mihari 2.0.0 → 2.3.1

data/lib/mihari/commands/binaryedge.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module BinaryEdge
+      def self.included(thor)
+        thor.class_eval do
+          desc "binaryedge [QUERY]", "BinaryEdge host search by a query"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def binaryedge(query)
+            with_error_handling do
+              run_analyzer Analyzers::BinaryEdge, query: query, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/censys.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module Censys
+      def self.included(thor)
+        thor.class_eval do
+          desc "censys [QUERY]", "Censys IPv4 search by a query"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          method_option :type, type: :string, desc: "type to search (ipv4 / websites / certificates)", default: "ipv4"
+          def censys(query)
+            with_error_handling do
+              run_analyzer Analyzers::Censys, query: query, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/circl.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module CIRCL
+      def self.included(thor)
+        thor.class_eval do
+          desc "circl [DOMAIN|SHA1]", "CIRCL passive DNS/SSL lookup by a domain or SHA1 certificate fingerprint"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def circl(query)
+            with_error_handling do
+              run_analyzer Analyzers::CIRCL, query: refang(query), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/config.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require "colorize"
+
+module Mihari
+  module Commands
+    module Config
+      def self.included(thor)
+        thor.class_eval do
+          desc "init_config", "Create a config file"
+          method_option :filename, type: :string, default: "mihari.yml"
+          def init_config
+            filename = options["filename"]
+
+            warning = "#{filename} exists. Do you want to overwrite it? (y/n)"
+            if File.exist?(filename) && !(yes? warning)
+              return
+            end
+
+            Mihari::Config.initialize_yaml filename
+            puts "The config file is initialized as #{filename}.".colorize(:blue)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/crtsh.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module Crtsh
+      def self.included(thor)
+        thor.class_eval do
+          desc "crtsh [QUERY]", "crt.sh search by a query"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          method_option :exclude_expired, type: :boolean, desc: "exclude expired certificates"
+          def crtsh(query)
+            with_error_handling do
+              run_analyzer Analyzers::Crtsh, query: query, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/dnpedia.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module DNPedia
+      def self.included(thor)
+        thor.class_eval do
+          desc "dnpedia [QUERY]", "DNPedia domain search by a query"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def dnpedia(query)
+            with_error_handling do
+              run_analyzer Analyzers::DNPedia, query: query, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/dnstwister.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module DNSTwister
+      def self.included(thor)
+        thor.class_eval do
+          desc "dnstwister [DOMAIN]", "dnstwister lookup by a domain"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def dnstwister(domain)
+            with_error_handling do
+              run_analyzer Analyzers::DNSTwister, query: refang(domain), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/free_text.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module FreeText
+      def self.included(thor)
+        thor.class_eval do
+          desc "free_text [TEXT]", "Cross search with search engines by a free text"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def free_text(text)
+            with_error_handling do
+              run_analyzer Analyzers::FreeText, query: text, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/http_hash.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module HTTPHash
+      def self.included(thor)
+        thor.class_eval do
+          desc "http_hash", "Cross search with search engines by a hash of an HTTP response (SHA256, MD5 and MurmurHash3)"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          method_option :md5, type: :string, desc: "MD5 hash"
+          method_option :sha256, type: :string, desc: "SHA256 hash"
+          method_option :mmh3, type: :numeric, desc: "MurmurHash3 hash"
+          method_option :html, type: :string, desc: "path to an HTML file"
+          def http_hash
+            with_error_handling do
+              run_analyzer Analyzers::HTTPHash, query: nil, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/json.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module JSON
+      def self.included(thor)
+        thor.class_eval do
+          desc "import_from_json", "Give a JSON input via STDIN"
+          def import_from_json(input = nil)
+            with_error_handling do
+              json = input || $stdin.gets.chomp
+              raise ArgumentError, "Input not found: please give an input in a JSON format" unless json
+
+              json = parse_as_json(json)
+              raise ArgumentError, "Invalid input format: an input JSON data should have title, description and artifacts key" unless valid_json?(json)
+
+              title = json["title"]
+              description = json["description"]
+              artifacts = json["artifacts"]
+              tags = json["tags"] || []
+
+              basic = Analyzers::Basic.new(title: title, description: description, artifacts: artifacts, source: "json", tags: tags)
+
+              basic.ignore_old_artifacts = options["ignore_old_artifacts"] || false
+              basic.ignore_threshold = options["ignore_threshold"] || 0
+
+              basic.run
+            end
+          end
+
+          no_commands do
+            def parse_as_json(input)
+              ::JSON.parse input
+            rescue ::JSON::ParserError => _e
+              nil
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/onyphe.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module Onyphe
+      def self.included(thor)
+        thor.class_eval do
+          desc "onyphe [QUERY]", "Onyphe datascan search by a query"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def onyphe(query)
+            with_error_handling do
+              run_analyzer Analyzers::Onyphe, query: query, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/otx.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module OTX
+      def self.included(thor)
+        thor.class_eval do
+          desc "otx [IP|DOMAIN]", "OTX lookup by an IP or domain"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def otx(domain)
+            with_error_handling do
+              run_analyzer Analyzers::OTX, query: refang(domain), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/passive_dns.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module PassiveDNS
+      def self.included(thor)
+        thor.class_eval do
+          desc "passive_dns [IP|DOMAIN]", "Cross search with passive DNS services by an ip or domain"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def passive_dns(query)
+            with_error_handling do
+              run_analyzer Analyzers::PassiveDNS, query: refang(query), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/passive_ssl.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module PassiveSSL
+      def self.included(thor)
+        thor.class_eval do
+          desc "passive_ssl [SHA1]", "Cross search with passive SSL services by an SHA1 certificate fingerprint"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def passive_ssl(query)
+            with_error_handling do
+              run_analyzer Analyzers::PassiveSSL, query: query, options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/passivetotal.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module PassiveTotal
+      def self.included(thor)
+        thor.class_eval do
+          desc "passivetotal [IP|DOMAIN|EMAIL|SHA1]", "PassiveTotal lookup by an ip, domain, email or SHA1 certificate fingerprint"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def passivetotal(indicator)
+            with_error_handling do
+              run_analyzer Analyzers::PassiveTotal, query: refang(indicator), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/pulsedive.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module Pulsedive
+      def self.included(thor)
+        thor.class_eval do
+          desc "pulsedive [IP|DOMAIN]", "Pulsedive lookup by an ip or domain"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def pulsedive(indiactor)
+            with_error_handling do
+              run_analyzer Analyzers::Pulsedive, query: refang(indiactor), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/reverse_whois.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module ReverseWhois
+      def self.included(thor)
+        thor.class_eval do
+          desc "reverse_whois [EMAIL]", "Cross search with reverse whois services by an email"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def reverse_whois(query)
+            with_error_handling do
+              run_analyzer Analyzers::ReveseWhois, query: refang(query), options: options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/commands/securitytrails.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Commands
+    module SecurityTrails
+      def self.included(thor)
+        thor.class_eval do
+          desc "securitytrails [IP|DOMAIN|EMAIL]", "SecurityTrails lookup by an ip, domain or email"
+          method_option :title, type: :string, desc: "title"
+          method_option :description, type: :string, desc: "description"
+          method_option :tags, type: :array, desc: "tags"
+          def securitytrails(indiactor)
+            with_error_handling do
+              run_analyzer Analyzers::SecurityTrails, query: refang(indiactor), options: options
+            end
+          end
+          map "st" => :securitytrails
+        end
+      end
+    end
+  end
+end