mihari 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE/bug_report.md +43 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +15 -0
- data/.standard.yml +4 -0
- data/README.md +3 -1
- data/docker/Dockerfile +2 -1
- data/images/web_alerts.png +0 -0
- data/lib/mihari/analyzers/base.rb +1 -1
- data/lib/mihari/analyzers/securitytrails.rb +2 -2
- data/lib/mihari/cli.rb +61 -287
- data/lib/mihari/commands/binaryedge.rb +21 -0
- data/lib/mihari/commands/censys.rb +22 -0
- data/lib/mihari/commands/circl.rb +21 -0
- data/lib/mihari/commands/config.rb +21 -0
- data/lib/mihari/commands/crtsh.rb +22 -0
- data/lib/mihari/commands/dnpedia.rb +21 -0
- data/lib/mihari/commands/dnstwister.rb +19 -0
- data/lib/mihari/commands/free_text.rb +21 -0
- data/lib/mihari/commands/http_hash.rb +25 -0
- data/lib/mihari/commands/json.rb +36 -0
- data/lib/mihari/commands/onyphe.rb +19 -0
- data/lib/mihari/commands/otx.rb +21 -0
- data/lib/mihari/commands/passive_dns.rb +19 -0
- data/lib/mihari/commands/passive_ssl.rb +21 -0
- data/lib/mihari/commands/passivetotal.rb +21 -0
- data/lib/mihari/commands/pulsedive.rb +21 -0
- data/lib/mihari/commands/reverse_whois.rb +21 -0
- data/lib/mihari/commands/securitytrails.rb +20 -0
- data/lib/mihari/commands/securitytrails_domain_feed.rb +23 -0
- data/lib/mihari/commands/shodan.rb +19 -0
- data/lib/mihari/commands/spyse.rb +20 -0
- data/lib/mihari/commands/ssh_fingerprint.rb +21 -0
- data/lib/mihari/commands/urlscan.rb +23 -0
- data/lib/mihari/commands/virustotal.rb +19 -0
- data/lib/mihari/commands/web.rb +20 -0
- data/lib/mihari/commands/zoomeye.rb +20 -0
- data/lib/mihari/config.rb +12 -0
- data/lib/mihari/configurable.rb +1 -1
- data/lib/mihari/emitters/slack.rb +4 -4
- data/lib/mihari/emitters/the_hive.rb +1 -1
- data/lib/mihari/models/alert.rb +5 -5
- data/lib/mihari/notifiers/exception_notifier.rb +4 -4
- data/lib/mihari/status.rb +1 -1
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/app.rb +45 -5
- data/lib/mihari/web/public/index.html +2 -2
- data/lib/mihari/web/public/static/js/{app.58b32d15.js → app.280cbdb7.js} +4 -4
- data/lib/mihari/web/public/static/js/app.280cbdb7.js.map +1 -0
- data/mihari.gemspec +2 -0
- metadata +61 -4
- data/lib/mihari/web/public/static/js/app.58b32d15.js.map +0 -1
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module BinaryEdge
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "binaryedge [QUERY]", "BinaryEdge host search by a query"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def binaryedge(query)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::BinaryEdge, query: query, options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module Censys
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "censys [QUERY]", "Censys IPv4 search by a query"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
method_option :type, type: :string, desc: "type to search (ipv4 / websites / certificates)", default: "ipv4"
|
|
13
|
+
def censys(query)
|
|
14
|
+
with_error_handling do
|
|
15
|
+
run_analyzer Analyzers::Censys, query: query, options: options
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module CIRCL
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "circl [DOMAIN|SHA1]", "CIRCL passive DNS/SSL lookup by a domain or SHA1 certificate fingerprint"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def circl(query)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::CIRCL, query: refang(query), options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Mihari
|
|
2
|
+
module Commands
|
|
3
|
+
module Config
|
|
4
|
+
def self.included(thor)
|
|
5
|
+
thor.class_eval do
|
|
6
|
+
desc "init_config", "Create a config file"
|
|
7
|
+
method_option :filename, type: :string, default: "mihari.yml"
|
|
8
|
+
def init_config
|
|
9
|
+
filename = options["filename"]
|
|
10
|
+
|
|
11
|
+
if File.exist?(filename) && !(yes? "#{filename} exists. Do you want to overwrite it? (y/n)")
|
|
12
|
+
return
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
Mihari::Config.initialize_yaml filename
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module Crtsh
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "crtsh [QUERY]", "crt.sh search by a query"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
method_option :exclude_expired, type: :boolean, desc: "exclude expired certificates"
|
|
13
|
+
def crtsh(query)
|
|
14
|
+
with_error_handling do
|
|
15
|
+
run_analyzer Analyzers::Crtsh, query: query, options: options
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module DNPedia
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "dnpedia [QUERY]", "DNPedia domain search by a query"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def dnpedia(query)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::DNPedia, query: query, options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Mihari
|
|
2
|
+
module Commands
|
|
3
|
+
module DNSTwister
|
|
4
|
+
def self.included(thor)
|
|
5
|
+
thor.class_eval do
|
|
6
|
+
desc "dnstwister [DOMAIN]", "dnstwister lookup by a domain"
|
|
7
|
+
method_option :title, type: :string, desc: "title"
|
|
8
|
+
method_option :description, type: :string, desc: "description"
|
|
9
|
+
method_option :tags, type: :array, desc: "tags"
|
|
10
|
+
def dnstwister(domain)
|
|
11
|
+
with_error_handling do
|
|
12
|
+
run_analyzer Analyzers::DNSTwister, query: refang(domain), options: options
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module FreeText
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "free_text [TEXT]", "Cross search with search engines by a free text"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def free_text(text)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::FreeText, query: text, options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module HTTPHash
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "http_hash", "Cross search with search engines by a hash of an HTTP response (SHA256, MD5 and MurmurHash3)"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
method_option :md5, type: :string, desc: "MD5 hash"
|
|
13
|
+
method_option :sha256, type: :string, desc: "SHA256 hash"
|
|
14
|
+
method_option :mmh3, type: :numeric, desc: "MurmurHash3 hash"
|
|
15
|
+
method_option :html, type: :string, desc: "path to an HTML file"
|
|
16
|
+
def http_hash
|
|
17
|
+
with_error_handling do
|
|
18
|
+
run_analyzer Analyzers::HTTPHash, query: nil, options: options
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
module Mihari
|
|
2
|
+
module Commands
|
|
3
|
+
module JSON
|
|
4
|
+
def self.included(thor)
|
|
5
|
+
thor.class_eval do
|
|
6
|
+
desc "import_from_json", "Give a JSON input via STDIN"
|
|
7
|
+
def import_from_json(input = nil)
|
|
8
|
+
with_error_handling do
|
|
9
|
+
json = input || $stdin.gets.chomp
|
|
10
|
+
raise ArgumentError, "Input not found: please give an input in a JSON format" unless json
|
|
11
|
+
|
|
12
|
+
json = parse_as_json(json)
|
|
13
|
+
raise ArgumentError, "Invalid input format: an input JSON data should have title, description and artifacts key" unless valid_json?(json)
|
|
14
|
+
|
|
15
|
+
title = json["title"]
|
|
16
|
+
description = json["description"]
|
|
17
|
+
artifacts = json["artifacts"]
|
|
18
|
+
tags = json["tags"] || []
|
|
19
|
+
|
|
20
|
+
basic = Analyzers::Basic.new(title: title, description: description, artifacts: artifacts, source: "json", tags: tags)
|
|
21
|
+
basic.run
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
no_commands do
|
|
26
|
+
def parse_as_json(input)
|
|
27
|
+
::JSON.parse input
|
|
28
|
+
rescue ::JSON::ParserError => _e
|
|
29
|
+
nil
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Mihari
|
|
2
|
+
module Commands
|
|
3
|
+
module Onyphe
|
|
4
|
+
def self.included(thor)
|
|
5
|
+
thor.class_eval do
|
|
6
|
+
desc "onyphe [QUERY]", "Onyphe datascan search by a query"
|
|
7
|
+
method_option :title, type: :string, desc: "title"
|
|
8
|
+
method_option :description, type: :string, desc: "description"
|
|
9
|
+
method_option :tags, type: :array, desc: "tags"
|
|
10
|
+
def onyphe(query)
|
|
11
|
+
with_error_handling do
|
|
12
|
+
run_analyzer Analyzers::Onyphe, query: query, options: options
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module OTX
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "otx [IP|DOMAIN]", "OTX lookup by an IP or domain"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def otx(domain)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::OTX, query: refang(domain), options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Mihari
|
|
2
|
+
module Commands
|
|
3
|
+
module PassiveDNS
|
|
4
|
+
def self.included(thor)
|
|
5
|
+
thor.class_eval do
|
|
6
|
+
desc "passive_dns [IP|DOMAIN]", "Cross search with passive DNS services by an ip or domain"
|
|
7
|
+
method_option :title, type: :string, desc: "title"
|
|
8
|
+
method_option :description, type: :string, desc: "description"
|
|
9
|
+
method_option :tags, type: :array, desc: "tags"
|
|
10
|
+
def passive_dns(query)
|
|
11
|
+
with_error_handling do
|
|
12
|
+
run_analyzer Analyzers::PassiveDNS, query: refang(query), options: options
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module PassiveSSL
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "passive_ssl [SHA1]", "Cross search with passive SSL services by an SHA1 certificate fingerprint"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def passive_ssl(query)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::PassiveSSL, query: query, options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module PassiveTotal
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "passivetotal [IP|DOMAIN|EMAIL|SHA1]", "PassiveTotal lookup by an ip, domain, email or SHA1 certificate fingerprint"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def passivetotal(indicator)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::PassiveTotal, query: refang(indicator), options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module Pulsedive
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "pulsedive [IP|DOMAIN]", "Pulsedive lookup by an ip or domain"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def pulsedive(indiactor)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::Pulsedive, query: refang(indiactor), options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module ReverseWhois
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "reverse_whois [EMAIL]", "Cross search with reverse whois services by an email"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
def reverse_whois(query)
|
|
13
|
+
with_error_handling do
|
|
14
|
+
run_analyzer Analyzers::ReveseWhois, query: refang(query), options: options
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
module Mihari
|
|
2
|
+
module Commands
|
|
3
|
+
module SecurityTrails
|
|
4
|
+
def self.included(thor)
|
|
5
|
+
thor.class_eval do
|
|
6
|
+
desc "securitytrails [IP|DOMAIN|EMAIL]", "SecurityTrails lookup by an ip, domain or email"
|
|
7
|
+
method_option :title, type: :string, desc: "title"
|
|
8
|
+
method_option :description, type: :string, desc: "description"
|
|
9
|
+
method_option :tags, type: :array, desc: "tags"
|
|
10
|
+
def securitytrails(indiactor)
|
|
11
|
+
with_error_handling do
|
|
12
|
+
run_analyzer Analyzers::SecurityTrails, query: refang(indiactor), options: options
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
map "st" => :securitytrails
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Commands
|
|
5
|
+
module SecurityTrailsDomainFeed
|
|
6
|
+
def self.included(thor)
|
|
7
|
+
thor.class_eval do
|
|
8
|
+
desc "securitytrails_domain_feed [REGEXP]", "SecurityTrails new domain feed search by a regexp"
|
|
9
|
+
method_option :title, type: :string, desc: "title"
|
|
10
|
+
method_option :description, type: :string, desc: "description"
|
|
11
|
+
method_option :tags, type: :array, desc: "tags"
|
|
12
|
+
method_option :type, type: :string, default: "registered", desc: "A type of domain feed ('all', 'new' or 'registered')"
|
|
13
|
+
def securitytrails_domain_feed(regexp)
|
|
14
|
+
with_error_handling do
|
|
15
|
+
run_analyzer Analyzers::SecurityTrailsDomainFeed, query: regexp, options: options
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
map "st_domain_feed" => :securitytrails_domain_feedd
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|