RubyGems - mihari - Versions diffs - 0.17.5 → 1.0.0 - Mend

mihari 0.17.5 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

checksums.yaml +4 -4
data/.gitignore +3 -0
data/.rubocop.yml +155 -0
data/.travis.yml +1 -0
data/Gemfile +2 -0
data/README.md +30 -72
data/config/pre_commit.yml +3 -0
data/lib/mihari.rb +12 -8
data/lib/mihari/alert_viewer.rb +6 -28
data/lib/mihari/analyzers/base.rb +7 -19
data/lib/mihari/analyzers/basic.rb +3 -1
data/lib/mihari/analyzers/binaryedge.rb +2 -2
data/lib/mihari/analyzers/censys.rb +2 -2
data/lib/mihari/analyzers/circl.rb +2 -2
data/lib/mihari/analyzers/onyphe.rb +3 -3
data/lib/mihari/analyzers/passivetotal.rb +2 -2
data/lib/mihari/analyzers/pulsedive.rb +2 -2
data/lib/mihari/analyzers/securitytrails.rb +2 -2
data/lib/mihari/analyzers/securitytrails_domain_feed.rb +2 -2
data/lib/mihari/analyzers/shodan.rb +2 -2
data/lib/mihari/analyzers/virustotal.rb +2 -2
data/lib/mihari/analyzers/zoomeye.rb +2 -2
data/lib/mihari/cli.rb +2 -2
data/lib/mihari/config.rb +68 -2
data/lib/mihari/configurable.rb +1 -1
data/lib/mihari/database.rb +45 -0
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +8 -1
data/lib/mihari/emitters/slack.rb +2 -2
data/lib/mihari/emitters/sqlite.rb +29 -0
data/lib/mihari/emitters/stdout.rb +2 -1
data/lib/mihari/emitters/the_hive.rb +28 -14
data/lib/mihari/models/alert.rb +11 -0
data/lib/mihari/models/artifact.rb +27 -0
data/lib/mihari/models/tag.rb +10 -0
data/lib/mihari/models/tagging.rb +10 -0
data/lib/mihari/notifiers/slack.rb +4 -4
data/lib/mihari/serializers/alert.rb +12 -0
data/lib/mihari/serializers/artifact.rb +9 -0
data/lib/mihari/serializers/tag.rb +9 -0
data/lib/mihari/status.rb +1 -1
data/lib/mihari/type_checker.rb +1 -1
data/lib/mihari/version.rb +1 -1
data/mihari.gemspec +11 -5
metadata +120 -31
data/lib/mihari/artifact.rb +0 -36
data/lib/mihari/cache.rb +0 -35
data/lib/mihari/the_hive.rb +0 -42
data/lib/mihari/the_hive/alert.rb +0 -25
data/lib/mihari/the_hive/artifact.rb +0 -33
data/lib/mihari/the_hive/base.rb +0 -14

data/lib/mihari/artifact.rb DELETED

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  class Artifact
-    attr_reader :data
-    #
-    # @param [String] data
-    # @param [String, nil] message
-    #
-    def initialize(data, message: nil)
-      @data = data
-      @message = message
-    end
-    # @return [String, nil]
-    def data_type
-      TypeChecker.type data
-    end
-    # @return [String]
-    def message
-      @mesasge || data
-    end
-    # @return [true, false]
-    def valid?
-      !data_type.nil?
-    end
-    # @return [Hash]
-    def to_h
-      { data: data, data_type: data_type, message: message }
-    end
-  end
-end

data/lib/mihari/cache.rb DELETED

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-require "lightly"
-module Mihari
-  class Cache
-    DEFAULT_CACHE_DIR = "/tmp/mihari"
-    def initialize
-      @data = Lightly.new(life: "7d", dir: DEFAULT_CACHE_DIR)
-    end
-    def cached?(key)
-      return false unless @data.enabled?
-      begin
-        @data.cached? key
-      rescue Errno::ENOENT => _e
-        false
-      end
-    end
-    def save(*keys)
-      return unless @data.enabled?
-      begin
-        keys.flatten.each do |key|
-          @data.save key, true
-        end
-      rescue Errno::ENOENT => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/the_hive.rb DELETED

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-require "net/ping"
-require "uri"
-module Mihari
-  class TheHive
-    attr_reader :artifact
-    attr_reader :alert
-    def initialize
-      @artifact = Artifact.new
-      @alert = Alert.new
-    end
-    # @return [true, false]
-    def valid?
-      api_endpont? && api_key? && ping?
-    end
-    private
-    # @return [true, false]
-    def api_endpont?
-      ENV.key? "THEHIVE_API_ENDPOINT"
-    end
-    # @return [true, false]
-    def api_key?
-      ENV.key? "THEHIVE_API_KEY"
-    end
-    def ping?
-      base_url = ENV.fetch("THEHIVE_API_ENDPOINT")
-      base_url = base_url.end_with?("/") ? base_url[0..-2] : base_url
-      url = "#{base_url}/index.html"
-      http = Net::Ping::HTTP.new(url)
-      http.ping?
-    end
-  end
-end

data/lib/mihari/the_hive/alert.rb DELETED

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  class TheHive
-    class Alert < Base
-      # @return [Array]
-      def list(range: "all", sort: "-date")
-        alerts = api.alert.search({ source: "mihari" }, range: range, sort: sort)
-        alerts.sort_by { |alert| -alert.dig("createdAt") }
-      end
-      # @return [Hash]
-      def create(title:, description:, artifacts:, tags: [])
-        api.alert.create(
-          title: title,
-          description: description,
-          artifacts: artifacts,
-          tags: tags,
-          type: "external",
-          source: "mihari"
-        )
-      end
-    end
-  end
-end

data/lib/mihari/the_hive/artifact.rb DELETED

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  class TheHive
-    class Artifact < Base
-      # @return [Array]
-      def search(data:, data_type:, range: "all")
-        api.artifact.search({ data: data, data_type: data_type }, range: range)
-      end
-      # @return [Array]
-      def search_all(data:, range: "all")
-        api.artifact.search({ data: data }, range: range)
-      end
-      # @return [true, false]
-      def exists?(data:, data_type:)
-        res = search(data: data, data_type: data_type, range: "0-1")
-        !res.empty?
-      end
-      # @return [Array<Mihari::Artifact>]
-      def find_non_existing_artifacts(artifacts)
-        data = artifacts.map(&:data)
-        results = search_all(data: data)
-        keys = results.map { |result| result.dig("data") }.compact.uniq
-        artifacts.reject do |artifact|
-          keys.include? artifact.data
-        end
-      end
-    end
-  end
-end

data/lib/mihari/the_hive/base.rb DELETED

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-require "hachi"
-module Mihari
-  class TheHive
-    class Base
-      # @return [Hachi::API]
-      def api
-        @api ||= Hachi::API.new
-      end
-    end
-  end
-end