mihari 1.3.1 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +44 -0
  3. data/README.md +23 -12
  4. data/Rakefile +1 -0
  5. data/docker/Dockerfile +3 -2
  6. data/{screenshots → images}/alert.png +0 -0
  7. data/{screenshots → images}/eyecatch.png +0 -0
  8. data/images/logo.png +0 -0
  9. data/{screenshots → images}/misp.png +0 -0
  10. data/{screenshots → images}/slack.png +0 -0
  11. data/lib/mihari/alert_viewer.rb +3 -3
  12. data/lib/mihari/analyzers/base.rb +1 -1
  13. data/lib/mihari/analyzers/basic.rb +3 -4
  14. data/lib/mihari/analyzers/binaryedge.rb +4 -7
  15. data/lib/mihari/analyzers/censys.rb +3 -7
  16. data/lib/mihari/analyzers/circl.rb +3 -5
  17. data/lib/mihari/analyzers/crtsh.rb +2 -6
  18. data/lib/mihari/analyzers/dnpedia.rb +3 -6
  19. data/lib/mihari/analyzers/dnstwister.rb +4 -9
  20. data/lib/mihari/analyzers/free_text.rb +2 -6
  21. data/lib/mihari/analyzers/http_hash.rb +3 -11
  22. data/lib/mihari/analyzers/onyphe.rb +3 -6
  23. data/lib/mihari/analyzers/otx.rb +4 -9
  24. data/lib/mihari/analyzers/passive_dns.rb +4 -9
  25. data/lib/mihari/analyzers/passive_ssl.rb +4 -9
  26. data/lib/mihari/analyzers/passivetotal.rb +9 -14
  27. data/lib/mihari/analyzers/pulsedive.rb +7 -12
  28. data/lib/mihari/analyzers/reverse_whois.rb +4 -9
  29. data/lib/mihari/analyzers/securitytrails.rb +12 -17
  30. data/lib/mihari/analyzers/securitytrails_domain_feed.rb +3 -7
  31. data/lib/mihari/analyzers/shodan.rb +9 -8
  32. data/lib/mihari/analyzers/spyse.rb +6 -11
  33. data/lib/mihari/analyzers/ssh_fingerprint.rb +2 -6
  34. data/lib/mihari/analyzers/urlscan.rb +21 -9
  35. data/lib/mihari/analyzers/virustotal.rb +6 -11
  36. data/lib/mihari/analyzers/zoomeye.rb +7 -11
  37. data/lib/mihari/cli.rb +14 -7
  38. data/lib/mihari/config.rb +1 -25
  39. data/lib/mihari/database.rb +1 -1
  40. data/lib/mihari/emitters/misp.rb +4 -2
  41. data/lib/mihari/emitters/slack.rb +18 -7
  42. data/lib/mihari/emitters/the_hive.rb +2 -2
  43. data/lib/mihari/errors.rb +2 -0
  44. data/lib/mihari/models/artifact.rb +1 -1
  45. data/lib/mihari/notifiers/exception_notifier.rb +5 -5
  46. data/lib/mihari/status.rb +1 -1
  47. data/lib/mihari/type_checker.rb +4 -4
  48. data/lib/mihari/version.rb +1 -1
  49. data/mihari.gemspec +23 -24
  50. metadata +44 -57
  51. data/.travis.yml +0 -13
@@ -19,7 +19,7 @@ module Mihari
19
19
  def notify(exception)
20
20
  notify_to_stdout exception
21
21
 
22
- clean_message = exception.message.tr('`', "'")
22
+ clean_message = exception.message.tr("`", "'")
23
23
  attachments = to_attachments(exception, clean_message)
24
24
  notify_to_slack(text: clean_message, attachments: attachments) if @slack.valid?
25
25
  end
@@ -51,20 +51,20 @@ module Mihari
51
51
 
52
52
  def to_fields(clean_message, backtrace)
53
53
  fields = [
54
- { title: "Exception", value: clean_message },
55
- { title: "Hostname", value: hostname }
54
+ {title: "Exception", value: clean_message},
55
+ {title: "Hostname", value: hostname}
56
56
  ]
57
57
 
58
58
  if backtrace
59
59
  formatted_backtrace = format_backtrace(backtrace)
60
- fields << { title: "Backtrace", value: formatted_backtrace }
60
+ fields << {title: "Backtrace", value: formatted_backtrace}
61
61
  end
62
62
  fields
63
63
  end
64
64
 
65
65
  def hostname
66
66
  Socket.gethostname
67
- rescue StandardError => _e
67
+ rescue => _e
68
68
  "N/A"
69
69
  end
70
70
 
data/lib/mihari/status.rb CHANGED
@@ -36,7 +36,7 @@ module Mihari
36
36
  status = instance.configured?
37
37
  message = instance.configuration_status
38
38
 
39
- message ? { status: status, message: message } : nil
39
+ message ? {status: status, message: message} : nil
40
40
  rescue ArgumentError => _e
41
41
  nil
42
42
  end
@@ -80,22 +80,22 @@ module Mihari
80
80
 
81
81
  # @return [true, false]
82
82
  def md5?
83
- data.match? /^[A-Fa-f0-9]{32}$/
83
+ data.match?(/^[A-Fa-f0-9]{32}$/)
84
84
  end
85
85
 
86
86
  # @return [true, false]
87
87
  def sha1?
88
- data.match? /^[A-Fa-f0-9]{40}$/
88
+ data.match?(/^[A-Fa-f0-9]{40}$/)
89
89
  end
90
90
 
91
91
  # @return [true, false]
92
92
  def sha256?
93
- data.match? /^[A-Fa-f0-9]{64}$/
93
+ data.match?(/^[A-Fa-f0-9]{64}$/)
94
94
  end
95
95
 
96
96
  # @return [true, false]
97
97
  def sha512?
98
- data.match? /^[A-Fa-f0-9]{128}$/
98
+ data.match?(/^[A-Fa-f0-9]{128}$/)
99
99
  end
100
100
  end
101
101
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "1.3.1"
4
+ VERSION = "1.5.1"
5
5
  end
data/mihari.gemspec CHANGED
@@ -1,44 +1,42 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- lib = File.expand_path('lib', __dir__)
3
+ lib = File.expand_path("lib", __dir__)
4
4
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
5
  require "mihari/version"
6
6
 
7
7
  Gem::Specification.new do |spec|
8
- spec.name = "mihari"
9
- spec.version = Mihari::VERSION
10
- spec.authors = ["Manabu Niseki"]
11
- spec.email = ["manabu.niseki@gmail.com"]
8
+ spec.name = "mihari"
9
+ spec.version = Mihari::VERSION
10
+ spec.authors = ["Manabu Niseki"]
11
+ spec.email = ["manabu.niseki@gmail.com"]
12
12
 
13
- spec.summary = "A framework for continuous malicious hosts monitoring."
14
- spec.description = "A framework for continuous malicious hosts monitoring."
15
- spec.homepage = "https://github.com/ninoseki/mihari"
16
- spec.license = "MIT"
13
+ spec.summary = "A framework for continuous malicious hosts monitoring."
14
+ spec.description = "A framework for continuous malicious hosts monitoring."
15
+ spec.homepage = "https://github.com/ninoseki/mihari"
16
+ spec.license = "MIT"
17
17
 
18
18
  # Specify which files should be added to the gem when it is released.
19
19
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
- spec.files = Dir.chdir(File.expand_path(__dir__)) do
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
21
  `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
22
  end
23
- spec.bindir = "exe"
24
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
+ spec.bindir = "exe"
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
25
  spec.require_paths = ["lib"]
26
26
 
27
- spec.add_development_dependency "bundler", "~> 2.1"
27
+ spec.add_development_dependency "bundler", "~> 2.2"
28
28
  spec.add_development_dependency "coveralls", "~> 0.8"
29
29
  spec.add_development_dependency "execjs", "~> 2.7"
30
- spec.add_development_dependency "fakefs", "~> 1.2"
31
- spec.add_development_dependency "pre-commit", "~> 0.39"
30
+ spec.add_development_dependency "fakefs", "~> 1.3"
32
31
  spec.add_development_dependency "rake", "~> 13.0"
33
- spec.add_development_dependency "rspec", "~> 3.9"
34
- spec.add_development_dependency "rubocop", "~> 0.88"
35
- spec.add_development_dependency "rubocop-performance", "~> 1.7"
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency "standard", "~> 1.0"
36
34
  spec.add_development_dependency "timecop", "~> 0.9"
37
35
  spec.add_development_dependency "vcr", "~> 6.0"
38
- spec.add_development_dependency "webmock", "~> 3.8"
36
+ spec.add_development_dependency "webmock", "~> 3.12"
39
37
 
40
38
  spec.add_dependency "active_model_serializers", "~> 0.10"
41
- spec.add_dependency "activerecord", "~> 6.0"
39
+ spec.add_dependency "activerecord", "~> 6.1"
42
40
  spec.add_dependency "addressable", "~> 2.7"
43
41
  spec.add_dependency "binaryedge", "~> 0.1"
44
42
  spec.add_dependency "censu", "~> 0.2"
@@ -46,14 +44,14 @@ Gem::Specification.new do |spec|
46
44
  spec.add_dependency "dnpedia", "~> 0.1"
47
45
  spec.add_dependency "dnstwister", "~> 0.1"
48
46
  spec.add_dependency "email_address", "~> 0.1"
49
- spec.add_dependency "hachi", "~> 0.3"
47
+ spec.add_dependency "hachi", "~> 1.0"
50
48
  spec.add_dependency "mem", "~> 0.1"
51
49
  spec.add_dependency "misp", "~> 0.1"
52
50
  spec.add_dependency "murmurhash3", "~> 0.1"
53
51
  spec.add_dependency "net-ping", "~> 2.0"
54
52
  spec.add_dependency "onyphe", "~> 2.0"
55
53
  spec.add_dependency "otx_ruby", "~> 0.9"
56
- spec.add_dependency "parallel", "~> 1.19"
54
+ spec.add_dependency "parallel", "~> 1.20"
57
55
  spec.add_dependency "passive_circl", "~> 0.1"
58
56
  spec.add_dependency "passivetotalx", "~> 0.1"
59
57
  spec.add_dependency "pg", "~> 1.2"
@@ -64,8 +62,9 @@ Gem::Specification.new do |spec|
64
62
  spec.add_dependency "slack-notifier", "~> 2.3"
65
63
  spec.add_dependency "spysex", "~> 0.1"
66
64
  spec.add_dependency "sqlite3", "~> 1.4"
67
- spec.add_dependency "thor", "~> 1.0"
68
- spec.add_dependency "urlscan", "~> 0.5"
65
+ spec.add_dependency "thor", "~> 1.1"
66
+ spec.add_dependency "thread_safe", "~> 0.3"
67
+ spec.add_dependency "urlscan", "~> 0.6"
69
68
  spec.add_dependency "virustotalx", "~> 1.1"
70
69
  spec.add_dependency "zoomeye-rb", "~> 0.1"
71
70
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-08-30 00:00:00.000000000 Z
11
+ date: 2021-03-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '2.1'
19
+ version: '2.2'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '2.1'
26
+ version: '2.2'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: coveralls
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.2'
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '1.2'
69
- - !ruby/object:Gem::Dependency
70
- name: pre-commit
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "~>"
74
- - !ruby/object:Gem::Version
75
- version: '0.39'
61
+ version: '1.3'
76
62
  type: :development
77
63
  prerelease: false
78
64
  version_requirements: !ruby/object:Gem::Requirement
79
65
  requirements:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
- version: '0.39'
68
+ version: '1.3'
83
69
  - !ruby/object:Gem::Dependency
84
70
  name: rake
85
71
  requirement: !ruby/object:Gem::Requirement
@@ -100,42 +86,28 @@ dependencies:
100
86
  requirements:
101
87
  - - "~>"
102
88
  - !ruby/object:Gem::Version
103
- version: '3.9'
89
+ version: '3.10'
104
90
  type: :development
105
91
  prerelease: false
106
92
  version_requirements: !ruby/object:Gem::Requirement
107
93
  requirements:
108
94
  - - "~>"
109
95
  - !ruby/object:Gem::Version
110
- version: '3.9'
96
+ version: '3.10'
111
97
  - !ruby/object:Gem::Dependency
112
- name: rubocop
98
+ name: standard
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
101
  - - "~>"
116
102
  - !ruby/object:Gem::Version
117
- version: '0.88'
118
- type: :development
119
- prerelease: false
120
- version_requirements: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - "~>"
123
- - !ruby/object:Gem::Version
124
- version: '0.88'
125
- - !ruby/object:Gem::Dependency
126
- name: rubocop-performance
127
- requirement: !ruby/object:Gem::Requirement
128
- requirements:
129
- - - "~>"
130
- - !ruby/object:Gem::Version
131
- version: '1.7'
103
+ version: '1.0'
132
104
  type: :development
133
105
  prerelease: false
134
106
  version_requirements: !ruby/object:Gem::Requirement
135
107
  requirements:
136
108
  - - "~>"
137
109
  - !ruby/object:Gem::Version
138
- version: '1.7'
110
+ version: '1.0'
139
111
  - !ruby/object:Gem::Dependency
140
112
  name: timecop
141
113
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +142,14 @@ dependencies:
170
142
  requirements:
171
143
  - - "~>"
172
144
  - !ruby/object:Gem::Version
173
- version: '3.8'
145
+ version: '3.12'
174
146
  type: :development
175
147
  prerelease: false
176
148
  version_requirements: !ruby/object:Gem::Requirement
177
149
  requirements:
178
150
  - - "~>"
179
151
  - !ruby/object:Gem::Version
180
- version: '3.8'
152
+ version: '3.12'
181
153
  - !ruby/object:Gem::Dependency
182
154
  name: active_model_serializers
183
155
  requirement: !ruby/object:Gem::Requirement
@@ -198,14 +170,14 @@ dependencies:
198
170
  requirements:
199
171
  - - "~>"
200
172
  - !ruby/object:Gem::Version
201
- version: '6.0'
173
+ version: '6.1'
202
174
  type: :runtime
203
175
  prerelease: false
204
176
  version_requirements: !ruby/object:Gem::Requirement
205
177
  requirements:
206
178
  - - "~>"
207
179
  - !ruby/object:Gem::Version
208
- version: '6.0'
180
+ version: '6.1'
209
181
  - !ruby/object:Gem::Dependency
210
182
  name: addressable
211
183
  requirement: !ruby/object:Gem::Requirement
@@ -310,14 +282,14 @@ dependencies:
310
282
  requirements:
311
283
  - - "~>"
312
284
  - !ruby/object:Gem::Version
313
- version: '0.3'
285
+ version: '1.0'
314
286
  type: :runtime
315
287
  prerelease: false
316
288
  version_requirements: !ruby/object:Gem::Requirement
317
289
  requirements:
318
290
  - - "~>"
319
291
  - !ruby/object:Gem::Version
320
- version: '0.3'
292
+ version: '1.0'
321
293
  - !ruby/object:Gem::Dependency
322
294
  name: mem
323
295
  requirement: !ruby/object:Gem::Requirement
@@ -408,14 +380,14 @@ dependencies:
408
380
  requirements:
409
381
  - - "~>"
410
382
  - !ruby/object:Gem::Version
411
- version: '1.19'
383
+ version: '1.20'
412
384
  type: :runtime
413
385
  prerelease: false
414
386
  version_requirements: !ruby/object:Gem::Requirement
415
387
  requirements:
416
388
  - - "~>"
417
389
  - !ruby/object:Gem::Version
418
- version: '1.19'
390
+ version: '1.20'
419
391
  - !ruby/object:Gem::Dependency
420
392
  name: passive_circl
421
393
  requirement: !ruby/object:Gem::Requirement
@@ -562,28 +534,42 @@ dependencies:
562
534
  requirements:
563
535
  - - "~>"
564
536
  - !ruby/object:Gem::Version
565
- version: '1.0'
537
+ version: '1.1'
566
538
  type: :runtime
567
539
  prerelease: false
568
540
  version_requirements: !ruby/object:Gem::Requirement
569
541
  requirements:
570
542
  - - "~>"
571
543
  - !ruby/object:Gem::Version
572
- version: '1.0'
544
+ version: '1.1'
545
+ - !ruby/object:Gem::Dependency
546
+ name: thread_safe
547
+ requirement: !ruby/object:Gem::Requirement
548
+ requirements:
549
+ - - "~>"
550
+ - !ruby/object:Gem::Version
551
+ version: '0.3'
552
+ type: :runtime
553
+ prerelease: false
554
+ version_requirements: !ruby/object:Gem::Requirement
555
+ requirements:
556
+ - - "~>"
557
+ - !ruby/object:Gem::Version
558
+ version: '0.3'
573
559
  - !ruby/object:Gem::Dependency
574
560
  name: urlscan
575
561
  requirement: !ruby/object:Gem::Requirement
576
562
  requirements:
577
563
  - - "~>"
578
564
  - !ruby/object:Gem::Version
579
- version: '0.5'
565
+ version: '0.6'
580
566
  type: :runtime
581
567
  prerelease: false
582
568
  version_requirements: !ruby/object:Gem::Requirement
583
569
  requirements:
584
570
  - - "~>"
585
571
  - !ruby/object:Gem::Version
586
- version: '0.5'
572
+ version: '0.6'
587
573
  - !ruby/object:Gem::Dependency
588
574
  name: virustotalx
589
575
  requirement: !ruby/object:Gem::Requirement
@@ -620,10 +606,10 @@ executables:
620
606
  extensions: []
621
607
  extra_rdoc_files: []
622
608
  files:
609
+ - ".github/workflows/test.yml"
623
610
  - ".gitignore"
624
611
  - ".rspec"
625
612
  - ".rubocop.yml"
626
- - ".travis.yml"
627
613
  - Gemfile
628
614
  - LICENSE
629
615
  - README.md
@@ -634,6 +620,11 @@ files:
634
620
  - docker/Dockerfile
635
621
  - examples/ipinfo_hosted_domains.rb
636
622
  - exe/mihari
623
+ - images/alert.png
624
+ - images/eyecatch.png
625
+ - images/logo.png
626
+ - images/misp.png
627
+ - images/slack.png
637
628
  - lib/mihari.rb
638
629
  - lib/mihari/alert_viewer.rb
639
630
  - lib/mihari/analyzers/base.rb
@@ -690,10 +681,6 @@ files:
690
681
  - lib/mihari/version.rb
691
682
  - mihari.gemspec
692
683
  - renovate.json
693
- - screenshots/alert.png
694
- - screenshots/eyecatch.png
695
- - screenshots/misp.png
696
- - screenshots/slack.png
697
684
  homepage: https://github.com/ninoseki/mihari
698
685
  licenses:
699
686
  - MIT
@@ -713,7 +700,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
713
700
  - !ruby/object:Gem::Version
714
701
  version: '0'
715
702
  requirements: []
716
- rubygems_version: 3.1.2
703
+ rubygems_version: 3.2.3
717
704
  signing_key:
718
705
  specification_version: 4
719
706
  summary: A framework for continuous malicious hosts monitoring.
data/.travis.yml DELETED
@@ -1,13 +0,0 @@
1
- ---
2
- language: ruby
3
- cache: bundler
4
- services:
5
- - postgresql
6
- rvm:
7
- - 2.6
8
- - 2.7
9
- env:
10
- - DATABASE=":memory:"
11
- - DATABASE="postgresql://postgres@0.0.0.0:5432/travis_ci_test"
12
- before_install: gem install bundler -v 2.1
13
- before_script: psql -c 'create database travis_ci_test;' -U postgres