mihari 1.3.2 → 2.0.0

data/lib/mihari.rb

@@ -79,8 +79,8 @@ require "mihari/emitters/slack"
 require "mihari/emitters/stdout"
 require "mihari/emitters/the_hive"
 
-require "mihari/alert_viewer"
-
 require "mihari/status"
 
+require "mihari/web/app"
+
 require "mihari/cli"

data/lib/mihari/analyzers/base.rb

@@ -42,7 +42,7 @@ module Mihari
 
       def run_emitter(emitter)
         emitter.run(title: title, description: description, artifacts: unique_artifacts, source: source, tags: tags)
-      rescue StandardError => e
+      rescue => e
         puts "Emission by #{emitter.class} is failed: #{e}"
       end
 

data/lib/mihari/analyzers/basic.rb

@@ -4,12 +4,11 @@ module Mihari
   module Analyzers
     class Basic < Base
       attr_accessor :title
-      attr_reader :description
-      attr_reader :artifacts
-      attr_reader :source
-      attr_reader :tags
+      attr_reader :description, :artifacts, :source, :tags
 
       def initialize(title:, description:, artifacts:, source:, tags: [])
+        super()
+
         @title = title
         @description = description
         @artifacts = artifacts

data/lib/mihari/analyzers/binaryedge.rb

@@ -5,10 +5,7 @@ require "binaryedge"
 module Mihari
   module Analyzers
     class BinaryEdge < Base
-      attr_reader :title
-      attr_reader :description
-      attr_reader :query
-      attr_reader :tags
+      attr_reader :title, :description, :query, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -24,7 +21,7 @@ module Mihari
         return [] unless results || results.empty?
 
         results.map do |result|
-          events = result.dig("events") || []
+          events = result["events"] || []
           events.map do |event|
             event.dig "target", "ip"
           end.compact
@@ -47,7 +44,7 @@ module Mihari
         responses = []
         (1..Float::INFINITY).each do |page|
           res = search_with_page(query, page: page)
-          total = res.dig("total").to_i
+          total = res["total"].to_i
 
           responses << res
           break if total <= page * PAGE_SIZE
@@ -56,7 +53,7 @@ module Mihari
       end
 
       def config_keys
-        %w(binaryedge_api_key)
+        %w[binaryedge_api_key]
       end
 
       def api

data/lib/mihari/analyzers/censys.rb

@@ -5,11 +5,7 @@ require "censu"
 module Mihari
   module Analyzers
     class Censys < Base
-      attr_reader :title
-      attr_reader :description
-      attr_reader :query
-      attr_reader :tags
-      attr_reader :type
+      attr_reader :title, :description, :query, :tags, :type
 
       def initialize(query, title: nil, description: nil, tags: [], type: "ipv4")
         super()
@@ -37,7 +33,7 @@ module Mihari
       private
 
       def valid_type?
-        %w(ipv4 websites certificates).include? type
+        %w[ipv4 websites certificates].include? type
       end
 
       def normalize(domain)
@@ -86,7 +82,7 @@ module Mihari
       end
 
       def config_keys
-        %w(censys_id censys_secret)
+        %w[censys_id censys_secret]
       end
 
       def api

data/lib/mihari/analyzers/circl.rb

@@ -5,9 +5,7 @@ require "passive_circl"
 module Mihari
   module Analyzers
     class CIRCL < Base
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :title, :description, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -27,7 +25,7 @@ module Mihari
       private
 
       def config_keys
-        %w(circl_passive_password circl_passive_username)
+        %w[circl_passive_password circl_passive_username]
       end
 
       def api
@@ -41,7 +39,7 @@ module Mihari
         when "hash"
           passive_ssl_lookup
         else
-          raise InvalidInputError, "#{@query}(type: #{@type || 'unknown'}) is not supported."
+          raise InvalidInputError, "#{@query}(type: #{@type || "unknown"}) is not supported."
         end
       end
 

data/lib/mihari/analyzers/crtsh.rb

@@ -5,11 +5,7 @@ require "crtsh"
 module Mihari
   module Analyzers
     class Crtsh < Base
-      attr_reader :title
-      attr_reader :description
-      attr_reader :query
-      attr_reader :tags
-      attr_reader :exclude_expired
+      attr_reader :title, :description, :query, :tags, :exclude_expired
 
       def initialize(query, title: nil, description: nil, tags: [], exclude_expired: nil)
         super()
@@ -24,7 +20,7 @@ module Mihari
 
       def artifacts
         results = search
-        name_values = results.map { |result| result.dig("name_value") }.compact
+        name_values = results.map { |result| result["name_value"] }.compact
         name_values.map(&:lines).flatten.uniq.map(&:chomp)
       end
 

data/lib/mihari/analyzers/dnpedia.rb

@@ -5,10 +5,7 @@ require "dnpedia"
 module Mihari
   module Analyzers
     class DNPedia < Base
-      attr_reader :query
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :title, :description, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -31,9 +28,9 @@ module Mihari
 
       def lookup
         res = api.search(query)
-        rows = res.dig("rows") || []
+        rows = res["rows"] || []
         rows.map do |row|
-          [row.dig("name"), row.dig("zoneid")].join(".")
+          [row["name"], row["zoneid"]].join(".")
         end
       end
     end

data/lib/mihari/analyzers/dnstwister.rb

@@ -7,12 +7,7 @@ require "parallel"
 module Mihari
   module Analyzers
     class DNSTwister < Base
-      attr_reader :query
-      attr_reader :type
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :type, :title, :description, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -47,11 +42,11 @@ module Mihari
       end
 
       def lookup
-        raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
 
         res = api.fuzz(query)
-        fuzzy_domains = res.dig("fuzzy_domains") || []
-        domains = fuzzy_domains.map { |domain| domain.dig("domain") }
+        fuzzy_domains = res["fuzzy_domains"] || []
+        domains = fuzzy_domains.map { |domain| domain["domain"] }
         Parallel.map(domains) do |domain|
           resolvable?(domain) ? domain : nil
         end.compact

data/lib/mihari/analyzers/free_text.rb

@@ -5,15 +5,11 @@ require "parallel"
 module Mihari
   module Analyzers
     class FreeText < Base
-      attr_reader :query
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :title, :description, :tags
 
       ANALYZERS = [
         Mihari::Analyzers::BinaryEdge,
-        Mihari::Analyzers::Censys,
+        Mihari::Analyzers::Censys
       ].freeze
 
       def initialize(query, title: nil, description: nil, tags: [])

data/lib/mihari/analyzers/http_hash.rb

@@ -5,15 +5,7 @@ require "parallel"
 module Mihari
   module Analyzers
     class HTTPHash < Base
-      attr_reader :md5
-      attr_reader :sha256
-      attr_reader :mmh3
-
-      attr_reader :html
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :md5, :sha256, :mmh3, :html, :title, :description, :tags
 
       def initialize(_query, md5: nil, sha256: nil, mmh3: nil, html: nil, title: nil, description: nil, tags: [])
         super()
@@ -57,7 +49,7 @@ module Mihari
         [
           md5 ? "md5:#{md5}" : nil,
           sha256 ? "sha256:#{sha256}" : nil,
-          mmh3 ? "mmh3:#{mmh3}" : nil,
+          mmh3 ? "mmh3:#{mmh3}" : nil
         ].compact.join(",")
       end
 
@@ -92,7 +84,7 @@ module Mihari
           binary_edge,
           censys,
           onyphe,
-          shodan,
+          shodan
         ].compact
       end
 

data/lib/mihari/analyzers/onyphe.rb

@@ -5,10 +5,7 @@ require "onyphe"
 module Mihari
   module Analyzers
     class Onyphe < Base
-      attr_reader :title
-      attr_reader :description
-      attr_reader :query
-      attr_reader :tags
+      attr_reader :title, :description, :query, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -35,7 +32,7 @@ module Mihari
       PAGE_SIZE = 10
 
       def config_keys
-        %w(onyphe_api_key)
+        %w[onyphe_api_key]
       end
 
       def api
@@ -51,7 +48,7 @@ module Mihari
         (1..Float::INFINITY).each do |page|
           res = search_with_page(query, page: page)
           responses << res
-          total = res.dig("total").to_i
+          total = res["total"].to_i
           break if total <= page * PAGE_SIZE
         end
         responses

data/lib/mihari/analyzers/otx.rb

@@ -5,12 +5,7 @@ require "otx_ruby"
 module Mihari
   module Analyzers
     class OTX < Base
-      attr_reader :query
-      attr_reader :type
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :type, :title, :description, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -30,7 +25,7 @@ module Mihari
       private
 
       def config_keys
-        %w(otx_api_key)
+        %w[otx_api_key]
       end
 
       def domain_client
@@ -42,7 +37,7 @@ module Mihari
       end
 
       def valid_type?
-        %w(ip domain).include? type
+        %w[ip domain].include? type
       end
 
       def lookup
@@ -52,7 +47,7 @@ module Mihari
         when "ip"
           ip_lookup
         else
-          raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
         end
       end
 

data/lib/mihari/analyzers/passive_dns.rb

@@ -5,12 +5,7 @@ require "parallel"
 module Mihari
   module Analyzers
     class PassiveDNS < Base
-      attr_reader :query
-      attr_reader :type
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :type, :title, :description, :tags
 
       ANALYZERS = [
         Mihari::Analyzers::CIRCL,
@@ -18,7 +13,7 @@ module Mihari
         Mihari::Analyzers::PassiveTotal,
         Mihari::Analyzers::Pulsedive,
         Mihari::Analyzers::SecurityTrails,
-        Mihari::Analyzers::VirusTotal,
+        Mihari::Analyzers::VirusTotal
       ].freeze
 
       def initialize(query, title: nil, description: nil, tags: [])
@@ -41,11 +36,11 @@ module Mihari
       private
 
       def valid_type?
-        %w(ip domain).include? type
+        %w[ip domain].include? type
       end
 
       def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
 
         ANALYZERS.map do |klass|
           klass.new(query)

data/lib/mihari/analyzers/passive_ssl.rb

@@ -5,16 +5,11 @@ require "parallel"
 module Mihari
   module Analyzers
     class PassiveSSL < Base
-      attr_reader :query
-      attr_reader :type
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :type, :title, :description, :tags
 
       ANALYZERS = [
         Mihari::Analyzers::CIRCL,
-        Mihari::Analyzers::PassiveTotal,
+        Mihari::Analyzers::PassiveTotal
       ].freeze
 
       def initialize(query, title: nil, description: nil, tags: [])
@@ -37,11 +32,11 @@ module Mihari
       private
 
       def valid_type?
-        %w(sha1).include? type
+        %w[sha1].include? type
       end
 
       def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
 
         ANALYZERS.map do |klass|
           klass.new(query)

data/lib/mihari/analyzers/passivetotal.rb

@@ -5,12 +5,7 @@ require "passivetotal"
 module Mihari
   module Analyzers
     class PassiveTotal < Base
-      attr_reader :query
-      attr_reader :type
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :query, :type, :title, :description, :tags
 
       def initialize(query, title: nil, description: nil, tags: [])
         super()
@@ -30,7 +25,7 @@ module Mihari
       private
 
       def config_keys
-        %w(passivetotal_username passivetotal_api_key)
+        %w[passivetotal_username passivetotal_api_key]
       end
 
       def api
@@ -38,7 +33,7 @@ module Mihari
       end
 
       def valid_type?
-        %w(ip domain mail).include? type
+        %w[ip domain mail].include? type
       end
 
       def lookup
@@ -52,28 +47,28 @@ module Mihari
         when "hash"
           ssl_lookup
         else
-          raise InvalidInputError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
         end
       end
 
       def passive_dns_lookup
         res = api.dns.passive_unique(query)
-        res.dig("results") || []
+        res["results"] || []
       end
 
       def reverse_whois_lookup
         res = api.whois.search(query: query, field: "email")
-        results = res.dig("results") || []
+        results = res["results"] || []
         results.map do |result|
-          result.dig("domain")
+          result["domain"]
         end.flatten.compact.uniq
       end
 
       def ssl_lookup
         res = api.ssl.history(query)
-        results = res.dig("results") || []
+        results = res["results"] || []
         results.map do |result|
-          result.dig("ipAddresses")
+          result["ipAddresses"]
         end.flatten.compact.uniq
       end
     end