mihari 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 288de64c354401afb06966aeff20d8cbf16ad7c2fa7ba16fe3caffc473885a48
4
- data.tar.gz: 70416695adc834d0cb3b52410fa9665a163708d2be6e3544dde41f821e37e88b
3
+ metadata.gz: 6117c49bfadf5c4d263727d684ac3f54f5296860078a8b65e4bdf9274574eaf7
4
+ data.tar.gz: f06c30c6abc0d61eda4beafa42be1f8034bea0478142fc0e15b36a4f3cde20ad
5
5
  SHA512:
6
- metadata.gz: a6042c43edc0817d926683694ed98decc52d35b3177b312bd36d2573b818a99add3a3a8317ae08f5a7172249422335f266595382828428fde7e5ea7017205407
7
- data.tar.gz: 51135d5070b5f1697e0a51495de13b2e34c4e1eea2f91989ea2ae5301e65d851f52e7a963edaa7d5480f83ef720f893de404ee32ee30c458353fa9a9b1ef392b
6
+ metadata.gz: e49d5771be75ef6277c3169abccd5cd67e349493c67fee2e1fbcd3e9b08d4c3bbc7855c78d7466017ef8f17b7356205acc1a50c43be83abfd5c3194d02115edc
7
+ data.tar.gz: f472ece83577e3c3e14297cb6b5b5349f8d9f906f8ba0d27ffbf4d8bf132dd0b3726877fa2a6d7f9770bce9a483d75c8154d0e7b058b3d9bb2ddfb7aa9390196
data/README.md CHANGED
@@ -34,22 +34,23 @@ gem install mihari
34
34
 
35
35
  ## Basic usage
36
36
 
37
- mihari supports Censys, Shodan, Onyphe, urlscan and VirusTotal by default.
37
+ mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh and VirusTotal by default.
38
38
 
39
39
  ```bash
40
40
  $ mihari
41
41
  Commands:
42
- mihari alerts # Show the alerts on TheHive
43
- mihari censys [QUERY] # Censys IPv4 lookup by a given query
44
- mihari crtsh [QUERY] # crt.sh lookup by a given query
45
- mihari help [COMMAND] # Describe available commands or one specific command
46
- mihari import_from_json # Give a JSON input via STDIN
47
- mihari onyphe [QUERY] # Onyphe datascan lookup by a given query
48
- mihari securitytrails [IP|DOMAIN] # SecurityTrails resolutions lookup by a given ip or domain
49
- mihari shodan [QUERY] # Shodan host lookup by a given query
50
- mihari status # Show the current configuration status
51
- mihari urlscan [QUERY] # urlscan lookup by a given query
52
- mihari virustotal [IP|DOMAIN] # VirusTotal resolutions lookup by a given ip or domain
42
+ mihari alerts # Show the alerts on TheHive
43
+ mihari censys [QUERY] # Censys IPv4 lookup by a given query
44
+ mihari crtsh [QUERY] # crt.sh lookup by a given query
45
+ mihari help [COMMAND] # Describe available commands or one specific command
46
+ mihari import_from_json # Give a JSON input via STDIN
47
+ mihari onyphe [QUERY] # Onyphe datascan lookup by a given query
48
+ mihari securitytrails [IP|DOMAIN] # SecurityTrails resolutions lookup by a given ip or domain
49
+ mihari securitytrails_domain_feed [REGEXP] # SecurityTrails new domain feed lookup by a given regexp
50
+ mihari shodan [QUERY] # Shodan host lookup by a given query
51
+ mihari status # Show the current configuration status
52
+ mihari urlscan [QUERY] # urlscan lookup by a given query
53
+ mihari virustotal [IP|DOMAIN] # VirusTotal resolutions lookup by a given ip or domain
53
54
 
54
55
  ```
55
56
 
@@ -31,6 +31,7 @@ require "mihari/analyzers/censys"
31
31
  require "mihari/analyzers/crtsh"
32
32
  require "mihari/analyzers/onyphe"
33
33
  require "mihari/analyzers/securitytrails"
34
+ require "mihari/analyzers/securitytrails_domain_feed"
34
35
  require "mihari/analyzers/shodan"
35
36
  require "mihari/analyzers/urlscan"
36
37
  require "mihari/analyzers/virustotal"
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "securitytrails"
4
+
5
+ module Mihari
6
+ module Analyzers
7
+ class SecurityTrailsDomainFeed < Base
8
+ attr_reader :api
9
+ attr_reader :type
10
+
11
+ attr_reader :title
12
+ attr_reader :description
13
+ attr_reader :tags
14
+
15
+ def initialize(regexp, type: "registered", title: nil, description: nil, tags: [])
16
+ super()
17
+
18
+ @api = ::SecurityTrails::API.new
19
+ @_regexp = regexp
20
+ @type = type
21
+
22
+ raise ArgumentError, "#{@_regexp} is not a valid regexp" unless regexp
23
+ raise ArgumentError, "#{type} is not a valid type" unless valid_type?
24
+
25
+ @title = title || "SecurityTrails domain feed lookup"
26
+ @description = description || "Regexp = /#{@_regexp}/"
27
+ @tags = tags
28
+ end
29
+
30
+ def artifacts
31
+ lookup || []
32
+ end
33
+
34
+ private
35
+
36
+ def valid_type?
37
+ %w(all new registered).include? type
38
+ end
39
+
40
+ def regexp
41
+ @regexp ||= Regexp.compile(@_regexp)
42
+ rescue TypeError => _e
43
+ nil
44
+ end
45
+
46
+ def lookup
47
+ new_domains.select do |domain|
48
+ regexp.match? domain
49
+ end
50
+ rescue ::SecurityTrails::Error => _e
51
+ nil
52
+ end
53
+
54
+ def new_domains
55
+ api.feeds.domains type
56
+ end
57
+ end
58
+ end
59
+ end
@@ -65,6 +65,19 @@ module Mihari
65
65
  run_analyzer Analyzers::SecurityTrails, query: indiactor, options: options
66
66
  end
67
67
  end
68
+ map "st" => :securitytrails
69
+
70
+ desc "securitytrails_domain_feed [REGEXP]", "SecurityTrails new domain feed lookup by a given regexp"
71
+ method_option :title, type: :string, desc: "title"
72
+ method_option :description, type: :string, desc: "description"
73
+ method_option :tags, type: :array, desc: "tags"
74
+ method_option :type, type: :string, default: "registered", desc: "A type of domain feed ('all', 'new' or 'registered')"
75
+ def securitytrails_domain_feed(regexp)
76
+ with_error_handling do
77
+ run_analyzer Analyzers::SecurityTrailsDomainFeed, query: regexp, options: options
78
+ end
79
+ end
80
+ map "st_domain_feed" => :securitytrails_domain_feed
68
81
 
69
82
  desc "crtsh [QUERY]", "crt.sh lookup by a given query"
70
83
  method_option :title, type: :string, desc: "title"
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "0.7.0"
4
+ VERSION = "0.8.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-09-03 00:00:00.000000000 Z
11
+ date: 2019-09-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -332,6 +332,7 @@ files:
332
332
  - lib/mihari/analyzers/crtsh.rb
333
333
  - lib/mihari/analyzers/onyphe.rb
334
334
  - lib/mihari/analyzers/securitytrails.rb
335
+ - lib/mihari/analyzers/securitytrails_domain_feed.rb
335
336
  - lib/mihari/analyzers/shodan.rb
336
337
  - lib/mihari/analyzers/urlscan.rb
337
338
  - lib/mihari/analyzers/virustotal.rb