RubyGems - mihari - Versions diffs - 1.4.1 → 2.2.0 - Mend

mihari 1.4.1 → 2.2.0

Files changed (120) hide show

checksums.yaml +4 -4
data/.github/ISSUE_TEMPLATE/bug_report.md +43 -0
data/.github/ISSUE_TEMPLATE/feature_request.md +15 -0
data/.github/workflows/test.yml +68 -0
data/.rubocop.yml +6 -0
data/.standard.yml +4 -0
data/README.md +24 -270
data/Rakefile +1 -0
data/bin/console +1 -0
data/build_frontend.sh +14 -0
data/docker/Dockerfile +5 -3
data/examples/ipinfo_hosted_domains.rb +1 -1
data/{screenshots → images}/alert.png +0 -0
data/images/logo.png +0 -0
data/{screenshots → images}/misp.png +0 -0
data/{screenshots/eyecatch.png → images/overview.png} +0 -0
data/{screenshots → images}/slack.png +0 -0
data/images/web_alerts.png +0 -0
data/images/web_config.png +0 -0
data/lib/mihari.rb +2 -2
data/lib/mihari/analyzers/base.rb +10 -1
data/lib/mihari/analyzers/basic.rb +3 -4
data/lib/mihari/analyzers/binaryedge.rb +4 -7
data/lib/mihari/analyzers/censys.rb +3 -7
data/lib/mihari/analyzers/circl.rb +6 -8
data/lib/mihari/analyzers/crtsh.rb +2 -6
data/lib/mihari/analyzers/dnpedia.rb +3 -6
data/lib/mihari/analyzers/dnstwister.rb +4 -9
data/lib/mihari/analyzers/free_text.rb +2 -6
data/lib/mihari/analyzers/http_hash.rb +3 -11
data/lib/mihari/analyzers/onyphe.rb +5 -8
data/lib/mihari/analyzers/otx.rb +4 -9
data/lib/mihari/analyzers/passive_dns.rb +4 -9
data/lib/mihari/analyzers/passive_ssl.rb +4 -9
data/lib/mihari/analyzers/passivetotal.rb +9 -14
data/lib/mihari/analyzers/pulsedive.rb +7 -12
data/lib/mihari/analyzers/reverse_whois.rb +4 -9
data/lib/mihari/analyzers/securitytrails.rb +12 -17
data/lib/mihari/analyzers/securitytrails_domain_feed.rb +3 -7
data/lib/mihari/analyzers/shodan.rb +9 -8
data/lib/mihari/analyzers/spyse.rb +6 -11
data/lib/mihari/analyzers/ssh_fingerprint.rb +2 -6
data/lib/mihari/analyzers/urlscan.rb +4 -12
data/lib/mihari/analyzers/virustotal.rb +6 -11
data/lib/mihari/analyzers/zoomeye.rb +7 -11
data/lib/mihari/cli.rb +70 -300
data/lib/mihari/commands/binaryedge.rb +21 -0
data/lib/mihari/commands/censys.rb +22 -0
data/lib/mihari/commands/circl.rb +21 -0
data/lib/mihari/commands/config.rb +27 -0
data/lib/mihari/commands/crtsh.rb +22 -0
data/lib/mihari/commands/dnpedia.rb +21 -0
data/lib/mihari/commands/dnstwister.rb +21 -0
data/lib/mihari/commands/free_text.rb +21 -0
data/lib/mihari/commands/http_hash.rb +25 -0
data/lib/mihari/commands/json.rb +42 -0
data/lib/mihari/commands/onyphe.rb +21 -0
data/lib/mihari/commands/otx.rb +21 -0
data/lib/mihari/commands/passive_dns.rb +21 -0
data/lib/mihari/commands/passive_ssl.rb +21 -0
data/lib/mihari/commands/passivetotal.rb +21 -0
data/lib/mihari/commands/pulsedive.rb +21 -0
data/lib/mihari/commands/reverse_whois.rb +21 -0
data/lib/mihari/commands/securitytrails.rb +22 -0
data/lib/mihari/commands/securitytrails_domain_feed.rb +23 -0
data/lib/mihari/commands/shodan.rb +21 -0
data/lib/mihari/commands/spyse.rb +22 -0
data/lib/mihari/commands/ssh_fingerprint.rb +21 -0
data/lib/mihari/commands/urlscan.rb +25 -0
data/lib/mihari/commands/virustotal.rb +21 -0
data/lib/mihari/commands/web.rb +22 -0
data/lib/mihari/commands/zoomeye.rb +22 -0
data/lib/mihari/config.rb +13 -25
data/lib/mihari/configurable.rb +4 -5
data/lib/mihari/database.rb +7 -1
data/lib/mihari/emitters/misp.rb +4 -2
data/lib/mihari/emitters/slack.rb +18 -7
data/lib/mihari/emitters/the_hive.rb +1 -1
data/lib/mihari/errors.rb +2 -0
data/lib/mihari/models/alert.rb +51 -0
data/lib/mihari/models/artifact.rb +14 -3
data/lib/mihari/notifiers/exception_notifier.rb +1 -1
data/lib/mihari/serializers/alert.rb +1 -1
data/lib/mihari/serializers/artifact.rb +1 -1
data/lib/mihari/serializers/tag.rb +1 -1
data/lib/mihari/status.rb +6 -14
data/lib/mihari/type_checker.rb +4 -4
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/app.rb +49 -0
data/lib/mihari/web/controllers/alerts_controller.rb +66 -0
data/lib/mihari/web/controllers/artifacts_controller.rb +26 -0
data/lib/mihari/web/controllers/command_controller.rb +27 -0
data/lib/mihari/web/controllers/config_controller.rb +15 -0
data/lib/mihari/web/controllers/sources_controller.rb +14 -0
data/lib/mihari/web/controllers/tags_controller.rb +30 -0
data/lib/mihari/web/helpers/json.rb +51 -0
data/lib/mihari/web/public/index.html +21 -0
data/lib/mihari/web/public/redoc-static.html +519 -0
data/lib/mihari/web/public/static/favicon.ico +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.099a9556.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.30cc681d.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.3b89dd10.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.f7307680.woff2 +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.1f77739c.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.7124eb50.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.7630483d.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.f0f82301.woff2 +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.1042e8ca.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.605ed792.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.9fe5a17c.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.e8a427e1.woff2 +0 -0
data/lib/mihari/web/public/static/img/fa-brands-400.ba7ed552.svg +3717 -0
data/lib/mihari/web/public/static/img/fa-regular-400.0bb42845.svg +801 -0
data/lib/mihari/web/public/static/img/fa-solid-900.376c1f97.svg +5034 -0
data/lib/mihari/web/public/static/js/app.bcc595df.js +12 -0
data/lib/mihari/web/public/static/js/app.bcc595df.js.map +1 -0
data/mihari.gemspec +28 -21
metadata +217 -45
data/.travis.yml +0 -13
data/lib/mihari/alert_viewer.rb +0 -23

data/lib/mihari/models/artifact.rb CHANGED Viewed

@@ -1,12 +1,15 @@
 # frozen_string_literal: true
 require "active_record"
+require "active_record/filter"
+require "active_support/core_ext/integer/time"
+require "active_support/core_ext/numeric/time"
 class ArtifactValidator < ActiveModel::Validator
   def validate(record)
     return if record.data_type
-    record.errors[:data] << "#{record.data} is not supported"
+    record.errors.add :data, "#{record.data} is not supported"
   end
 end
@@ -20,8 +23,16 @@ module Mihari
       self.data_type = TypeChecker.type(data)
     end
-    def unique?
-      self.class.find_by(data: data).nil?
+    def unique?(ignore_old_artifacts: false, ignore_threshold: 0)
+      artifact = self.class.where(data: data).order(created_at: :desc).first
+      return true if artifact.nil?
+      return false unless ignore_old_artifacts
+      days_before = (-ignore_threshold).days.from_now
+      # if an artifact is created before {ignore_threshold} days, ignore it
+      #                           within {ignore_threshold} days, do not ignore it
+      artifact.created_at < days_before
     end
   end
 end

data/lib/mihari/notifiers/exception_notifier.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Mihari
       def notify(exception)
         notify_to_stdout exception
-        clean_message = exception.message.tr('`', "'")
+        clean_message = exception.message.tr("`", "'")
         attachments = to_attachments(exception, clean_message)
         notify_to_slack(text: clean_message, attachments: attachments) if @slack.valid?
       end

data/lib/mihari/serializers/alert.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require "active_model_serializers"
 module Mihari
   class AlertSerializer < ActiveModel::Serializer
-    attributes :title, :description, :source, :created_at
+    attributes :id, :title, :description, :source, :created_at
     has_many :artifacts
     has_many :tags, through: :taggings

data/lib/mihari/serializers/artifact.rb CHANGED Viewed

@@ -4,6 +4,6 @@ require "active_model_serializers"
 module Mihari
   class ArtifactSerializer < ActiveModel::Serializer
-    attributes :data, :data_type
+    attributes :id, :data, :data_type
   end
 end

data/lib/mihari/serializers/tag.rb CHANGED Viewed

@@ -4,6 +4,6 @@ require "active_model_serializers"
 module Mihari
   class TagSerializer < ActiveModel::Serializer
-    attributes :name
+    attributes :id, :name
   end
 end

data/lib/mihari/status.rb CHANGED Viewed

@@ -3,9 +3,7 @@
 module Mihari
   class Status
     def check
-      statuses.map do |key, value|
-        [key, convert(**value)]
-      end.to_h
+      statuses
     end
     def self.check
@@ -14,16 +12,9 @@ module Mihari
     private
-    def convert(status:, message:)
-      {
-        status: status ? "OK" : "Bad",
-        message: message
-      }
-    end
     def statuses
       (Mihari.analyzers + Mihari.emitters).map do |klass|
-        name = klass.to_s.downcase.split("::").last.to_s
+        name = klass.to_s.split("::").last.to_s
         [name, build_status(klass)]
       end.to_h.compact
@@ -33,10 +24,11 @@ module Mihari
       is_analyzer = klass.ancestors.include?(Mihari::Analyzers::Base)
       instance = is_analyzer ? klass.new("dummy") : klass.new
-      status = instance.configured?
-      message = instance.configuration_status
+      is_configured = instance.configured?
+      values = instance.configuration_values
+      type = is_analyzer ? "Analyzer" : "Emitter"
-      message ? { status: status, message: message } : nil
+      values ? { is_configured: is_configured, values: values, type: type } : nil
     rescue ArgumentError => _e
       nil
     end

data/lib/mihari/type_checker.rb CHANGED Viewed

@@ -80,22 +80,22 @@ module Mihari
     # @return [true, false]
     def md5?
-      data.match? /^[A-Fa-f0-9]{32}$/
+      data.match?(/^[A-Fa-f0-9]{32}$/)
     end
     # @return [true, false]
     def sha1?
-      data.match? /^[A-Fa-f0-9]{40}$/
+      data.match?(/^[A-Fa-f0-9]{40}$/)
     end
     # @return [true, false]
     def sha256?
-      data.match? /^[A-Fa-f0-9]{64}$/
+      data.match?(/^[A-Fa-f0-9]{64}$/)
     end
     # @return [true, false]
     def sha512?
-      data.match? /^[A-Fa-f0-9]{128}$/
+      data.match?(/^[A-Fa-f0-9]{128}$/)
     end
   end
 end

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "1.4.1"
+  VERSION = "2.2.0"
 end

data/lib/mihari/web/app.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+require "launchy"
+require "rack"
+require "rack/handler/puma"
+require "sinatra"
+require "mihari/web/helpers/json"
+require "mihari/web/controllers/alerts_controller"
+require "mihari/web/controllers/artifacts_controller"
+require "mihari/web/controllers/command_controller"
+require "mihari/web/controllers/config_controller"
+require "mihari/web/controllers/sources_controller"
+require "mihari/web/controllers/tags_controller"
+module Mihari
+  class App < Sinatra::Base
+    set :root, File.dirname(__FILE__)
+    set :public_folder, File.join(root, "public")
+    get "/" do
+      send_file File.join(settings.public_folder, "index.html")
+    end
+    use Mihari::Controllers::AlertsController
+    use Mihari::Controllers::ArtifactsController
+    use Mihari::Controllers::CommandController
+    use Mihari::Controllers::ConfigController
+    use Mihari::Controllers::SourcesController
+    use Mihari::Controllers::TagsController
+    class << self
+      def run!(port: 9292, host: "localhost")
+        url = "http://#{host}:#{port}"
+        Rack::Handler::Puma.run self, Port: port, Host: host do |server|
+          Launchy.open url
+          [:INT, :TERM].each do |sig|
+            trap(sig) do
+              server.shutdown
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/alerts_controller.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+require "sinatra"
+module Mihari
+  module Controllers
+    class AlertsController < Sinatra::Base
+      get "/api/alerts" do
+        page = params["page"] || 1
+        page = page.to_i
+        limit = 10
+        artifact_data = params["artifact"]
+        description = params["description"]
+        source = params["source"]
+        tag_name = params["tag"]
+        title = params["title"]
+        from_at = params["from_at"] || params["fromAt"]
+        from_at = DateTime.parse(from_at) if from_at
+        to_at = params["to_at"] || params["toAt"]
+        to_at = DateTime.parse(to_at) if to_at
+        alerts = Mihari::Alert.search(
+          artifact_data: artifact_data,
+          description: description,
+          from_at: from_at,
+          limit: limit,
+          page: page,
+          source: source,
+          tag_name: tag_name,
+          title: title,
+          to_at: to_at
+        )
+        total = Mihari::Alert.count(
+          artifact_data: artifact_data,
+          description: description,
+          from_at: from_at,
+          source: source,
+          tag_name: tag_name,
+          title: title,
+          to_at: to_at
+        )
+        json({ alerts: alerts, total: total, current_page: page, page_size: limit })
+      end
+      delete "/api/alerts/:id" do
+        id = params["id"]
+        id = id.to_i
+        begin
+          alert = Mihari::Alert.find(id)
+          alert.destroy
+          status 204
+          body ""
+        rescue ActiveRecord::RecordNotFound
+          status 404
+          json({ message: "ID:#{id} is not found" })
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/artifacts_controller.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+require "sinatra"
+module Mihari
+  module Controllers
+    class ArtifactsController < Sinatra::Base
+      delete "/api/artifacts/:id" do
+        id = params["id"]
+        id = id.to_i
+        begin
+          alert = Mihari::Artifact.find(id)
+          alert.delete
+          status 204
+          body ""
+        rescue ActiveRecord::RecordNotFound
+          status 404
+          json({ message: "ID:#{id} is not found" })
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/command_controller.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+require "safe_shell"
+require "sinatra"
+module Mihari
+  module Controllers
+    class CommandController < Sinatra::Base
+      post "/api/command" do
+        payload = JSON.parse(request.body.read)
+        command = payload["command"]
+        if command.nil?
+          status 400
+          return json({ message: "command is required" })
+        end
+        command = command.split
+        output = SafeShell.execute("mihari", *command)
+        success = $?.success?
+        json({ output: output, success: success })
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/config_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require "sinatra"
+module Mihari
+  module Controllers
+    class ConfigController < Sinatra::Base
+      get "/api/config" do
+        report = Status.check
+        json report.to_camelback_keys
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/sources_controller.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require "sinatra"
+module Mihari
+  module Controllers
+    class SourcesController < Sinatra::Base
+      get "/api/sources" do
+        tags = Mihari::Alert.distinct.pluck(:source)
+        json tags
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/tags_controller.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require "sinatra"
+module Mihari
+  module Controllers
+    class TagsController < Sinatra::Base
+      get "/api/tags" do
+        tags = Mihari::Tag.distinct.pluck(:name)
+        json tags
+      end
+      delete "/api/tags/:name" do
+        name = params["name"]
+        begin
+          Mihari::Tag.where(name: name).destroy_all
+          status 204
+          body ""
+        rescue ActiveRecord::RecordNotFound
+          status 404
+          message = { message: "Name:#{name} is not found" }
+          json message
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/helpers/json.rb ADDED Viewed

@@ -0,0 +1,51 @@
+require "awrence"
+require "multi_json"
+require "sinatra/base"
+module Sinatra
+  module JSON
+    class << self
+      def encode(object)
+        ::MultiJson.dump(object)
+      end
+    end
+    def json(object, options = {})
+      object = object.to_camelback_keys
+      content_type resolve_content_type(options)
+      resolve_encoder_action object, resolve_encoder(options)
+    end
+    private
+    def resolve_content_type(options = {})
+      options[:content_type] || settings.json_content_type
+    end
+    def resolve_encoder(options = {})
+      options[:json_encoder] || settings.json_encoder
+    end
+    def resolve_encoder_action(object, encoder)
+      [:encode, :generate].each do |method|
+        return encoder.send(method, object) if encoder.respond_to? method
+      end
+      if encoder.is_a? Symbol
+        object.__send__(encoder)
+      else
+        fail "#{encoder} does not respond to #generate nor #encode"
+      end
+    end
+  end
+  Base.set :json_encoder do
+    ::MultiJson
+  end
+  Base.set :json_content_type, :json
+  # Load the JSON helpers in modular style automatically
+  Base.helpers JSON
+end