mihari 1.4.1 → 1.5.0

data/lib/mihari/analyzers/virustotal.rb

@@ -5,12 +5,7 @@ require "virustotal"
 module Mihari
   module Analyzers
     class VirusTotal < Base
-      attr_reader :indicator
-      attr_reader :type
-
-      attr_reader :title
-      attr_reader :description
-      attr_reader :tags
+      attr_reader :indicator, :type, :title, :description, :tags
 
       def initialize(indicator, title: nil, description: nil, tags: [])
         super()
@@ -30,7 +25,7 @@ module Mihari
       private
 
       def config_keys
-        %w(virustotal_api_key)
+        %w[virustotal_api_key]
       end
 
       def api
@@ -38,7 +33,7 @@ module Mihari
       end
 
       def valid_type?
-        %w(ip domain).include? type
+        %w[ip domain].include? type
       end
 
       def lookup
@@ -48,14 +43,14 @@ module Mihari
         when "ip"
           ip_lookup
         else
-          raise InvalidInputError, "#{indicator}(type: #{type || 'unknown'}) is not supported." unless valid_type?
+          raise InvalidInputError, "#{indicator}(type: #{type || "unknown"}) is not supported." unless valid_type?
         end
       end
 
       def domain_lookup
         res = api.domain.resolutions(indicator)
 
-        data = res.dig("data") || []
+        data = res["data"] || []
         data.map do |item|
           item.dig("attributes", "ip_address")
         end.compact.uniq
@@ -64,7 +59,7 @@ module Mihari
       def ip_lookup
         res = api.ip_address.resolutions(indicator)
 
-        data = res.dig("data") || []
+        data = res["data"] || []
         data.map do |item|
           item.dig("attributes", "host_name")
         end.compact.uniq

data/lib/mihari/analyzers/zoomeye.rb

@@ -5,11 +5,7 @@ require "zoomeye"
 module Mihari
   module Analyzers
     class ZoomEye < Base
-      attr_reader :title
-      attr_reader :description
-      attr_reader :query
-      attr_reader :tags
-      attr_reader :type
+      attr_reader :title, :description, :query, :tags, :type
 
       def initialize(query, title: nil, description: nil, tags: [], type: "host")
         super()
@@ -37,11 +33,11 @@ module Mihari
       PAGE_SIZE = 10
 
       def valid_type?
-        %w(host web).include? type
+        %w[host web].include? type
       end
 
       def config_keys
-        %w(zoomeye_password zoomeye_username)
+        %w[zoomeye_password zoomeye_username]
       end
 
       def api
@@ -50,9 +46,9 @@ module Mihari
 
       def convert_responses(responses)
         responses.map do |res|
-          matches = res.dig("matches") || []
+          matches = res["matches"] || []
           matches.map do |match|
-            match.dig "ip"
+            match["ip"]
           end
         end.flatten.compact.uniq
       end
@@ -69,7 +65,7 @@ module Mihari
           res = _host_lookup(query, page: page)
           break unless res
 
-          total = res.dig("total").to_i
+          total = res["total"].to_i
           responses << res
           break if total <= page * PAGE_SIZE
         end
@@ -88,7 +84,7 @@ module Mihari
           res = _web_lookup(query, page: page)
           break unless res
 
-          total = res.dig("total").to_i
+          total = res["total"].to_i
           responses << res
           break if total <= page * PAGE_SIZE
         end

data/lib/mihari/cli.rb

@@ -259,16 +259,16 @@ module Mihari
     desc "import_from_json", "Give a JSON input via STDIN"
     def import_from_json(input = nil)
       with_error_handling do
-        json = input || STDIN.gets.chomp
+        json = input || $stdin.gets.chomp
         raise ArgumentError, "Input not found: please give an input in a JSON format" unless json
 
         json = parse_as_json(json)
         raise ArgumentError, "Invalid input format: an input JSON data should have title, description and artifacts key" unless valid_json?(json)
 
-        title = json.dig("title")
-        description = json.dig("description")
-        artifacts = json.dig("artifacts")
-        tags = json.dig("tags") || []
+        title = json["title"]
+        description = json["description"]
+        artifacts = json["artifacts"]
+        tags = json["tags"] || []
 
         basic = Analyzers::Basic.new(title: title, description: description, artifacts: artifacts, source: "json", tags: tags)
         basic.run
@@ -302,7 +302,7 @@ module Mihari
     no_commands do
       def with_error_handling
         yield
-      rescue StandardError => e
+      rescue => e
         notifier = Notifiers::ExceptionNotifier.new
         notifier.notify e
       end
@@ -315,7 +315,7 @@ module Mihari
 
       # @return [true, false]
       def valid_json?(json)
-        %w(title description artifacts).all? { |key| json.key? key }
+        %w[title description artifacts].all? { |key| json.key? key }
       end
 
       def load_configuration

data/lib/mihari/config.rb

@@ -4,31 +4,7 @@ require "yaml"
 
 module Mihari
   class Config
-    attr_accessor :binaryedge_api_key
-    attr_accessor :censys_id
-    attr_accessor :censys_secret
-    attr_accessor :circl_passive_password
-    attr_accessor :circl_passive_username
-    attr_accessor :misp_api_endpoint
-    attr_accessor :misp_api_key
-    attr_accessor :onyphe_api_key
-    attr_accessor :otx_api_key
-    attr_accessor :passivetotal_api_key
-    attr_accessor :passivetotal_username
-    attr_accessor :pulsedive_api_key
-    attr_accessor :securitytrails_api_key
-    attr_accessor :shodan_api_key
-    attr_accessor :slack_channel
-    attr_accessor :slack_webhook_url
-    attr_accessor :spyse_api_key
-    attr_accessor :thehive_api_endpoint
-    attr_accessor :thehive_api_key
-    attr_accessor :urlscan_api_key
-    attr_accessor :virustotal_api_key
-    attr_accessor :zoomeye_password
-    attr_accessor :zoomeye_username
-
-    attr_accessor :database
+    attr_accessor :binaryedge_api_key, :censys_id, :censys_secret, :circl_passive_password, :circl_passive_username, :misp_api_endpoint, :misp_api_key, :onyphe_api_key, :otx_api_key, :passivetotal_api_key, :passivetotal_username, :pulsedive_api_key, :securitytrails_api_key, :shodan_api_key, :slack_channel, :slack_webhook_url, :spyse_api_key, :thehive_api_endpoint, :thehive_api_key, :urlscan_api_key, :virustotal_api_key, :zoomeye_password, :zoomeye_username, :database
 
     def initialize
       load_from_env

data/lib/mihari/database.rb

@@ -54,7 +54,7 @@ module Mihari
 
         ActiveRecord::Migration.verbose = false
         InitialSchema.migrate(:up)
-      rescue StandardError
+      rescue
         # Do nothing
       end
 

data/lib/mihari/emitters/misp.rb

@@ -7,6 +7,8 @@ module Mihari
   module Emitters
     class MISP < Base
       def initialize
+        super()
+
         ::MISP.configure do |config|
           config.api_endpoint = Mihari.config.misp_api_endpoint
           config.api_key = Mihari.config.misp_api_key
@@ -35,7 +37,7 @@ module Mihari
       private
 
       def config_keys
-        %w(misp_api_endpoint misp_api_key)
+        %w[misp_api_endpoint misp_api_key]
       end
 
       def build_attribute(artifact)
@@ -61,7 +63,7 @@ module Mihari
           ip: "ip-dst",
           mail: "email-dst",
           url: "url",
-          domain: "domain",
+          domain: "domain"
         }
         return table[type] if table.key?(type)
 

data/lib/mihari/emitters/slack.rb

@@ -19,25 +19,31 @@ module Mihari
       end
 
       def actions
-        [vt_link, urlscan_link, censys_link].compact
+        [vt_link, urlscan_link, censys_link, shodan_link].compact
       end
 
       def vt_link
         return nil unless _vt_link
 
-        { type: "button", text: "Lookup on VirusTotal", url: _vt_link, }
+        { type: "button", text: "VirusTotal", url: _vt_link }
       end
 
       def urlscan_link
         return nil unless _urlscan_link
 
-        { type: "button", text: "Lookup on urlscan.io", url: _urlscan_link, }
+        { type: "button", text: "urlscan.io", url: _urlscan_link }
       end
 
       def censys_link
         return nil unless _censys_link
 
-        { type: "button", text: "Lookup on Censys", url: _censys_link, }
+        { type: "button", text: "Censys", url: _censys_link }
+      end
+
+      def shodan_link
+        return nil unless _shodan_link
+
+        { type: "button", text: "Shodan", url: _shodan_link }
       end
 
       # @return [Array]
@@ -89,6 +95,11 @@ module Mihari
       end
       memoize :_censys_link
 
+      def _shodan_link
+        data_type == "ip" ? "https://www.shodan.io/host/#{data}" : nil
+      end
+      memoize :_shodan_link
+
       # @return [String]
       def sha256
         Digest::SHA256.hexdigest data
@@ -96,7 +107,7 @@ module Mihari
 
       # @return [String]
       def defanged_data
-        @defanged_data ||= data.to_s.gsub /\./, "[.]"
+        @defanged_data ||= data.to_s.gsub(/\./, "[.]")
       end
     end
 
@@ -121,7 +132,7 @@ module Mihari
         [
           "*#{title}*",
           "*Desc.*: #{description}",
-          "*Tags*: #{tags.join(', ')}",
+          "*Tags*: #{tags.join(', ')}"
         ].join("\n")
       end
 
@@ -137,7 +148,7 @@ module Mihari
       private
 
       def config_keys
-        %w(slack_webhook_url)
+        %w[slack_webhook_url]
       end
     end
   end

data/lib/mihari/emitters/the_hive.rb

@@ -17,7 +17,7 @@ module Mihari
         api.alert.create(
           title: title,
           description: description,
-          artifacts: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          artifacts: artifacts.map { |artifact| {data: artifact.data, data_type: artifact.data_type, message: description} },
           tags: tags,
           type: "external",
           source: "mihari"
@@ -27,7 +27,7 @@ module Mihari
       private
 
       def config_keys
-        %w(thehive_api_endpoint thehive_api_key)
+        %w[thehive_api_endpoint thehive_api_key]
       end
 
       def api

data/lib/mihari/errors.rb

@@ -2,6 +2,8 @@
 
 module Mihari
   class Error < StandardError; end
+
   class InvalidInputError < Error; end
+
   class RetryableError < Error; end
 end

data/lib/mihari/models/artifact.rb

@@ -6,7 +6,7 @@ class ArtifactValidator < ActiveModel::Validator
   def validate(record)
     return if record.data_type
 
-    record.errors[:data] << "#{record.data} is not supported"
+    record.errors.add :data, "#{record.data} is not supported"
   end
 end
 

data/lib/mihari/notifiers/exception_notifier.rb

@@ -19,7 +19,7 @@ module Mihari
       def notify(exception)
         notify_to_stdout exception
 
-        clean_message = exception.message.tr('`', "'")
+        clean_message = exception.message.tr("`", "'")
         attachments = to_attachments(exception, clean_message)
         notify_to_slack(text: clean_message, attachments: attachments) if @slack.valid?
       end
@@ -51,20 +51,20 @@ module Mihari
 
       def to_fields(clean_message, backtrace)
         fields = [
-          { title: "Exception", value: clean_message },
-          { title: "Hostname", value: hostname }
+          {title: "Exception", value: clean_message},
+          {title: "Hostname", value: hostname}
         ]
 
         if backtrace
           formatted_backtrace = format_backtrace(backtrace)
-          fields << { title: "Backtrace", value: formatted_backtrace }
+          fields << {title: "Backtrace", value: formatted_backtrace}
         end
         fields
       end
 
       def hostname
         Socket.gethostname
-      rescue StandardError => _e
+      rescue => _e
         "N/A"
       end
 

data/lib/mihari/status.rb

@@ -36,7 +36,7 @@ module Mihari
       status = instance.configured?
       message = instance.configuration_status
 
-      message ? { status: status, message: message } : nil
+      message ? {status: status, message: message} : nil
     rescue ArgumentError => _e
       nil
     end

data/lib/mihari/type_checker.rb

@@ -80,22 +80,22 @@ module Mihari
 
     # @return [true, false]
     def md5?
-      data.match? /^[A-Fa-f0-9]{32}$/
+      data.match?(/^[A-Fa-f0-9]{32}$/)
     end
 
     # @return [true, false]
     def sha1?
-      data.match? /^[A-Fa-f0-9]{40}$/
+      data.match?(/^[A-Fa-f0-9]{40}$/)
     end
 
     # @return [true, false]
     def sha256?
-      data.match? /^[A-Fa-f0-9]{64}$/
+      data.match?(/^[A-Fa-f0-9]{64}$/)
     end
 
     # @return [true, false]
     def sha512?
-      data.match? /^[A-Fa-f0-9]{128}$/
+      data.match?(/^[A-Fa-f0-9]{128}$/)
     end
   end
 end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "1.4.1"
+  VERSION = "1.5.0"
 end

data/mihari.gemspec

@@ -1,41 +1,39 @@
 # frozen_string_literal: true
 
-lib = File.expand_path('lib', __dir__)
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "mihari/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = "mihari"
-  spec.version       = Mihari::VERSION
-  spec.authors       = ["Manabu Niseki"]
-  spec.email         = ["manabu.niseki@gmail.com"]
+  spec.name = "mihari"
+  spec.version = Mihari::VERSION
+  spec.authors = ["Manabu Niseki"]
+  spec.email = ["manabu.niseki@gmail.com"]
 
-  spec.summary       = "A framework for continuous malicious hosts monitoring."
-  spec.description   = "A framework for continuous malicious hosts monitoring."
-  spec.homepage      = "https://github.com/ninoseki/mihari"
-  spec.license       = "MIT"
+  spec.summary = "A framework for continuous malicious hosts monitoring."
+  spec.description = "A framework for continuous malicious hosts monitoring."
+  spec.homepage = "https://github.com/ninoseki/mihari"
+  spec.license = "MIT"
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "bundler", "~> 2.2"
   spec.add_development_dependency "coveralls", "~> 0.8"
   spec.add_development_dependency "execjs", "~> 2.7"
-  spec.add_development_dependency "fakefs", "~> 1.2"
-  spec.add_development_dependency "pre-commit", "~> 0.39"
+  spec.add_development_dependency "fakefs", "~> 1.3"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.10"
-  spec.add_development_dependency "rubocop", "~> 1.6.0"
-  spec.add_development_dependency "rubocop-performance", "~> 1.9"
+  spec.add_development_dependency "standard", "~> 1.0"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.0"
-  spec.add_development_dependency "webmock", "~> 3.10"
+  spec.add_development_dependency "webmock", "~> 3.12"
 
   spec.add_dependency "active_model_serializers", "~> 0.10"
   spec.add_dependency "activerecord", "~> 6.1"
@@ -64,7 +62,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "slack-notifier", "~> 2.3"
   spec.add_dependency "spysex", "~> 0.1"
   spec.add_dependency "sqlite3", "~> 1.4"
-  spec.add_dependency "thor", "~> 1.0"
+  spec.add_dependency "thor", "~> 1.1"
   spec.add_dependency "thread_safe", "~> 0.3"
   spec.add_dependency "urlscan", "~> 0.6"
   spec.add_dependency "virustotalx", "~> 1.1"