mihari 1.3.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +44 -0
- data/README.md +7 -7
- data/Rakefile +1 -0
- data/docker/Dockerfile +1 -1
- data/lib/mihari/alert_viewer.rb +3 -3
- data/lib/mihari/analyzers/base.rb +1 -1
- data/lib/mihari/analyzers/basic.rb +3 -4
- data/lib/mihari/analyzers/binaryedge.rb +8 -7
- data/lib/mihari/analyzers/censys.rb +3 -7
- data/lib/mihari/analyzers/circl.rb +3 -5
- data/lib/mihari/analyzers/crtsh.rb +2 -6
- data/lib/mihari/analyzers/dnpedia.rb +3 -6
- data/lib/mihari/analyzers/dnstwister.rb +4 -9
- data/lib/mihari/analyzers/free_text.rb +2 -6
- data/lib/mihari/analyzers/http_hash.rb +3 -11
- data/lib/mihari/analyzers/onyphe.rb +3 -6
- data/lib/mihari/analyzers/otx.rb +4 -9
- data/lib/mihari/analyzers/passive_dns.rb +4 -9
- data/lib/mihari/analyzers/passive_ssl.rb +4 -9
- data/lib/mihari/analyzers/passivetotal.rb +9 -14
- data/lib/mihari/analyzers/pulsedive.rb +7 -12
- data/lib/mihari/analyzers/reverse_whois.rb +4 -9
- data/lib/mihari/analyzers/securitytrails.rb +12 -17
- data/lib/mihari/analyzers/securitytrails_domain_feed.rb +3 -7
- data/lib/mihari/analyzers/shodan.rb +9 -8
- data/lib/mihari/analyzers/spyse.rb +6 -11
- data/lib/mihari/analyzers/ssh_fingerprint.rb +2 -6
- data/lib/mihari/analyzers/urlscan.rb +25 -9
- data/lib/mihari/analyzers/virustotal.rb +6 -11
- data/lib/mihari/analyzers/zoomeye.rb +7 -11
- data/lib/mihari/cli.rb +14 -7
- data/lib/mihari/config.rb +2 -24
- data/lib/mihari/database.rb +1 -1
- data/lib/mihari/emitters/misp.rb +4 -2
- data/lib/mihari/emitters/slack.rb +18 -7
- data/lib/mihari/emitters/the_hive.rb +2 -2
- data/lib/mihari/errors.rb +3 -0
- data/lib/mihari/models/artifact.rb +1 -1
- data/lib/mihari/notifiers/exception_notifier.rb +5 -5
- data/lib/mihari/retriable.rb +1 -1
- data/lib/mihari/status.rb +1 -1
- data/lib/mihari/type_checker.rb +4 -4
- data/lib/mihari/version.rb +1 -1
- data/mihari.gemspec +22 -23
- metadata +37 -51
- data/.travis.yml +0 -13
data/lib/mihari/retriable.rb
CHANGED
@@ -7,7 +7,7 @@ module Mihari
|
|
7
7
|
begin
|
8
8
|
try += 1
|
9
9
|
yield
|
10
|
-
rescue Errno::ECONNRESET, Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError, Timeout::Error,
|
10
|
+
rescue Errno::ECONNRESET, Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError, Timeout::Error, RetryableError => e
|
11
11
|
sleep interval
|
12
12
|
retry if try < times
|
13
13
|
raise e
|
data/lib/mihari/status.rb
CHANGED
data/lib/mihari/type_checker.rb
CHANGED
@@ -80,22 +80,22 @@ module Mihari
|
|
80
80
|
|
81
81
|
# @return [true, false]
|
82
82
|
def md5?
|
83
|
-
data.match?
|
83
|
+
data.match?(/^[A-Fa-f0-9]{32}$/)
|
84
84
|
end
|
85
85
|
|
86
86
|
# @return [true, false]
|
87
87
|
def sha1?
|
88
|
-
data.match?
|
88
|
+
data.match?(/^[A-Fa-f0-9]{40}$/)
|
89
89
|
end
|
90
90
|
|
91
91
|
# @return [true, false]
|
92
92
|
def sha256?
|
93
|
-
data.match?
|
93
|
+
data.match?(/^[A-Fa-f0-9]{64}$/)
|
94
94
|
end
|
95
95
|
|
96
96
|
# @return [true, false]
|
97
97
|
def sha512?
|
98
|
-
data.match?
|
98
|
+
data.match?(/^[A-Fa-f0-9]{128}$/)
|
99
99
|
end
|
100
100
|
end
|
101
101
|
end
|
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
@@ -1,44 +1,42 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
lib = File.expand_path(
|
3
|
+
lib = File.expand_path("lib", __dir__)
|
4
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
5
|
require "mihari/version"
|
6
6
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
|
-
spec.name
|
9
|
-
spec.version
|
10
|
-
spec.authors
|
11
|
-
spec.email
|
8
|
+
spec.name = "mihari"
|
9
|
+
spec.version = Mihari::VERSION
|
10
|
+
spec.authors = ["Manabu Niseki"]
|
11
|
+
spec.email = ["manabu.niseki@gmail.com"]
|
12
12
|
|
13
|
-
spec.summary
|
14
|
-
spec.description
|
15
|
-
spec.homepage
|
16
|
-
spec.license
|
13
|
+
spec.summary = "A framework for continuous malicious hosts monitoring."
|
14
|
+
spec.description = "A framework for continuous malicious hosts monitoring."
|
15
|
+
spec.homepage = "https://github.com/ninoseki/mihari"
|
16
|
+
spec.license = "MIT"
|
17
17
|
|
18
18
|
# Specify which files should be added to the gem when it is released.
|
19
19
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
20
|
-
spec.files
|
20
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
21
21
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
22
|
end
|
23
|
-
spec.bindir
|
24
|
-
spec.executables
|
23
|
+
spec.bindir = "exe"
|
24
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
25
25
|
spec.require_paths = ["lib"]
|
26
26
|
|
27
|
-
spec.add_development_dependency "bundler", "~> 2.
|
27
|
+
spec.add_development_dependency "bundler", "~> 2.2"
|
28
28
|
spec.add_development_dependency "coveralls", "~> 0.8"
|
29
29
|
spec.add_development_dependency "execjs", "~> 2.7"
|
30
|
-
spec.add_development_dependency "fakefs", "~> 1.
|
31
|
-
spec.add_development_dependency "pre-commit", "~> 0.39"
|
30
|
+
spec.add_development_dependency "fakefs", "~> 1.3"
|
32
31
|
spec.add_development_dependency "rake", "~> 13.0"
|
33
|
-
spec.add_development_dependency "rspec", "~> 3.
|
34
|
-
spec.add_development_dependency "
|
35
|
-
spec.add_development_dependency "rubocop-performance", "~> 1.7"
|
32
|
+
spec.add_development_dependency "rspec", "~> 3.10"
|
33
|
+
spec.add_development_dependency "standard", "~> 1.0"
|
36
34
|
spec.add_development_dependency "timecop", "~> 0.9"
|
37
35
|
spec.add_development_dependency "vcr", "~> 6.0"
|
38
|
-
spec.add_development_dependency "webmock", "~> 3.
|
36
|
+
spec.add_development_dependency "webmock", "~> 3.12"
|
39
37
|
|
40
38
|
spec.add_dependency "active_model_serializers", "~> 0.10"
|
41
|
-
spec.add_dependency "activerecord", "~> 6.
|
39
|
+
spec.add_dependency "activerecord", "~> 6.1"
|
42
40
|
spec.add_dependency "addressable", "~> 2.7"
|
43
41
|
spec.add_dependency "binaryedge", "~> 0.1"
|
44
42
|
spec.add_dependency "censu", "~> 0.2"
|
@@ -53,7 +51,7 @@ Gem::Specification.new do |spec|
|
|
53
51
|
spec.add_dependency "net-ping", "~> 2.0"
|
54
52
|
spec.add_dependency "onyphe", "~> 2.0"
|
55
53
|
spec.add_dependency "otx_ruby", "~> 0.9"
|
56
|
-
spec.add_dependency "parallel", "~> 1.
|
54
|
+
spec.add_dependency "parallel", "~> 1.20"
|
57
55
|
spec.add_dependency "passive_circl", "~> 0.1"
|
58
56
|
spec.add_dependency "passivetotalx", "~> 0.1"
|
59
57
|
spec.add_dependency "pg", "~> 1.2"
|
@@ -64,8 +62,9 @@ Gem::Specification.new do |spec|
|
|
64
62
|
spec.add_dependency "slack-notifier", "~> 2.3"
|
65
63
|
spec.add_dependency "spysex", "~> 0.1"
|
66
64
|
spec.add_dependency "sqlite3", "~> 1.4"
|
67
|
-
spec.add_dependency "thor", "~> 1.
|
68
|
-
spec.add_dependency "
|
65
|
+
spec.add_dependency "thor", "~> 1.1"
|
66
|
+
spec.add_dependency "thread_safe", "~> 0.3"
|
67
|
+
spec.add_dependency "urlscan", "~> 0.6"
|
69
68
|
spec.add_dependency "virustotalx", "~> 1.1"
|
70
69
|
spec.add_dependency "zoomeye-rb", "~> 0.1"
|
71
70
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mihari
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '2.
|
19
|
+
version: '2.2'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '2.
|
26
|
+
version: '2.2'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: coveralls
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,28 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '1.
|
61
|
+
version: '1.3'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: '1.
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: pre-commit
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "~>"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0.39'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - "~>"
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0.39'
|
68
|
+
version: '1.3'
|
83
69
|
- !ruby/object:Gem::Dependency
|
84
70
|
name: rake
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,42 +86,28 @@ dependencies:
|
|
100
86
|
requirements:
|
101
87
|
- - "~>"
|
102
88
|
- !ruby/object:Gem::Version
|
103
|
-
version: '3.
|
89
|
+
version: '3.10'
|
104
90
|
type: :development
|
105
91
|
prerelease: false
|
106
92
|
version_requirements: !ruby/object:Gem::Requirement
|
107
93
|
requirements:
|
108
94
|
- - "~>"
|
109
95
|
- !ruby/object:Gem::Version
|
110
|
-
version: '3.
|
96
|
+
version: '3.10'
|
111
97
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
98
|
+
name: standard
|
113
99
|
requirement: !ruby/object:Gem::Requirement
|
114
100
|
requirements:
|
115
101
|
- - "~>"
|
116
102
|
- !ruby/object:Gem::Version
|
117
|
-
version: '0
|
118
|
-
type: :development
|
119
|
-
prerelease: false
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
121
|
-
requirements:
|
122
|
-
- - "~>"
|
123
|
-
- !ruby/object:Gem::Version
|
124
|
-
version: '0.88'
|
125
|
-
- !ruby/object:Gem::Dependency
|
126
|
-
name: rubocop-performance
|
127
|
-
requirement: !ruby/object:Gem::Requirement
|
128
|
-
requirements:
|
129
|
-
- - "~>"
|
130
|
-
- !ruby/object:Gem::Version
|
131
|
-
version: '1.7'
|
103
|
+
version: '1.0'
|
132
104
|
type: :development
|
133
105
|
prerelease: false
|
134
106
|
version_requirements: !ruby/object:Gem::Requirement
|
135
107
|
requirements:
|
136
108
|
- - "~>"
|
137
109
|
- !ruby/object:Gem::Version
|
138
|
-
version: '1.
|
110
|
+
version: '1.0'
|
139
111
|
- !ruby/object:Gem::Dependency
|
140
112
|
name: timecop
|
141
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -170,14 +142,14 @@ dependencies:
|
|
170
142
|
requirements:
|
171
143
|
- - "~>"
|
172
144
|
- !ruby/object:Gem::Version
|
173
|
-
version: '3.
|
145
|
+
version: '3.12'
|
174
146
|
type: :development
|
175
147
|
prerelease: false
|
176
148
|
version_requirements: !ruby/object:Gem::Requirement
|
177
149
|
requirements:
|
178
150
|
- - "~>"
|
179
151
|
- !ruby/object:Gem::Version
|
180
|
-
version: '3.
|
152
|
+
version: '3.12'
|
181
153
|
- !ruby/object:Gem::Dependency
|
182
154
|
name: active_model_serializers
|
183
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -198,14 +170,14 @@ dependencies:
|
|
198
170
|
requirements:
|
199
171
|
- - "~>"
|
200
172
|
- !ruby/object:Gem::Version
|
201
|
-
version: '6.
|
173
|
+
version: '6.1'
|
202
174
|
type: :runtime
|
203
175
|
prerelease: false
|
204
176
|
version_requirements: !ruby/object:Gem::Requirement
|
205
177
|
requirements:
|
206
178
|
- - "~>"
|
207
179
|
- !ruby/object:Gem::Version
|
208
|
-
version: '6.
|
180
|
+
version: '6.1'
|
209
181
|
- !ruby/object:Gem::Dependency
|
210
182
|
name: addressable
|
211
183
|
requirement: !ruby/object:Gem::Requirement
|
@@ -408,14 +380,14 @@ dependencies:
|
|
408
380
|
requirements:
|
409
381
|
- - "~>"
|
410
382
|
- !ruby/object:Gem::Version
|
411
|
-
version: '1.
|
383
|
+
version: '1.20'
|
412
384
|
type: :runtime
|
413
385
|
prerelease: false
|
414
386
|
version_requirements: !ruby/object:Gem::Requirement
|
415
387
|
requirements:
|
416
388
|
- - "~>"
|
417
389
|
- !ruby/object:Gem::Version
|
418
|
-
version: '1.
|
390
|
+
version: '1.20'
|
419
391
|
- !ruby/object:Gem::Dependency
|
420
392
|
name: passive_circl
|
421
393
|
requirement: !ruby/object:Gem::Requirement
|
@@ -562,28 +534,42 @@ dependencies:
|
|
562
534
|
requirements:
|
563
535
|
- - "~>"
|
564
536
|
- !ruby/object:Gem::Version
|
565
|
-
version: '1.
|
537
|
+
version: '1.1'
|
566
538
|
type: :runtime
|
567
539
|
prerelease: false
|
568
540
|
version_requirements: !ruby/object:Gem::Requirement
|
569
541
|
requirements:
|
570
542
|
- - "~>"
|
571
543
|
- !ruby/object:Gem::Version
|
572
|
-
version: '1.
|
544
|
+
version: '1.1'
|
545
|
+
- !ruby/object:Gem::Dependency
|
546
|
+
name: thread_safe
|
547
|
+
requirement: !ruby/object:Gem::Requirement
|
548
|
+
requirements:
|
549
|
+
- - "~>"
|
550
|
+
- !ruby/object:Gem::Version
|
551
|
+
version: '0.3'
|
552
|
+
type: :runtime
|
553
|
+
prerelease: false
|
554
|
+
version_requirements: !ruby/object:Gem::Requirement
|
555
|
+
requirements:
|
556
|
+
- - "~>"
|
557
|
+
- !ruby/object:Gem::Version
|
558
|
+
version: '0.3'
|
573
559
|
- !ruby/object:Gem::Dependency
|
574
560
|
name: urlscan
|
575
561
|
requirement: !ruby/object:Gem::Requirement
|
576
562
|
requirements:
|
577
563
|
- - "~>"
|
578
564
|
- !ruby/object:Gem::Version
|
579
|
-
version: '0.
|
565
|
+
version: '0.6'
|
580
566
|
type: :runtime
|
581
567
|
prerelease: false
|
582
568
|
version_requirements: !ruby/object:Gem::Requirement
|
583
569
|
requirements:
|
584
570
|
- - "~>"
|
585
571
|
- !ruby/object:Gem::Version
|
586
|
-
version: '0.
|
572
|
+
version: '0.6'
|
587
573
|
- !ruby/object:Gem::Dependency
|
588
574
|
name: virustotalx
|
589
575
|
requirement: !ruby/object:Gem::Requirement
|
@@ -620,10 +606,10 @@ executables:
|
|
620
606
|
extensions: []
|
621
607
|
extra_rdoc_files: []
|
622
608
|
files:
|
609
|
+
- ".github/workflows/test.yml"
|
623
610
|
- ".gitignore"
|
624
611
|
- ".rspec"
|
625
612
|
- ".rubocop.yml"
|
626
|
-
- ".travis.yml"
|
627
613
|
- Gemfile
|
628
614
|
- LICENSE
|
629
615
|
- README.md
|
@@ -713,7 +699,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
713
699
|
- !ruby/object:Gem::Version
|
714
700
|
version: '0'
|
715
701
|
requirements: []
|
716
|
-
rubygems_version: 3.
|
702
|
+
rubygems_version: 3.2.3
|
717
703
|
signing_key:
|
718
704
|
specification_version: 4
|
719
705
|
summary: A framework for continuous malicious hosts monitoring.
|
data/.travis.yml
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
---
|
2
|
-
language: ruby
|
3
|
-
cache: bundler
|
4
|
-
services:
|
5
|
-
- postgresql
|
6
|
-
rvm:
|
7
|
-
- 2.6
|
8
|
-
- 2.7
|
9
|
-
env:
|
10
|
-
- DATABASE=":memory:"
|
11
|
-
- DATABASE="postgresql://postgres@0.0.0.0:5432/travis_ci_test"
|
12
|
-
before_install: gem install bundler -v 2.1
|
13
|
-
before_script: psql -c 'create database travis_ci_test;' -U postgres
|