mihari 2.2.1 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/images/tines.png +0 -0
- data/lib/mihari/analyzers/urlscan.rb +1 -6
- data/lib/mihari/commands/urlscan.rb +0 -2
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/public/index.html +21 -1
- data/mihari.gemspec +2 -2
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81f38ae809db93f21b93a26581fe591cb534c04e6cb1882925e310c4698878b6
|
|
4
|
+
data.tar.gz: 443bfdd2bbcdd9aee9360bd8e411fab32f2d0bc0f75e32c7ac1ce6a63a021fad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9575e768712943a640c83b36da8d76c7d94a15995d67eb79b0a727381251c3eccb764b4e1d9e68d4d8480863ec5a209f5aaab144f0170cc7d5c6ff5a90032f21
|
|
7
|
+
data.tar.gz: 75d8052c9abaf7d1e421dd9ddc783b9a1cd41f3f2d4ac555230abef234724acbb10063af033cad18643c55170104f035c0ba3d950a350872ee63f7c007a46d7e
|
data/README.md
CHANGED
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
|
|
9
9
|
|
|
10
10
|
|
|
11
|
+
[](https://tines.io?utm_source=github&utm_medium=sponsorship&utm_campaign=ninoseki)
|
|
12
|
+
|
|
11
13
|
Mihari is a framework for continuous OSINT based threat hunting.
|
|
12
14
|
|
|
13
15
|
## How it works
|
|
@@ -61,3 +63,7 @@ See [Usage](https://github.com/ninoseki/mihari/wiki/Usage) for more information.
|
|
|
61
63
|
## License
|
|
62
64
|
|
|
63
65
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
66
|
+
|
|
67
|
+
## Acknowledgement
|
|
68
|
+
|
|
69
|
+
Mihari is proudly supported by [Tines.io](https://tines.io?utm_source=github&utm_medium=sponsorship&utm_campaign=ninoseki), The SOAR Platform for Enterprise Security Teams.
|
data/images/tines.png
ADDED
|
Binary file
|
|
@@ -5,16 +5,14 @@ require "urlscan"
|
|
|
5
5
|
module Mihari
|
|
6
6
|
module Analyzers
|
|
7
7
|
class Urlscan < Base
|
|
8
|
-
attr_reader :title, :description, :query, :tags, :
|
|
8
|
+
attr_reader :title, :description, :query, :tags, :target_type, :use_similarity
|
|
9
9
|
|
|
10
10
|
def initialize(
|
|
11
11
|
query,
|
|
12
12
|
description: nil,
|
|
13
|
-
filter: nil,
|
|
14
13
|
tags: [],
|
|
15
14
|
target_type: "url",
|
|
16
15
|
title: nil,
|
|
17
|
-
use_pro: false,
|
|
18
16
|
use_similarity: false
|
|
19
17
|
)
|
|
20
18
|
super()
|
|
@@ -24,9 +22,7 @@ module Mihari
|
|
|
24
22
|
@description = description || "query = #{query}"
|
|
25
23
|
@tags = tags
|
|
26
24
|
|
|
27
|
-
@filter = filter
|
|
28
25
|
@target_type = target_type
|
|
29
|
-
@use_pro = use_pro
|
|
30
26
|
@use_similarity = use_similarity
|
|
31
27
|
|
|
32
28
|
raise InvalidInputError, "type should be url, domain or ip." unless valid_target_type?
|
|
@@ -54,7 +50,6 @@ module Mihari
|
|
|
54
50
|
|
|
55
51
|
def search
|
|
56
52
|
return api.pro.similar(query) if use_similarity
|
|
57
|
-
return api.pro.search(query: query, filter: filter, size: 10_000) if use_pro
|
|
58
53
|
|
|
59
54
|
api.search(query, size: 10_000)
|
|
60
55
|
end
|
|
@@ -9,9 +9,7 @@ module Mihari
|
|
|
9
9
|
method_option :title, type: :string, desc: "title"
|
|
10
10
|
method_option :description, type: :string, desc: "description"
|
|
11
11
|
method_option :tags, type: :array, desc: "tags"
|
|
12
|
-
method_option :filter, type: :string, desc: "filter for urlscan pro search"
|
|
13
12
|
method_option :target_type, type: :string, default: "url", desc: "target type to fetch from lookup results (target type should be 'url', 'domain' or 'ip')"
|
|
14
|
-
method_option :use_pro, type: :boolean, default: false, desc: "use pro search API or not"
|
|
15
13
|
method_option :use_similarity, type: :boolean, default: false, desc: "use similarity API or not"
|
|
16
14
|
def urlscan(query)
|
|
17
15
|
with_error_handling do
|
data/lib/mihari/version.rb
CHANGED
|
@@ -1 +1,21 @@
|
|
|
1
|
-
<!DOCTYPE html
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="utf-8" />
|
|
5
|
+
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
|
6
|
+
<meta name="viewport" content="width=device-width,initial-scale=1" />
|
|
7
|
+
<link rel="icon" href="/static/favicon.ico" />
|
|
8
|
+
<title>Mihari</title>
|
|
9
|
+
<link href="/static/js/app.cccddb2b.js" rel="preload" as="script" />
|
|
10
|
+
</head>
|
|
11
|
+
<body>
|
|
12
|
+
<noscript
|
|
13
|
+
><strong
|
|
14
|
+
>We're sorry but Mihari doesn't work properly without JavaScript
|
|
15
|
+
enabled. Please enable it to continue.</strong
|
|
16
|
+
></noscript
|
|
17
|
+
>
|
|
18
|
+
<div id="app"></div>
|
|
19
|
+
<script src="/static/js/app.cccddb2b.js"></script>
|
|
20
|
+
</body>
|
|
21
|
+
</html>
|
data/mihari.gemspec
CHANGED
|
@@ -70,13 +70,13 @@ Gem::Specification.new do |spec|
|
|
|
70
70
|
spec.add_dependency "shodanx", "~> 0.2"
|
|
71
71
|
spec.add_dependency "sinatra", "~> 2.1"
|
|
72
72
|
spec.add_dependency "sinatra-contrib", "~> 2.1"
|
|
73
|
-
spec.add_dependency "sinatra-param", "~> 1.
|
|
73
|
+
spec.add_dependency "sinatra-param", "~> 1.6"
|
|
74
74
|
spec.add_dependency "slack-notifier", "~> 2.3"
|
|
75
75
|
spec.add_dependency "spysex", "~> 0.1"
|
|
76
76
|
spec.add_dependency "sqlite3", "~> 1.4"
|
|
77
77
|
spec.add_dependency "thor", "~> 1.1"
|
|
78
78
|
spec.add_dependency "thread_safe", "~> 0.3"
|
|
79
|
-
spec.add_dependency "urlscan", "~> 0.
|
|
79
|
+
spec.add_dependency "urlscan", "~> 0.7"
|
|
80
80
|
spec.add_dependency "virustotalx", "~> 1.1"
|
|
81
81
|
spec.add_dependency "zoomeye-rb", "~> 0.1"
|
|
82
82
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -660,14 +660,14 @@ dependencies:
|
|
|
660
660
|
requirements:
|
|
661
661
|
- - "~>"
|
|
662
662
|
- !ruby/object:Gem::Version
|
|
663
|
-
version: '1.
|
|
663
|
+
version: '1.6'
|
|
664
664
|
type: :runtime
|
|
665
665
|
prerelease: false
|
|
666
666
|
version_requirements: !ruby/object:Gem::Requirement
|
|
667
667
|
requirements:
|
|
668
668
|
- - "~>"
|
|
669
669
|
- !ruby/object:Gem::Version
|
|
670
|
-
version: '1.
|
|
670
|
+
version: '1.6'
|
|
671
671
|
- !ruby/object:Gem::Dependency
|
|
672
672
|
name: slack-notifier
|
|
673
673
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -744,14 +744,14 @@ dependencies:
|
|
|
744
744
|
requirements:
|
|
745
745
|
- - "~>"
|
|
746
746
|
- !ruby/object:Gem::Version
|
|
747
|
-
version: '0.
|
|
747
|
+
version: '0.7'
|
|
748
748
|
type: :runtime
|
|
749
749
|
prerelease: false
|
|
750
750
|
version_requirements: !ruby/object:Gem::Requirement
|
|
751
751
|
requirements:
|
|
752
752
|
- - "~>"
|
|
753
753
|
- !ruby/object:Gem::Version
|
|
754
|
-
version: '0.
|
|
754
|
+
version: '0.7'
|
|
755
755
|
- !ruby/object:Gem::Dependency
|
|
756
756
|
name: virustotalx
|
|
757
757
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -811,6 +811,7 @@ files:
|
|
|
811
811
|
- images/misp.png
|
|
812
812
|
- images/overview.png
|
|
813
813
|
- images/slack.png
|
|
814
|
+
- images/tines.png
|
|
814
815
|
- images/web_alerts.png
|
|
815
816
|
- images/web_config.png
|
|
816
817
|
- lib/mihari.rb
|