mihari 1.1.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +19 -1
- data/docker/Dockerfile +2 -2
- data/lib/mihari.rb +2 -0
- data/lib/mihari/analyzers/binaryedge.rb +4 -0
- data/lib/mihari/analyzers/otx.rb +74 -0
- data/lib/mihari/analyzers/passive_dns.rb +2 -1
- data/lib/mihari/analyzers/shodan.rb +4 -0
- data/lib/mihari/analyzers/spyse.rb +77 -0
- data/lib/mihari/analyzers/urlscan.rb +5 -1
- data/lib/mihari/cli.rb +21 -0
- data/lib/mihari/config.rb +6 -0
- data/lib/mihari/emitters/slack.rb +2 -0
- data/lib/mihari/errors.rb +1 -0
- data/lib/mihari/notifiers/slack.rb +3 -0
- data/lib/mihari/retriable.rb +2 -2
- data/lib/mihari/slack_monkeypatch.rb +16 -0
- data/lib/mihari/version.rb +1 -1
- data/mihari.gemspec +6 -3
- data/renovate.json +5 -0
- metadata +57 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6ece49c7c528579aec4fec009765915a2afe72df87eca5c39ccb59a416a200c4
|
|
4
|
+
data.tar.gz: d4c595a7c38fb8e8b8350e38f90f572d8a74eef836817fea4ba21bb6893c3af3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ea5989d78febe490473a21c2c1958e96ea2f920eee5eee90c4521ca774c5fbd35b10efb41270adb1f5344189461afc010a2b38aec2aeae86d901e5dd7aea9d1
|
|
7
|
+
data.tar.gz: 3c18daec3b396ac0ec96cdb22cf444c8a12f1031189b68c90961bd24ccc8143e0682294b067ca21dd59115712f7d811aaf0352c6d27bf319dcce6e988b3362a9
|
data/README.md
CHANGED
|
@@ -33,6 +33,17 @@ Mihari is a helper to run queries & manage results continuously. Mihari can be u
|
|
|
33
33
|
|
|
34
34
|
|
|
35
35
|
|
|
36
|
+
## Requirements
|
|
37
|
+
|
|
38
|
+
- Ruby 2.6+
|
|
39
|
+
- SQLite3
|
|
40
|
+
- libpq
|
|
41
|
+
|
|
42
|
+
```bash
|
|
43
|
+
# For Debian / Ubuntu
|
|
44
|
+
apt-get install sqlite3 libsqlite3-dev libpq-dev
|
|
45
|
+
```
|
|
46
|
+
|
|
36
47
|
## Installation
|
|
37
48
|
|
|
38
49
|
```bash
|
|
@@ -56,9 +67,11 @@ Mihari supports the following services by default.
|
|
|
56
67
|
- [DN Pedia](https://dnpedia.com/)
|
|
57
68
|
- [dnstwister](https://dnstwister.report/)
|
|
58
69
|
- [Onyphe](https://onyphe.io)
|
|
70
|
+
- [OTX](https://otx.alienvault.com/)
|
|
59
71
|
- [PassiveTotal](https://community.riskiq.com/)
|
|
60
72
|
- [SecurityTrails](https://securitytrails.com/)
|
|
61
73
|
- [Shodan](https://shodan.io)
|
|
74
|
+
- [Spyse](https://spyse.com)
|
|
62
75
|
- [urlscan.io](https://urlscan.io)
|
|
63
76
|
- [VirusTotal](http://virustotal.com)
|
|
64
77
|
- [ZoomEye](https://zoomeye.org)
|
|
@@ -78,6 +91,7 @@ Commands:
|
|
|
78
91
|
mihari http_hash # Cross search with search engines by a hash of an HTTP response (SHA256, MD5 and MurmurHash3)
|
|
79
92
|
mihari import_from_json # Give a JSON input via STDIN
|
|
80
93
|
mihari onyphe [QUERY] # Onyphe datascan search by a query
|
|
94
|
+
mihari otx [IP|DOMAIN] # OTX lookup by an IP or domain
|
|
81
95
|
mihari passive_dns [IP|DOMAIN] # Cross search with passive DNS services by an ip or domain
|
|
82
96
|
mihari passive_ssl [SHA1] # Cross search with passive SSL services by an SHA1 certificate fingerprint
|
|
83
97
|
mihari passivetotal [IP|DOMAIN|EMAIL|SHA1] # PassiveTotal lookup by an ip, domain, email or SHA1 certificate fingerprint
|
|
@@ -86,6 +100,7 @@ Commands:
|
|
|
86
100
|
mihari securitytrails [IP|DOMAIN|EMAIL] # SecurityTrails lookup by an ip, domain or email
|
|
87
101
|
mihari securitytrails_domain_feed [REGEXP] # SecurityTrails new domain feed search by a regexp
|
|
88
102
|
mihari shodan [QUERY] # Shodan host search by a query
|
|
103
|
+
mihari spyse [QUERY] # Spyse search by a query
|
|
89
104
|
mihari ssh_fingerprint [FINGERPRINT] # Cross search with search engines by an SSH fingerprint (e.g. dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0)
|
|
90
105
|
mihari status # Show the current configuration status
|
|
91
106
|
mihari urlscan [QUERY] # urlscan search by a given query
|
|
@@ -105,7 +120,7 @@ You can get aggregated results by using the following commands.
|
|
|
105
120
|
|
|
106
121
|
| Command | Desc. |
|
|
107
122
|
|-----------------|---------------------------------------------------------------------------------------------------------|
|
|
108
|
-
| passive_dns | Passive DNS lookup with CIRCL passive DNS, PassiveTotal, Pulsedive, SecurityTrails and VirusTotal
|
|
123
|
+
| passive_dns | Passive DNS lookup with CIRCL passive DNS, OTX, PassiveTotal, Pulsedive, SecurityTrails and VirusTotal |
|
|
109
124
|
| passive_ssl | Passive SSL lookup with CIRCL passive SSL and PassiveTotal |
|
|
110
125
|
| reverse_whois | Revese Whois lookup with PassiveTotal and SecurityTrails |
|
|
111
126
|
| http_hash | HTTP response hash lookup with BinaryEdge(SHA256), Censys(SHA256), Onyphpe(MD5) and Shodan(MurmurHash3) |
|
|
@@ -200,6 +215,7 @@ Configuration can be done via environment variables or a YAML file.
|
|
|
200
215
|
| MISP_API_ENDPOINT | MISP URL | |
|
|
201
216
|
| MISP_API_KEY | MISP API key | |
|
|
202
217
|
| ONYPHE_API_KEY | Onyphe API key | |
|
|
218
|
+
| OTX_API_KEY | OTX API key | |
|
|
203
219
|
| PASSIVETOTAL_API_KEY | PassiveTotal API key | |
|
|
204
220
|
| PASSIVETOTAL_USERNAME | PassiveTotal username | |
|
|
205
221
|
| PULSEDIVE_API_KEY | Pulsedive API key | |
|
|
@@ -207,8 +223,10 @@ Configuration can be done via environment variables or a YAML file.
|
|
|
207
223
|
| SHODAN_API_KEY | Shodan API key | |
|
|
208
224
|
| SLACK_CHANNEL | Slack channel name | `#general` |
|
|
209
225
|
| SLACK_WEBHOOK_URL | Slack Webhook URL | |
|
|
226
|
+
| SPYSE_API_KEY | Spyse API key | |
|
|
210
227
|
| THEHIVE_API_ENDPOINT | TheHive URL | |
|
|
211
228
|
| THEHIVE_API_KEY | TheHive API key | |
|
|
229
|
+
| URLSCAN_API_KEY | urlscan.io API key | |
|
|
212
230
|
| VIRUSTOTAL_API_KEY | VirusTotal API key | |
|
|
213
231
|
| ZOOMEYE_PASSWORD | ZoomEye password | |
|
|
214
232
|
| ZOOMEYE_USERNAMME | ZoomEye username | |
|
data/docker/Dockerfile
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
FROM ruby:2.
|
|
1
|
+
FROM ruby:2.7-alpine3.10
|
|
2
2
|
RUN apk --no-cache add git build-base ruby-dev sqlite-dev postgresql-dev \
|
|
3
3
|
&& cd /tmp/ \
|
|
4
4
|
&& git clone https://github.com/ninoseki/mihari.git \
|
|
@@ -6,7 +6,7 @@ RUN apk --no-cache add git build-base ruby-dev sqlite-dev postgresql-dev \
|
|
|
6
6
|
&& gem build mihari.gemspec -o mihari.gem \
|
|
7
7
|
&& gem install mihari.gem \
|
|
8
8
|
&& rm -rf /tmp/mihari \
|
|
9
|
-
&& apk del --purge git build-base ruby-dev
|
|
9
|
+
&& apk del --purge git build-base ruby-dev
|
|
10
10
|
|
|
11
11
|
ENTRYPOINT ["mihari"]
|
|
12
12
|
|
data/lib/mihari.rb
CHANGED
|
@@ -50,11 +50,13 @@ require "mihari/analyzers/crtsh"
|
|
|
50
50
|
require "mihari/analyzers/dnpedia"
|
|
51
51
|
require "mihari/analyzers/dnstwister"
|
|
52
52
|
require "mihari/analyzers/onyphe"
|
|
53
|
+
require "mihari/analyzers/otx"
|
|
53
54
|
require "mihari/analyzers/passivetotal"
|
|
54
55
|
require "mihari/analyzers/pulsedive"
|
|
55
56
|
require "mihari/analyzers/securitytrails_domain_feed"
|
|
56
57
|
require "mihari/analyzers/securitytrails"
|
|
57
58
|
require "mihari/analyzers/shodan"
|
|
59
|
+
require "mihari/analyzers/spyse"
|
|
58
60
|
require "mihari/analyzers/urlscan"
|
|
59
61
|
require "mihari/analyzers/virustotal"
|
|
60
62
|
require "mihari/analyzers/zoomeye"
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "otx_ruby"
|
|
4
|
+
|
|
5
|
+
module Mihari
|
|
6
|
+
module Analyzers
|
|
7
|
+
class OTX < Base
|
|
8
|
+
attr_reader :query
|
|
9
|
+
attr_reader :type
|
|
10
|
+
|
|
11
|
+
attr_reader :title
|
|
12
|
+
attr_reader :description
|
|
13
|
+
attr_reader :tags
|
|
14
|
+
|
|
15
|
+
def initialize(query, title: nil, description: nil, tags: [])
|
|
16
|
+
super()
|
|
17
|
+
|
|
18
|
+
@query = query
|
|
19
|
+
@type = TypeChecker.type(query)
|
|
20
|
+
|
|
21
|
+
@title = title || "OTX lookup"
|
|
22
|
+
@description = description || "query = #{query}"
|
|
23
|
+
@tags = tags
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def artifacts
|
|
27
|
+
lookup || []
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
private
|
|
31
|
+
|
|
32
|
+
def config_keys
|
|
33
|
+
%w(otx_api_key)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def domain_client
|
|
37
|
+
@domain_client ||= ::OTX::Domain.new(Mihari.config.otx_api_key)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def ip_client
|
|
41
|
+
@ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def valid_type?
|
|
45
|
+
%w(ip domain).include? type
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def lookup
|
|
49
|
+
case type
|
|
50
|
+
when "domain"
|
|
51
|
+
domain_lookup
|
|
52
|
+
when "ip"
|
|
53
|
+
ip_lookup
|
|
54
|
+
else
|
|
55
|
+
raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def domain_lookup
|
|
60
|
+
records = domain_client.get_passive_dns(query)
|
|
61
|
+
records.map do |record|
|
|
62
|
+
record.address if record.record_type == "A"
|
|
63
|
+
end.compact.uniq
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def ip_lookup
|
|
67
|
+
records = ip_client.get_passive_dns(query)
|
|
68
|
+
records.map do |record|
|
|
69
|
+
record.hostname if record.record_type == "A"
|
|
70
|
+
end.compact.uniq
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -14,6 +14,7 @@ module Mihari
|
|
|
14
14
|
|
|
15
15
|
ANALYZERS = [
|
|
16
16
|
Mihari::Analyzers::CIRCL,
|
|
17
|
+
Mihari::Analyzers::OTX,
|
|
17
18
|
Mihari::Analyzers::PassiveTotal,
|
|
18
19
|
Mihari::Analyzers::Pulsedive,
|
|
19
20
|
Mihari::Analyzers::SecurityTrails,
|
|
@@ -55,7 +56,7 @@ module Mihari
|
|
|
55
56
|
analyzer.artifacts
|
|
56
57
|
rescue ArgumentError, InvalidInputError => _e
|
|
57
58
|
nil
|
|
58
|
-
rescue ::PassiveCIRCL::Error, ::PassiveTotal::Error, ::Pulsedive::ResponseError, ::SecurityTrails::Error, ::VirusTotal::Error => _e
|
|
59
|
+
rescue Faraday::Error, ::PassiveCIRCL::Error, ::PassiveTotal::Error, ::Pulsedive::ResponseError, ::SecurityTrails::Error, ::VirusTotal::Error => _e
|
|
59
60
|
nil
|
|
60
61
|
end
|
|
61
62
|
end
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "spyse"
|
|
4
|
+
require "json"
|
|
5
|
+
|
|
6
|
+
module Mihari
|
|
7
|
+
module Analyzers
|
|
8
|
+
class Spyse < Base
|
|
9
|
+
attr_reader :query
|
|
10
|
+
attr_reader :type
|
|
11
|
+
|
|
12
|
+
attr_reader :title
|
|
13
|
+
attr_reader :description
|
|
14
|
+
attr_reader :tags
|
|
15
|
+
|
|
16
|
+
def initialize(query, title: nil, description: nil, tags: [], type: "domain")
|
|
17
|
+
super()
|
|
18
|
+
|
|
19
|
+
@query = query
|
|
20
|
+
|
|
21
|
+
@title = title || "Spyse lookup"
|
|
22
|
+
@description = description || "query = #{query}"
|
|
23
|
+
@tags = tags
|
|
24
|
+
@type = type
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def artifacts
|
|
28
|
+
lookup || []
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
private
|
|
32
|
+
|
|
33
|
+
def search_params
|
|
34
|
+
@search_params ||= JSON.parse(query)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def config_keys
|
|
38
|
+
%w(spyse_api_key)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def api
|
|
42
|
+
@api ||= ::Spyse::API.new(Mihari.config.spyse_api_key)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def valid_type?
|
|
46
|
+
%w(ip domain cert).include? type
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def domain_lookup
|
|
50
|
+
res = api.domain.search(search_params, limit: 100)
|
|
51
|
+
items = res.dig("data", "items") || []
|
|
52
|
+
items.map do |item|
|
|
53
|
+
item.dig("name")
|
|
54
|
+
end.uniq.compact
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def ip_lookup
|
|
58
|
+
res = api.ip.search(search_params, limit: 100)
|
|
59
|
+
items = res.dig("data", "items") || []
|
|
60
|
+
items.map do |item|
|
|
61
|
+
item.dig("ip")
|
|
62
|
+
end.uniq.compact
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def lookup
|
|
66
|
+
case type
|
|
67
|
+
when "domain"
|
|
68
|
+
domain_lookup
|
|
69
|
+
when "ip"
|
|
70
|
+
ip_lookup
|
|
71
|
+
else
|
|
72
|
+
raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
data/lib/mihari/cli.rb
CHANGED
|
@@ -164,6 +164,27 @@ module Mihari
|
|
|
164
164
|
end
|
|
165
165
|
end
|
|
166
166
|
|
|
167
|
+
desc "otx [IP|DOMAIN]", "OTX lookup by an IP or domain"
|
|
168
|
+
method_option :title, type: :string, desc: "title"
|
|
169
|
+
method_option :description, type: :string, desc: "description"
|
|
170
|
+
method_option :tags, type: :array, desc: "tags"
|
|
171
|
+
def otx(domain)
|
|
172
|
+
with_error_handling do
|
|
173
|
+
run_analyzer Analyzers::OTX, query: refang(domain), options: options
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
desc "spyse [QUERY]", "Spyse search by a query"
|
|
178
|
+
method_option :title, type: :string, desc: "title"
|
|
179
|
+
method_option :description, type: :string, desc: "description"
|
|
180
|
+
method_option :tags, type: :array, desc: "tags"
|
|
181
|
+
method_option :type, type: :string, desc: "type to search (ip or domain)", default: "doamin"
|
|
182
|
+
def spyse(query)
|
|
183
|
+
with_error_handling do
|
|
184
|
+
run_analyzer Analyzers::Spyse, query: query, options: options
|
|
185
|
+
end
|
|
186
|
+
end
|
|
187
|
+
|
|
167
188
|
desc "passive_dns [IP|DOMAIN]", "Cross search with passive DNS services by an ip or domain"
|
|
168
189
|
method_option :title, type: :string, desc: "title"
|
|
169
190
|
method_option :description, type: :string, desc: "description"
|
data/lib/mihari/config.rb
CHANGED
|
@@ -12,6 +12,7 @@ module Mihari
|
|
|
12
12
|
attr_accessor :misp_api_endpoint
|
|
13
13
|
attr_accessor :misp_api_key
|
|
14
14
|
attr_accessor :onyphe_api_key
|
|
15
|
+
attr_accessor :otx_api_key
|
|
15
16
|
attr_accessor :passivetotal_api_key
|
|
16
17
|
attr_accessor :passivetotal_username
|
|
17
18
|
attr_accessor :pulsedive_api_key
|
|
@@ -19,8 +20,10 @@ module Mihari
|
|
|
19
20
|
attr_accessor :shodan_api_key
|
|
20
21
|
attr_accessor :slack_channel
|
|
21
22
|
attr_accessor :slack_webhook_url
|
|
23
|
+
attr_accessor :spyse_api_key
|
|
22
24
|
attr_accessor :thehive_api_endpoint
|
|
23
25
|
attr_accessor :thehive_api_key
|
|
26
|
+
attr_accessor :urlscan_api_key
|
|
24
27
|
attr_accessor :virustotal_api_key
|
|
25
28
|
attr_accessor :zoomeye_password
|
|
26
29
|
attr_accessor :zoomeye_username
|
|
@@ -40,6 +43,7 @@ module Mihari
|
|
|
40
43
|
@misp_api_endpoint = ENV["MISP_API_ENDPOINT"]
|
|
41
44
|
@misp_api_key = ENV["MISP_API_KEY"]
|
|
42
45
|
@onyphe_api_key = ENV["ONYPHE_API_KEY"]
|
|
46
|
+
@otx_api_key = ENV["OTX_API_KEY"]
|
|
43
47
|
@passivetotal_api_key = ENV["PASSIVETOTAL_API_KEY"]
|
|
44
48
|
@passivetotal_username = ENV["PASSIVETOTAL_USERNAME"]
|
|
45
49
|
@pulsedive_api_key = ENV["PULSEDIVE_API_KEY"]
|
|
@@ -47,8 +51,10 @@ module Mihari
|
|
|
47
51
|
@shodan_api_key = ENV["SHODAN_API_KEY"]
|
|
48
52
|
@slack_channel = ENV["SLACK_CHANNEL"]
|
|
49
53
|
@slack_webhook_url = ENV["SLACK_WEBHOOK_URL"]
|
|
54
|
+
@spyse_api_key = ENV["SPYSE_API_KEY"]
|
|
50
55
|
@thehive_api_endpoint = ENV["THEHIVE_API_ENDPOINT"]
|
|
51
56
|
@thehive_api_key = ENV["THEHIVE_API_KEY"]
|
|
57
|
+
@urlscan_api_key = ENV["URLSCAN_API_KEY"]
|
|
52
58
|
@virustotal_api_key = ENV["VIRUSTOTAL_API_KEY"]
|
|
53
59
|
@zoomeye_password = ENV["ZOOMEYE_PASSWORD"]
|
|
54
60
|
@zoomeye_username = ENV["ZOOMEYE_USERNAME"]
|
data/lib/mihari/errors.rb
CHANGED
data/lib/mihari/retriable.rb
CHANGED
|
@@ -7,10 +7,10 @@ module Mihari
|
|
|
7
7
|
begin
|
|
8
8
|
try += 1
|
|
9
9
|
yield
|
|
10
|
-
rescue Errno::ECONNRESET, Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError, Timeout::Error =>
|
|
10
|
+
rescue Errno::ECONNRESET, Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError, Timeout::Error, RetryableError => e
|
|
11
11
|
sleep interval
|
|
12
12
|
retry if try < times
|
|
13
|
-
raise
|
|
13
|
+
raise e
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Slack
|
|
4
|
+
class Notifier
|
|
5
|
+
module Util
|
|
6
|
+
class LinkFormatter
|
|
7
|
+
class << self
|
|
8
|
+
def format(string, opts = {})
|
|
9
|
+
# Resolve warning in Ruby 2.7
|
|
10
|
+
LinkFormatter.new(string, **opts).formatted
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
|
@@ -26,14 +26,15 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
|
|
27
27
|
spec.add_development_dependency "bundler", "~> 2.1"
|
|
28
28
|
spec.add_development_dependency "coveralls", "~> 0.8"
|
|
29
|
-
spec.add_development_dependency "execjs", "~> 2.
|
|
29
|
+
spec.add_development_dependency "execjs", "~> 2.7"
|
|
30
30
|
spec.add_development_dependency "fakefs", "~> 1.2"
|
|
31
31
|
spec.add_development_dependency "pre-commit", "~> 0.39"
|
|
32
32
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
33
33
|
spec.add_development_dependency "rspec", "~> 3.9"
|
|
34
|
-
spec.add_development_dependency "rubocop
|
|
34
|
+
spec.add_development_dependency "rubocop", "~> 0.88"
|
|
35
|
+
spec.add_development_dependency "rubocop-performance", "~> 1.7"
|
|
35
36
|
spec.add_development_dependency "timecop", "~> 0.9"
|
|
36
|
-
spec.add_development_dependency "vcr", "~>
|
|
37
|
+
spec.add_development_dependency "vcr", "~> 6.0"
|
|
37
38
|
spec.add_development_dependency "webmock", "~> 3.8"
|
|
38
39
|
|
|
39
40
|
spec.add_dependency "active_model_serializers", "~> 0.10"
|
|
@@ -51,6 +52,7 @@ Gem::Specification.new do |spec|
|
|
|
51
52
|
spec.add_dependency "murmurhash3", "~> 0.1"
|
|
52
53
|
spec.add_dependency "net-ping", "~> 2.0"
|
|
53
54
|
spec.add_dependency "onyphe", "~> 2.0"
|
|
55
|
+
spec.add_dependency "otx_ruby", "~> 0.9"
|
|
54
56
|
spec.add_dependency "parallel", "~> 1.19"
|
|
55
57
|
spec.add_dependency "passive_circl", "~> 0.1"
|
|
56
58
|
spec.add_dependency "passivetotalx", "~> 0.1"
|
|
@@ -60,6 +62,7 @@ Gem::Specification.new do |spec|
|
|
|
60
62
|
spec.add_dependency "securitytrails", "~> 1.0"
|
|
61
63
|
spec.add_dependency "shodanx", "~> 0.2"
|
|
62
64
|
spec.add_dependency "slack-notifier", "~> 2.3"
|
|
65
|
+
spec.add_dependency "spysex", "~> 0.1"
|
|
63
66
|
spec.add_dependency "sqlite3", "~> 1.4"
|
|
64
67
|
spec.add_dependency "thor", "~> 1.0"
|
|
65
68
|
spec.add_dependency "urlscan", "~> 0.5"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '2.
|
|
47
|
+
version: '2.7'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '2.
|
|
54
|
+
version: '2.7'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: fakefs
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -108,20 +108,34 @@ dependencies:
|
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: '3.9'
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: rubocop
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '0.88'
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '0.88'
|
|
111
125
|
- !ruby/object:Gem::Dependency
|
|
112
126
|
name: rubocop-performance
|
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
|
114
128
|
requirements:
|
|
115
129
|
- - "~>"
|
|
116
130
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: '1.
|
|
131
|
+
version: '1.7'
|
|
118
132
|
type: :development
|
|
119
133
|
prerelease: false
|
|
120
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
135
|
requirements:
|
|
122
136
|
- - "~>"
|
|
123
137
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: '1.
|
|
138
|
+
version: '1.7'
|
|
125
139
|
- !ruby/object:Gem::Dependency
|
|
126
140
|
name: timecop
|
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,14 +156,14 @@ dependencies:
|
|
|
142
156
|
requirements:
|
|
143
157
|
- - "~>"
|
|
144
158
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: '
|
|
159
|
+
version: '6.0'
|
|
146
160
|
type: :development
|
|
147
161
|
prerelease: false
|
|
148
162
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
163
|
requirements:
|
|
150
164
|
- - "~>"
|
|
151
165
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: '
|
|
166
|
+
version: '6.0'
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: webmock
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -374,6 +388,20 @@ dependencies:
|
|
|
374
388
|
- - "~>"
|
|
375
389
|
- !ruby/object:Gem::Version
|
|
376
390
|
version: '2.0'
|
|
391
|
+
- !ruby/object:Gem::Dependency
|
|
392
|
+
name: otx_ruby
|
|
393
|
+
requirement: !ruby/object:Gem::Requirement
|
|
394
|
+
requirements:
|
|
395
|
+
- - "~>"
|
|
396
|
+
- !ruby/object:Gem::Version
|
|
397
|
+
version: '0.9'
|
|
398
|
+
type: :runtime
|
|
399
|
+
prerelease: false
|
|
400
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
401
|
+
requirements:
|
|
402
|
+
- - "~>"
|
|
403
|
+
- !ruby/object:Gem::Version
|
|
404
|
+
version: '0.9'
|
|
377
405
|
- !ruby/object:Gem::Dependency
|
|
378
406
|
name: parallel
|
|
379
407
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -500,6 +528,20 @@ dependencies:
|
|
|
500
528
|
- - "~>"
|
|
501
529
|
- !ruby/object:Gem::Version
|
|
502
530
|
version: '2.3'
|
|
531
|
+
- !ruby/object:Gem::Dependency
|
|
532
|
+
name: spysex
|
|
533
|
+
requirement: !ruby/object:Gem::Requirement
|
|
534
|
+
requirements:
|
|
535
|
+
- - "~>"
|
|
536
|
+
- !ruby/object:Gem::Version
|
|
537
|
+
version: '0.1'
|
|
538
|
+
type: :runtime
|
|
539
|
+
prerelease: false
|
|
540
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
541
|
+
requirements:
|
|
542
|
+
- - "~>"
|
|
543
|
+
- !ruby/object:Gem::Version
|
|
544
|
+
version: '0.1'
|
|
503
545
|
- !ruby/object:Gem::Dependency
|
|
504
546
|
name: sqlite3
|
|
505
547
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -605,6 +647,7 @@ files:
|
|
|
605
647
|
- lib/mihari/analyzers/free_text.rb
|
|
606
648
|
- lib/mihari/analyzers/http_hash.rb
|
|
607
649
|
- lib/mihari/analyzers/onyphe.rb
|
|
650
|
+
- lib/mihari/analyzers/otx.rb
|
|
608
651
|
- lib/mihari/analyzers/passive_dns.rb
|
|
609
652
|
- lib/mihari/analyzers/passive_ssl.rb
|
|
610
653
|
- lib/mihari/analyzers/passivetotal.rb
|
|
@@ -613,6 +656,7 @@ files:
|
|
|
613
656
|
- lib/mihari/analyzers/securitytrails.rb
|
|
614
657
|
- lib/mihari/analyzers/securitytrails_domain_feed.rb
|
|
615
658
|
- lib/mihari/analyzers/shodan.rb
|
|
659
|
+
- lib/mihari/analyzers/spyse.rb
|
|
616
660
|
- lib/mihari/analyzers/ssh_fingerprint.rb
|
|
617
661
|
- lib/mihari/analyzers/urlscan.rb
|
|
618
662
|
- lib/mihari/analyzers/virustotal.rb
|
|
@@ -640,10 +684,12 @@ files:
|
|
|
640
684
|
- lib/mihari/serializers/alert.rb
|
|
641
685
|
- lib/mihari/serializers/artifact.rb
|
|
642
686
|
- lib/mihari/serializers/tag.rb
|
|
687
|
+
- lib/mihari/slack_monkeypatch.rb
|
|
643
688
|
- lib/mihari/status.rb
|
|
644
689
|
- lib/mihari/type_checker.rb
|
|
645
690
|
- lib/mihari/version.rb
|
|
646
691
|
- mihari.gemspec
|
|
692
|
+
- renovate.json
|
|
647
693
|
- screenshots/alert.png
|
|
648
694
|
- screenshots/eyecatch.png
|
|
649
695
|
- screenshots/misp.png
|
|
@@ -652,7 +698,7 @@ homepage: https://github.com/ninoseki/mihari
|
|
|
652
698
|
licenses:
|
|
653
699
|
- MIT
|
|
654
700
|
metadata: {}
|
|
655
|
-
post_install_message:
|
|
701
|
+
post_install_message:
|
|
656
702
|
rdoc_options: []
|
|
657
703
|
require_paths:
|
|
658
704
|
- lib
|
|
@@ -668,7 +714,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
668
714
|
version: '0'
|
|
669
715
|
requirements: []
|
|
670
716
|
rubygems_version: 3.1.2
|
|
671
|
-
signing_key:
|
|
717
|
+
signing_key:
|
|
672
718
|
specification_version: 4
|
|
673
719
|
summary: A framework for continuous malicious hosts monitoring.
|
|
674
720
|
test_files: []
|