RubyGems - mihari - Versions diffs - 0.7.0 → 0.8.0 - Mend

mihari 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +13 -12
data/lib/mihari.rb +1 -0
data/lib/mihari/analyzers/securitytrails_domain_feed.rb +59 -0
data/lib/mihari/cli.rb +13 -0
data/lib/mihari/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 288de64c354401afb06966aeff20d8cbf16ad7c2fa7ba16fe3caffc473885a48
-  data.tar.gz: 70416695adc834d0cb3b52410fa9665a163708d2be6e3544dde41f821e37e88b
+  metadata.gz: 6117c49bfadf5c4d263727d684ac3f54f5296860078a8b65e4bdf9274574eaf7
+  data.tar.gz: f06c30c6abc0d61eda4beafa42be1f8034bea0478142fc0e15b36a4f3cde20ad
 SHA512:
-  metadata.gz: a6042c43edc0817d926683694ed98decc52d35b3177b312bd36d2573b818a99add3a3a8317ae08f5a7172249422335f266595382828428fde7e5ea7017205407
-  data.tar.gz: 51135d5070b5f1697e0a51495de13b2e34c4e1eea2f91989ea2ae5301e65d851f52e7a963edaa7d5480f83ef720f893de404ee32ee30c458353fa9a9b1ef392b
+  metadata.gz: e49d5771be75ef6277c3169abccd5cd67e349493c67fee2e1fbcd3e9b08d4c3bbc7855c78d7466017ef8f17b7356205acc1a50c43be83abfd5c3194d02115edc
+  data.tar.gz: f472ece83577e3c3e14297cb6b5b5349f8d9f906f8ba0d27ffbf4d8bf132dd0b3726877fa2a6d7f9770bce9a483d75c8154d0e7b058b3d9bb2ddfb7aa9390196

data/README.md CHANGED

@@ -34,22 +34,23 @@ gem install mihari
 ## Basic usage
-mihari supports Censys, Shodan, Onyphe, urlscan and VirusTotal by default.
+mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh and VirusTotal by default.
 ```bash
 $ mihari
 Commands:
-  mihari alerts                      # Show the alerts on TheHive
-  mihari censys [QUERY]              # Censys IPv4 lookup by a given query
-  mihari crtsh [QUERY]               # crt.sh lookup by a given query
-  mihari help [COMMAND]              # Describe available commands or one specific command
-  mihari import_from_json            # Give a JSON input via STDIN
-  mihari onyphe [QUERY]              # Onyphe datascan lookup by a given query
-  mihari securitytrails [IP|DOMAIN]  # SecurityTrails resolutions lookup by a given ip or domain
-  mihari shodan [QUERY]              # Shodan host lookup by a given query
-  mihari status                      # Show the current configuration status
-  mihari urlscan [QUERY]             # urlscan lookup by a given query
-  mihari virustotal [IP|DOMAIN]      # VirusTotal resolutions lookup by a given ip or domain
+  mihari alerts                               # Show the alerts on TheHive
+  mihari censys [QUERY]                       # Censys IPv4 lookup by a given query
+  mihari crtsh [QUERY]                        # crt.sh lookup by a given query
+  mihari help [COMMAND]                       # Describe available commands or one specific command
+  mihari import_from_json                     # Give a JSON input via STDIN
+  mihari onyphe [QUERY]                       # Onyphe datascan lookup by a given query
+  mihari securitytrails [IP|DOMAIN]           # SecurityTrails resolutions lookup by a given ip or domain
+  mihari securitytrails_domain_feed [REGEXP]  # SecurityTrails new domain feed lookup by a given regexp
+  mihari shodan [QUERY]                       # Shodan host lookup by a given query
+  mihari status                               # Show the current configuration status
+  mihari urlscan [QUERY]                      # urlscan lookup by a given query
+  mihari virustotal [IP|DOMAIN]               # VirusTotal resolutions lookup by a given ip or domain
 ```

data/lib/mihari.rb CHANGED

@@ -31,6 +31,7 @@ require "mihari/analyzers/censys"
 require "mihari/analyzers/crtsh"
 require "mihari/analyzers/onyphe"
 require "mihari/analyzers/securitytrails"
+require "mihari/analyzers/securitytrails_domain_feed"
 require "mihari/analyzers/shodan"
 require "mihari/analyzers/urlscan"
 require "mihari/analyzers/virustotal"

data/lib/mihari/analyzers/securitytrails_domain_feed.rb ADDED

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require "securitytrails"
+module Mihari
+  module Analyzers
+    class SecurityTrailsDomainFeed < Base
+      attr_reader :api
+      attr_reader :type
+      attr_reader :title
+      attr_reader :description
+      attr_reader :tags
+      def initialize(regexp, type: "registered", title: nil, description: nil, tags: [])
+        super()
+        @api = ::SecurityTrails::API.new
+        @_regexp = regexp
+        @type = type
+        raise ArgumentError, "#{@_regexp} is not a valid regexp" unless regexp
+        raise ArgumentError, "#{type} is not a valid type" unless valid_type?
+        @title = title || "SecurityTrails domain feed lookup"
+        @description = description || "Regexp = /#{@_regexp}/"
+        @tags = tags
+      end
+      def artifacts
+        lookup || []
+      end
+      private
+      def valid_type?
+        %w(all new registered).include? type
+      end
+      def regexp
+        @regexp ||= Regexp.compile(@_regexp)
+      rescue TypeError => _e
+        nil
+      end
+      def lookup
+        new_domains.select do |domain|
+          regexp.match? domain
+        end
+      rescue ::SecurityTrails::Error => _e
+        nil
+      end
+      def new_domains
+        api.feeds.domains type
+      end
+    end
+  end
+end

data/lib/mihari/cli.rb CHANGED

@@ -65,6 +65,19 @@ module Mihari
         run_analyzer Analyzers::SecurityTrails, query: indiactor, options: options
       end
     end
+    map "st" => :securitytrails
+    desc "securitytrails_domain_feed [REGEXP]", "SecurityTrails new domain feed lookup by a given regexp"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
+    method_option :tags, type: :array, desc: "tags"
+    method_option :type, type: :string, default: "registered", desc: "A type of domain feed ('all', 'new' or 'registered')"
+    def securitytrails_domain_feed(regexp)
+      with_error_handling do
+        run_analyzer Analyzers::SecurityTrailsDomainFeed, query: regexp, options: options
+      end
+    end
+    map "st_domain_feed" => :securitytrails_domain_feed
     desc "crtsh [QUERY]", "crt.sh lookup by a given query"
     method_option :title, type: :string, desc: "title"

data/lib/mihari/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "0.7.0"
+  VERSION = "0.8.0"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-03 00:00:00.000000000 Z
+date: 2019-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -332,6 +332,7 @@ files:
 - lib/mihari/analyzers/crtsh.rb
 - lib/mihari/analyzers/onyphe.rb
 - lib/mihari/analyzers/securitytrails.rb
+- lib/mihari/analyzers/securitytrails_domain_feed.rb
 - lib/mihari/analyzers/shodan.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb