mihari 2.2.1 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/images/tines.png +0 -0
- data/lib/mihari/analyzers/urlscan.rb +1 -6
- data/lib/mihari/commands/urlscan.rb +0 -2
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/public/index.html +21 -1
- data/mihari.gemspec +2 -2
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81f38ae809db93f21b93a26581fe591cb534c04e6cb1882925e310c4698878b6
|
|
4
|
+
data.tar.gz: 443bfdd2bbcdd9aee9360bd8e411fab32f2d0bc0f75e32c7ac1ce6a63a021fad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9575e768712943a640c83b36da8d76c7d94a15995d67eb79b0a727381251c3eccb764b4e1d9e68d4d8480863ec5a209f5aaab144f0170cc7d5c6ff5a90032f21
|
|
7
|
+
data.tar.gz: 75d8052c9abaf7d1e421dd9ddc783b9a1cd41f3f2d4ac555230abef234724acbb10063af033cad18643c55170104f035c0ba3d950a350872ee63f7c007a46d7e
|
data/README.md
CHANGED
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
|
|
9
9
|
|
|
10
10
|
|
|
11
|
+
[](https://tines.io?utm_source=github&utm_medium=sponsorship&utm_campaign=ninoseki)
|
|
12
|
+
|
|
11
13
|
Mihari is a framework for continuous OSINT based threat hunting.
|
|
12
14
|
|
|
13
15
|
## How it works
|
|
@@ -61,3 +63,7 @@ See [Usage](https://github.com/ninoseki/mihari/wiki/Usage) for more information.
|
|
|
61
63
|
## License
|
|
62
64
|
|
|
63
65
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
66
|
+
|
|
67
|
+
## Acknowledgement
|
|
68
|
+
|
|
69
|
+
Mihari is proudly supported by [Tines.io](https://tines.io?utm_source=github&utm_medium=sponsorship&utm_campaign=ninoseki), The SOAR Platform for Enterprise Security Teams.
|
data/images/tines.png
ADDED
|
Binary file
|
|
@@ -5,16 +5,14 @@ require "urlscan"
|
|
|
5
5
|
module Mihari
|
|
6
6
|
module Analyzers
|
|
7
7
|
class Urlscan < Base
|
|
8
|
-
attr_reader :title, :description, :query, :tags, :
|
|
8
|
+
attr_reader :title, :description, :query, :tags, :target_type, :use_similarity
|
|
9
9
|
|
|
10
10
|
def initialize(
|
|
11
11
|
query,
|
|
12
12
|
description: nil,
|
|
13
|
-
filter: nil,
|
|
14
13
|
tags: [],
|
|
15
14
|
target_type: "url",
|
|
16
15
|
title: nil,
|
|
17
|
-
use_pro: false,
|
|
18
16
|
use_similarity: false
|
|
19
17
|
)
|
|
20
18
|
super()
|
|
@@ -24,9 +22,7 @@ module Mihari
|
|
|
24
22
|
@description = description || "query = #{query}"
|
|
25
23
|
@tags = tags
|
|
26
24
|
|
|
27
|
-
@filter = filter
|
|
28
25
|
@target_type = target_type
|
|
29
|
-
@use_pro = use_pro
|
|
30
26
|
@use_similarity = use_similarity
|
|
31
27
|
|
|
32
28
|
raise InvalidInputError, "type should be url, domain or ip." unless valid_target_type?
|
|
@@ -54,7 +50,6 @@ module Mihari
|
|
|
54
50
|
|
|
55
51
|
def search
|
|
56
52
|
return api.pro.similar(query) if use_similarity
|
|
57
|
-
return api.pro.search(query: query, filter: filter, size: 10_000) if use_pro
|
|
58
53
|
|
|
59
54
|
api.search(query, size: 10_000)
|
|
60
55
|
end
|
|
@@ -9,9 +9,7 @@ module Mihari
|
|
|
9
9
|
method_option :title, type: :string, desc: "title"
|
|
10
10
|
method_option :description, type: :string, desc: "description"
|
|
11
11
|
method_option :tags, type: :array, desc: "tags"
|
|
12
|
-
method_option :filter, type: :string, desc: "filter for urlscan pro search"
|
|
13
12
|
method_option :target_type, type: :string, default: "url", desc: "target type to fetch from lookup results (target type should be 'url', 'domain' or 'ip')"
|
|
14
|
-
method_option :use_pro, type: :boolean, default: false, desc: "use pro search API or not"
|
|
15
13
|
method_option :use_similarity, type: :boolean, default: false, desc: "use similarity API or not"
|
|
16
14
|
def urlscan(query)
|
|
17
15
|
with_error_handling do
|
data/lib/mihari/version.rb
CHANGED
|
@@ -1 +1,21 @@
|
|
|
1
|
-
<!DOCTYPE html
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="utf-8" />
|
|
5
|
+
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
|
6
|
+
<meta name="viewport" content="width=device-width,initial-scale=1" />
|
|
7
|
+
<link rel="icon" href="/static/favicon.ico" />
|
|
8
|
+
<title>Mihari</title>
|
|
9
|
+
<link href="/static/js/app.cccddb2b.js" rel="preload" as="script" />
|
|
10
|
+
</head>
|
|
11
|
+
<body>
|
|
12
|
+
<noscript
|
|
13
|
+
><strong
|
|
14
|
+
>We're sorry but Mihari doesn't work properly without JavaScript
|
|
15
|
+
enabled. Please enable it to continue.</strong
|
|
16
|
+
></noscript
|
|
17
|
+
>
|
|
18
|
+
<div id="app"></div>
|
|
19
|
+
<script src="/static/js/app.cccddb2b.js"></script>
|
|
20
|
+
</body>
|
|
21
|
+
</html>
|
data/mihari.gemspec
CHANGED
|
@@ -70,13 +70,13 @@ Gem::Specification.new do |spec|
|
|
|
70
70
|
spec.add_dependency "shodanx", "~> 0.2"
|
|
71
71
|
spec.add_dependency "sinatra", "~> 2.1"
|
|
72
72
|
spec.add_dependency "sinatra-contrib", "~> 2.1"
|
|
73
|
-
spec.add_dependency "sinatra-param", "~> 1.
|
|
73
|
+
spec.add_dependency "sinatra-param", "~> 1.6"
|
|
74
74
|
spec.add_dependency "slack-notifier", "~> 2.3"
|
|
75
75
|
spec.add_dependency "spysex", "~> 0.1"
|
|
76
76
|
spec.add_dependency "sqlite3", "~> 1.4"
|
|
77
77
|
spec.add_dependency "thor", "~> 1.1"
|
|
78
78
|
spec.add_dependency "thread_safe", "~> 0.3"
|
|
79
|
-
spec.add_dependency "urlscan", "~> 0.
|
|
79
|
+
spec.add_dependency "urlscan", "~> 0.7"
|
|
80
80
|
spec.add_dependency "virustotalx", "~> 1.1"
|
|
81
81
|
spec.add_dependency "zoomeye-rb", "~> 0.1"
|
|
82
82
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -660,14 +660,14 @@ dependencies:
|
|
|
660
660
|
requirements:
|
|
661
661
|
- - "~>"
|
|
662
662
|
- !ruby/object:Gem::Version
|
|
663
|
-
version: '1.
|
|
663
|
+
version: '1.6'
|
|
664
664
|
type: :runtime
|
|
665
665
|
prerelease: false
|
|
666
666
|
version_requirements: !ruby/object:Gem::Requirement
|
|
667
667
|
requirements:
|
|
668
668
|
- - "~>"
|
|
669
669
|
- !ruby/object:Gem::Version
|
|
670
|
-
version: '1.
|
|
670
|
+
version: '1.6'
|
|
671
671
|
- !ruby/object:Gem::Dependency
|
|
672
672
|
name: slack-notifier
|
|
673
673
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -744,14 +744,14 @@ dependencies:
|
|
|
744
744
|
requirements:
|
|
745
745
|
- - "~>"
|
|
746
746
|
- !ruby/object:Gem::Version
|
|
747
|
-
version: '0.
|
|
747
|
+
version: '0.7'
|
|
748
748
|
type: :runtime
|
|
749
749
|
prerelease: false
|
|
750
750
|
version_requirements: !ruby/object:Gem::Requirement
|
|
751
751
|
requirements:
|
|
752
752
|
- - "~>"
|
|
753
753
|
- !ruby/object:Gem::Version
|
|
754
|
-
version: '0.
|
|
754
|
+
version: '0.7'
|
|
755
755
|
- !ruby/object:Gem::Dependency
|
|
756
756
|
name: virustotalx
|
|
757
757
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -811,6 +811,7 @@ files:
|
|
|
811
811
|
- images/misp.png
|
|
812
812
|
- images/overview.png
|
|
813
813
|
- images/slack.png
|
|
814
|
+
- images/tines.png
|
|
814
815
|
- images/web_alerts.png
|
|
815
816
|
- images/web_config.png
|
|
816
817
|
- lib/mihari.rb
|