mihari 0.17.5 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.rubocop.yml +155 -0
- data/.travis.yml +1 -0
- data/Gemfile +2 -0
- data/README.md +30 -72
- data/config/pre_commit.yml +3 -0
- data/lib/mihari.rb +12 -8
- data/lib/mihari/alert_viewer.rb +6 -28
- data/lib/mihari/analyzers/base.rb +7 -19
- data/lib/mihari/analyzers/basic.rb +3 -1
- data/lib/mihari/analyzers/binaryedge.rb +2 -2
- data/lib/mihari/analyzers/censys.rb +2 -2
- data/lib/mihari/analyzers/circl.rb +2 -2
- data/lib/mihari/analyzers/onyphe.rb +3 -3
- data/lib/mihari/analyzers/passivetotal.rb +2 -2
- data/lib/mihari/analyzers/pulsedive.rb +2 -2
- data/lib/mihari/analyzers/securitytrails.rb +2 -2
- data/lib/mihari/analyzers/securitytrails_domain_feed.rb +2 -2
- data/lib/mihari/analyzers/shodan.rb +2 -2
- data/lib/mihari/analyzers/virustotal.rb +2 -2
- data/lib/mihari/analyzers/zoomeye.rb +2 -2
- data/lib/mihari/cli.rb +2 -2
- data/lib/mihari/config.rb +68 -2
- data/lib/mihari/configurable.rb +1 -1
- data/lib/mihari/database.rb +45 -0
- data/lib/mihari/emitters/base.rb +1 -1
- data/lib/mihari/emitters/misp.rb +8 -1
- data/lib/mihari/emitters/slack.rb +2 -2
- data/lib/mihari/emitters/sqlite.rb +29 -0
- data/lib/mihari/emitters/stdout.rb +2 -1
- data/lib/mihari/emitters/the_hive.rb +28 -14
- data/lib/mihari/models/alert.rb +11 -0
- data/lib/mihari/models/artifact.rb +27 -0
- data/lib/mihari/models/tag.rb +10 -0
- data/lib/mihari/models/tagging.rb +10 -0
- data/lib/mihari/notifiers/slack.rb +4 -4
- data/lib/mihari/serializers/alert.rb +12 -0
- data/lib/mihari/serializers/artifact.rb +9 -0
- data/lib/mihari/serializers/tag.rb +9 -0
- data/lib/mihari/status.rb +1 -1
- data/lib/mihari/type_checker.rb +1 -1
- data/lib/mihari/version.rb +1 -1
- data/mihari.gemspec +11 -5
- metadata +120 -31
- data/lib/mihari/artifact.rb +0 -36
- data/lib/mihari/cache.rb +0 -35
- data/lib/mihari/the_hive.rb +0 -42
- data/lib/mihari/the_hive/alert.rb +0 -25
- data/lib/mihari/the_hive/artifact.rb +0 -33
- data/lib/mihari/the_hive/base.rb +0 -14
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_record"
|
4
|
+
|
5
|
+
class ArtifactValidator < ActiveModel::Validator
|
6
|
+
def validate(record)
|
7
|
+
return if record.data_type
|
8
|
+
|
9
|
+
record.errors[:data] << "#{record.data} is not supported"
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module Mihari
|
14
|
+
class Artifact < ActiveRecord::Base
|
15
|
+
include ActiveModel::Validations
|
16
|
+
validates_with ArtifactValidator
|
17
|
+
|
18
|
+
def initialize(attributes)
|
19
|
+
super
|
20
|
+
self.data_type = TypeChecker.type(data)
|
21
|
+
end
|
22
|
+
|
23
|
+
def unique?
|
24
|
+
self.class.find_by(data: data).nil?
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -8,15 +8,15 @@ module Mihari
|
|
8
8
|
DEFAULT_USERNAME = "mihari"
|
9
9
|
|
10
10
|
def slack_channel
|
11
|
-
|
11
|
+
Mihari.config.slack_channel || "#general"
|
12
12
|
end
|
13
13
|
|
14
14
|
def slack_webhook_url
|
15
|
-
|
15
|
+
Mihari.config.slack_webhook_url
|
16
16
|
end
|
17
17
|
|
18
18
|
def slack_webhook_url?
|
19
|
-
|
19
|
+
!Mihari.config.slack_webhook_url.nil?
|
20
20
|
end
|
21
21
|
|
22
22
|
def valid?
|
@@ -25,7 +25,7 @@ module Mihari
|
|
25
25
|
|
26
26
|
def notify(text:, attachments: [], mrkdwn: true)
|
27
27
|
notifier = ::Slack::Notifier.new(slack_webhook_url, channel: slack_channel, username: DEFAULT_USERNAME)
|
28
|
-
notifier.post(text: text, attachments: attachments, mrkdwn:
|
28
|
+
notifier.post(text: text, attachments: attachments, mrkdwn: mrkdwn)
|
29
29
|
end
|
30
30
|
end
|
31
31
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_model_serializers"
|
4
|
+
|
5
|
+
module Mihari
|
6
|
+
class AlertSerializer < ActiveModel::Serializer
|
7
|
+
attributes :title, :description, :source, :created_at
|
8
|
+
|
9
|
+
has_many :artifacts
|
10
|
+
has_many :tags, through: :taggings
|
11
|
+
end
|
12
|
+
end
|
data/lib/mihari/status.rb
CHANGED
data/lib/mihari/type_checker.rb
CHANGED
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
@@ -26,27 +26,32 @@ Gem::Specification.new do |spec|
|
|
26
26
|
|
27
27
|
spec.add_development_dependency "bundler", "~> 2.1"
|
28
28
|
spec.add_development_dependency "coveralls", "~> 0.8"
|
29
|
-
spec.add_development_dependency "
|
29
|
+
spec.add_development_dependency "execjs", "~> 2.0"
|
30
|
+
spec.add_development_dependency "fakefs", "~> 1.2"
|
31
|
+
spec.add_development_dependency "pre-commit", "~> 0.39"
|
30
32
|
spec.add_development_dependency "rake", "~> 13.0"
|
31
33
|
spec.add_development_dependency "rspec", "~> 3.9"
|
34
|
+
spec.add_development_dependency "rubocop", "~> 0.82"
|
35
|
+
spec.add_development_dependency "rubocop-performance", "~> 1.5"
|
32
36
|
spec.add_development_dependency "timecop", "~> 0.9"
|
33
|
-
spec.add_development_dependency "vcr", "~> 5.
|
37
|
+
spec.add_development_dependency "vcr", "~> 5.1"
|
34
38
|
spec.add_development_dependency "webmock", "~> 3.8"
|
35
39
|
|
40
|
+
spec.add_dependency "active_model_serializers", "~> 0.10"
|
41
|
+
spec.add_dependency "activerecord", "~> 6.0"
|
36
42
|
spec.add_dependency "addressable", "~> 2.7"
|
37
43
|
spec.add_dependency "binaryedge", "~> 0.1"
|
38
44
|
spec.add_dependency "censu", "~> 0.2"
|
39
|
-
spec.add_dependency "crtsh-rb", "~> 0.
|
45
|
+
spec.add_dependency "crtsh-rb", "~> 0.3"
|
40
46
|
spec.add_dependency "dnpedia", "~> 0.1"
|
41
47
|
spec.add_dependency "dnstwister", "~> 0.1"
|
42
48
|
spec.add_dependency "email_address", "~> 0.1"
|
43
49
|
spec.add_dependency "hachi", "~> 0.3"
|
44
|
-
spec.add_dependency "lightly", "~> 0.3"
|
45
50
|
spec.add_dependency "mem", "~> 0.1"
|
46
51
|
spec.add_dependency "misp", "~> 0.1"
|
47
52
|
spec.add_dependency "murmurhash3", "~> 0.1"
|
48
53
|
spec.add_dependency "net-ping", "~> 2.0"
|
49
|
-
spec.add_dependency "onyphe", "~>
|
54
|
+
spec.add_dependency "onyphe", "~> 2.0"
|
50
55
|
spec.add_dependency "parallel", "~> 1.19"
|
51
56
|
spec.add_dependency "passive_circl", "~> 0.1"
|
52
57
|
spec.add_dependency "passivetotalx", "~> 0.1"
|
@@ -55,6 +60,7 @@ Gem::Specification.new do |spec|
|
|
55
60
|
spec.add_dependency "securitytrails", "~> 1.0"
|
56
61
|
spec.add_dependency "shodanx", "~> 0.2"
|
57
62
|
spec.add_dependency "slack-notifier", "~> 2.3"
|
63
|
+
spec.add_dependency "sqlite3", "~> 1.4"
|
58
64
|
spec.add_dependency "thor", "~> 1.0"
|
59
65
|
spec.add_dependency "urlscan", "~> 0.5"
|
60
66
|
spec.add_dependency "virustotalx", "~> 1.1"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mihari
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-05-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -38,20 +38,48 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0.8'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: execjs
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '2.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '2.0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: fakefs
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
59
|
- - "~>"
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version: '1.
|
61
|
+
version: '1.2'
|
48
62
|
type: :development
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
66
|
- - "~>"
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version: '1.
|
68
|
+
version: '1.2'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: pre-commit
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.39'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.39'
|
55
83
|
- !ruby/object:Gem::Dependency
|
56
84
|
name: rake
|
57
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +108,34 @@ dependencies:
|
|
80
108
|
- - "~>"
|
81
109
|
- !ruby/object:Gem::Version
|
82
110
|
version: '3.9'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rubocop
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0.82'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0.82'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rubocop-performance
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '1.5'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '1.5'
|
83
139
|
- !ruby/object:Gem::Dependency
|
84
140
|
name: timecop
|
85
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +156,14 @@ dependencies:
|
|
100
156
|
requirements:
|
101
157
|
- - "~>"
|
102
158
|
- !ruby/object:Gem::Version
|
103
|
-
version: '5.
|
159
|
+
version: '5.1'
|
104
160
|
type: :development
|
105
161
|
prerelease: false
|
106
162
|
version_requirements: !ruby/object:Gem::Requirement
|
107
163
|
requirements:
|
108
164
|
- - "~>"
|
109
165
|
- !ruby/object:Gem::Version
|
110
|
-
version: '5.
|
166
|
+
version: '5.1'
|
111
167
|
- !ruby/object:Gem::Dependency
|
112
168
|
name: webmock
|
113
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +178,34 @@ dependencies:
|
|
122
178
|
- - "~>"
|
123
179
|
- !ruby/object:Gem::Version
|
124
180
|
version: '3.8'
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: active_model_serializers
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - "~>"
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '0.10'
|
188
|
+
type: :runtime
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - "~>"
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '0.10'
|
195
|
+
- !ruby/object:Gem::Dependency
|
196
|
+
name: activerecord
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
198
|
+
requirements:
|
199
|
+
- - "~>"
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '6.0'
|
202
|
+
type: :runtime
|
203
|
+
prerelease: false
|
204
|
+
version_requirements: !ruby/object:Gem::Requirement
|
205
|
+
requirements:
|
206
|
+
- - "~>"
|
207
|
+
- !ruby/object:Gem::Version
|
208
|
+
version: '6.0'
|
125
209
|
- !ruby/object:Gem::Dependency
|
126
210
|
name: addressable
|
127
211
|
requirement: !ruby/object:Gem::Requirement
|
@@ -170,14 +254,14 @@ dependencies:
|
|
170
254
|
requirements:
|
171
255
|
- - "~>"
|
172
256
|
- !ruby/object:Gem::Version
|
173
|
-
version: '0.
|
257
|
+
version: '0.3'
|
174
258
|
type: :runtime
|
175
259
|
prerelease: false
|
176
260
|
version_requirements: !ruby/object:Gem::Requirement
|
177
261
|
requirements:
|
178
262
|
- - "~>"
|
179
263
|
- !ruby/object:Gem::Version
|
180
|
-
version: '0.
|
264
|
+
version: '0.3'
|
181
265
|
- !ruby/object:Gem::Dependency
|
182
266
|
name: dnpedia
|
183
267
|
requirement: !ruby/object:Gem::Requirement
|
@@ -234,20 +318,6 @@ dependencies:
|
|
234
318
|
- - "~>"
|
235
319
|
- !ruby/object:Gem::Version
|
236
320
|
version: '0.3'
|
237
|
-
- !ruby/object:Gem::Dependency
|
238
|
-
name: lightly
|
239
|
-
requirement: !ruby/object:Gem::Requirement
|
240
|
-
requirements:
|
241
|
-
- - "~>"
|
242
|
-
- !ruby/object:Gem::Version
|
243
|
-
version: '0.3'
|
244
|
-
type: :runtime
|
245
|
-
prerelease: false
|
246
|
-
version_requirements: !ruby/object:Gem::Requirement
|
247
|
-
requirements:
|
248
|
-
- - "~>"
|
249
|
-
- !ruby/object:Gem::Version
|
250
|
-
version: '0.3'
|
251
321
|
- !ruby/object:Gem::Dependency
|
252
322
|
name: mem
|
253
323
|
requirement: !ruby/object:Gem::Requirement
|
@@ -310,14 +380,14 @@ dependencies:
|
|
310
380
|
requirements:
|
311
381
|
- - "~>"
|
312
382
|
- !ruby/object:Gem::Version
|
313
|
-
version: '
|
383
|
+
version: '2.0'
|
314
384
|
type: :runtime
|
315
385
|
prerelease: false
|
316
386
|
version_requirements: !ruby/object:Gem::Requirement
|
317
387
|
requirements:
|
318
388
|
- - "~>"
|
319
389
|
- !ruby/object:Gem::Version
|
320
|
-
version: '
|
390
|
+
version: '2.0'
|
321
391
|
- !ruby/object:Gem::Dependency
|
322
392
|
name: parallel
|
323
393
|
requirement: !ruby/object:Gem::Requirement
|
@@ -430,6 +500,20 @@ dependencies:
|
|
430
500
|
- - "~>"
|
431
501
|
- !ruby/object:Gem::Version
|
432
502
|
version: '2.3'
|
503
|
+
- !ruby/object:Gem::Dependency
|
504
|
+
name: sqlite3
|
505
|
+
requirement: !ruby/object:Gem::Requirement
|
506
|
+
requirements:
|
507
|
+
- - "~>"
|
508
|
+
- !ruby/object:Gem::Version
|
509
|
+
version: '1.4'
|
510
|
+
type: :runtime
|
511
|
+
prerelease: false
|
512
|
+
version_requirements: !ruby/object:Gem::Requirement
|
513
|
+
requirements:
|
514
|
+
- - "~>"
|
515
|
+
- !ruby/object:Gem::Version
|
516
|
+
version: '1.4'
|
433
517
|
- !ruby/object:Gem::Dependency
|
434
518
|
name: thor
|
435
519
|
requirement: !ruby/object:Gem::Requirement
|
@@ -496,6 +580,7 @@ extra_rdoc_files: []
|
|
496
580
|
files:
|
497
581
|
- ".gitignore"
|
498
582
|
- ".rspec"
|
583
|
+
- ".rubocop.yml"
|
499
584
|
- ".travis.yml"
|
500
585
|
- Gemfile
|
501
586
|
- LICENSE
|
@@ -503,6 +588,7 @@ files:
|
|
503
588
|
- Rakefile
|
504
589
|
- bin/console
|
505
590
|
- bin/setup
|
591
|
+
- config/pre_commit.yml
|
506
592
|
- docker/Dockerfile
|
507
593
|
- examples/ipinfo_hosted_domains.rb
|
508
594
|
- exe/mihari
|
@@ -531,27 +617,30 @@ files:
|
|
531
617
|
- lib/mihari/analyzers/urlscan.rb
|
532
618
|
- lib/mihari/analyzers/virustotal.rb
|
533
619
|
- lib/mihari/analyzers/zoomeye.rb
|
534
|
-
- lib/mihari/artifact.rb
|
535
|
-
- lib/mihari/cache.rb
|
536
620
|
- lib/mihari/cli.rb
|
537
621
|
- lib/mihari/config.rb
|
538
622
|
- lib/mihari/configurable.rb
|
623
|
+
- lib/mihari/database.rb
|
539
624
|
- lib/mihari/emitters/base.rb
|
540
625
|
- lib/mihari/emitters/misp.rb
|
541
626
|
- lib/mihari/emitters/slack.rb
|
627
|
+
- lib/mihari/emitters/sqlite.rb
|
542
628
|
- lib/mihari/emitters/stdout.rb
|
543
629
|
- lib/mihari/emitters/the_hive.rb
|
544
630
|
- lib/mihari/errors.rb
|
545
631
|
- lib/mihari/html.rb
|
632
|
+
- lib/mihari/models/alert.rb
|
633
|
+
- lib/mihari/models/artifact.rb
|
634
|
+
- lib/mihari/models/tag.rb
|
635
|
+
- lib/mihari/models/tagging.rb
|
546
636
|
- lib/mihari/notifiers/base.rb
|
547
637
|
- lib/mihari/notifiers/exception_notifier.rb
|
548
638
|
- lib/mihari/notifiers/slack.rb
|
549
639
|
- lib/mihari/retriable.rb
|
640
|
+
- lib/mihari/serializers/alert.rb
|
641
|
+
- lib/mihari/serializers/artifact.rb
|
642
|
+
- lib/mihari/serializers/tag.rb
|
550
643
|
- lib/mihari/status.rb
|
551
|
-
- lib/mihari/the_hive.rb
|
552
|
-
- lib/mihari/the_hive/alert.rb
|
553
|
-
- lib/mihari/the_hive/artifact.rb
|
554
|
-
- lib/mihari/the_hive/base.rb
|
555
644
|
- lib/mihari/type_checker.rb
|
556
645
|
- lib/mihari/version.rb
|
557
646
|
- mihari.gemspec
|
@@ -578,7 +667,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
578
667
|
- !ruby/object:Gem::Version
|
579
668
|
version: '0'
|
580
669
|
requirements: []
|
581
|
-
rubygems_version: 3.
|
670
|
+
rubygems_version: 3.1.2
|
582
671
|
signing_key:
|
583
672
|
specification_version: 4
|
584
673
|
summary: A framework for continuous malicious hosts monitoring.
|