mihari 0.7.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +13 -12
- data/lib/mihari.rb +1 -0
- data/lib/mihari/analyzers/securitytrails_domain_feed.rb +59 -0
- data/lib/mihari/cli.rb +13 -0
- data/lib/mihari/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6117c49bfadf5c4d263727d684ac3f54f5296860078a8b65e4bdf9274574eaf7
|
4
|
+
data.tar.gz: f06c30c6abc0d61eda4beafa42be1f8034bea0478142fc0e15b36a4f3cde20ad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e49d5771be75ef6277c3169abccd5cd67e349493c67fee2e1fbcd3e9b08d4c3bbc7855c78d7466017ef8f17b7356205acc1a50c43be83abfd5c3194d02115edc
|
7
|
+
data.tar.gz: f472ece83577e3c3e14297cb6b5b5349f8d9f906f8ba0d27ffbf4d8bf132dd0b3726877fa2a6d7f9770bce9a483d75c8154d0e7b058b3d9bb2ddfb7aa9390196
|
data/README.md
CHANGED
@@ -34,22 +34,23 @@ gem install mihari
|
|
34
34
|
|
35
35
|
## Basic usage
|
36
36
|
|
37
|
-
mihari supports Censys, Shodan, Onyphe, urlscan and VirusTotal by default.
|
37
|
+
mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh and VirusTotal by default.
|
38
38
|
|
39
39
|
```bash
|
40
40
|
$ mihari
|
41
41
|
Commands:
|
42
|
-
mihari alerts
|
43
|
-
mihari censys [QUERY]
|
44
|
-
mihari crtsh [QUERY]
|
45
|
-
mihari help [COMMAND]
|
46
|
-
mihari import_from_json
|
47
|
-
mihari onyphe [QUERY]
|
48
|
-
mihari securitytrails [IP|DOMAIN]
|
49
|
-
mihari
|
50
|
-
mihari
|
51
|
-
mihari
|
52
|
-
mihari
|
42
|
+
mihari alerts # Show the alerts on TheHive
|
43
|
+
mihari censys [QUERY] # Censys IPv4 lookup by a given query
|
44
|
+
mihari crtsh [QUERY] # crt.sh lookup by a given query
|
45
|
+
mihari help [COMMAND] # Describe available commands or one specific command
|
46
|
+
mihari import_from_json # Give a JSON input via STDIN
|
47
|
+
mihari onyphe [QUERY] # Onyphe datascan lookup by a given query
|
48
|
+
mihari securitytrails [IP|DOMAIN] # SecurityTrails resolutions lookup by a given ip or domain
|
49
|
+
mihari securitytrails_domain_feed [REGEXP] # SecurityTrails new domain feed lookup by a given regexp
|
50
|
+
mihari shodan [QUERY] # Shodan host lookup by a given query
|
51
|
+
mihari status # Show the current configuration status
|
52
|
+
mihari urlscan [QUERY] # urlscan lookup by a given query
|
53
|
+
mihari virustotal [IP|DOMAIN] # VirusTotal resolutions lookup by a given ip or domain
|
53
54
|
|
54
55
|
```
|
55
56
|
|
data/lib/mihari.rb
CHANGED
@@ -31,6 +31,7 @@ require "mihari/analyzers/censys"
|
|
31
31
|
require "mihari/analyzers/crtsh"
|
32
32
|
require "mihari/analyzers/onyphe"
|
33
33
|
require "mihari/analyzers/securitytrails"
|
34
|
+
require "mihari/analyzers/securitytrails_domain_feed"
|
34
35
|
require "mihari/analyzers/shodan"
|
35
36
|
require "mihari/analyzers/urlscan"
|
36
37
|
require "mihari/analyzers/virustotal"
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "securitytrails"
|
4
|
+
|
5
|
+
module Mihari
|
6
|
+
module Analyzers
|
7
|
+
class SecurityTrailsDomainFeed < Base
|
8
|
+
attr_reader :api
|
9
|
+
attr_reader :type
|
10
|
+
|
11
|
+
attr_reader :title
|
12
|
+
attr_reader :description
|
13
|
+
attr_reader :tags
|
14
|
+
|
15
|
+
def initialize(regexp, type: "registered", title: nil, description: nil, tags: [])
|
16
|
+
super()
|
17
|
+
|
18
|
+
@api = ::SecurityTrails::API.new
|
19
|
+
@_regexp = regexp
|
20
|
+
@type = type
|
21
|
+
|
22
|
+
raise ArgumentError, "#{@_regexp} is not a valid regexp" unless regexp
|
23
|
+
raise ArgumentError, "#{type} is not a valid type" unless valid_type?
|
24
|
+
|
25
|
+
@title = title || "SecurityTrails domain feed lookup"
|
26
|
+
@description = description || "Regexp = /#{@_regexp}/"
|
27
|
+
@tags = tags
|
28
|
+
end
|
29
|
+
|
30
|
+
def artifacts
|
31
|
+
lookup || []
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def valid_type?
|
37
|
+
%w(all new registered).include? type
|
38
|
+
end
|
39
|
+
|
40
|
+
def regexp
|
41
|
+
@regexp ||= Regexp.compile(@_regexp)
|
42
|
+
rescue TypeError => _e
|
43
|
+
nil
|
44
|
+
end
|
45
|
+
|
46
|
+
def lookup
|
47
|
+
new_domains.select do |domain|
|
48
|
+
regexp.match? domain
|
49
|
+
end
|
50
|
+
rescue ::SecurityTrails::Error => _e
|
51
|
+
nil
|
52
|
+
end
|
53
|
+
|
54
|
+
def new_domains
|
55
|
+
api.feeds.domains type
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
data/lib/mihari/cli.rb
CHANGED
@@ -65,6 +65,19 @@ module Mihari
|
|
65
65
|
run_analyzer Analyzers::SecurityTrails, query: indiactor, options: options
|
66
66
|
end
|
67
67
|
end
|
68
|
+
map "st" => :securitytrails
|
69
|
+
|
70
|
+
desc "securitytrails_domain_feed [REGEXP]", "SecurityTrails new domain feed lookup by a given regexp"
|
71
|
+
method_option :title, type: :string, desc: "title"
|
72
|
+
method_option :description, type: :string, desc: "description"
|
73
|
+
method_option :tags, type: :array, desc: "tags"
|
74
|
+
method_option :type, type: :string, default: "registered", desc: "A type of domain feed ('all', 'new' or 'registered')"
|
75
|
+
def securitytrails_domain_feed(regexp)
|
76
|
+
with_error_handling do
|
77
|
+
run_analyzer Analyzers::SecurityTrailsDomainFeed, query: regexp, options: options
|
78
|
+
end
|
79
|
+
end
|
80
|
+
map "st_domain_feed" => :securitytrails_domain_feed
|
68
81
|
|
69
82
|
desc "crtsh [QUERY]", "crt.sh lookup by a given query"
|
70
83
|
method_option :title, type: :string, desc: "title"
|
data/lib/mihari/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mihari
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-09-
|
11
|
+
date: 2019-09-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -332,6 +332,7 @@ files:
|
|
332
332
|
- lib/mihari/analyzers/crtsh.rb
|
333
333
|
- lib/mihari/analyzers/onyphe.rb
|
334
334
|
- lib/mihari/analyzers/securitytrails.rb
|
335
|
+
- lib/mihari/analyzers/securitytrails_domain_feed.rb
|
335
336
|
- lib/mihari/analyzers/shodan.rb
|
336
337
|
- lib/mihari/analyzers/urlscan.rb
|
337
338
|
- lib/mihari/analyzers/virustotal.rb
|