/lib/mihari/the_hive/base.rb DELETED

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-require "hachi"
-module Mihari
-  class TheHive
-    class Base
-      # @return [Hachi::API]
-      def api
-        @api ||= Hachi::API.new
-      end
-    end
-  end
-end