RubyGems - mihari - Versions diffs - 2.4.0 → 3.2.0 - Mend

mihari 2.4.0 → 3.2.0

Files changed (113) hide show

checksums.yaml +4 -4
data/.gitignore +7 -0
data/.overcommit.yml +12 -0
data/README.md +1 -9
data/build_frontend.sh +5 -0
data/docker/Dockerfile +1 -1
data/exe/mihari +1 -1
data/lib/mihari.rb +89 -15
data/lib/mihari/analyzers/base.rb +49 -8
data/lib/mihari/analyzers/basic.rb +1 -2
data/lib/mihari/analyzers/binaryedge.rb +7 -13
data/lib/mihari/analyzers/censys.rb +26 -63
data/lib/mihari/analyzers/circl.rb +20 -17
data/lib/mihari/analyzers/crtsh.rb +6 -13
data/lib/mihari/analyzers/dnpedia.rb +6 -12
data/lib/mihari/analyzers/dnstwister.rb +13 -10
data/lib/mihari/analyzers/onyphe.rb +6 -12
data/lib/mihari/analyzers/otx.rb +22 -19
data/lib/mihari/analyzers/passivetotal.rb +22 -21
data/lib/mihari/analyzers/pulsedive.rb +16 -13
data/lib/mihari/analyzers/rule.rb +97 -0
data/lib/mihari/analyzers/securitytrails.rb +22 -19
data/lib/mihari/analyzers/shodan.rb +7 -13
data/lib/mihari/analyzers/spyse.rb +12 -19
data/lib/mihari/analyzers/urlscan.rb +22 -27
data/lib/mihari/analyzers/virustotal.rb +25 -22
data/lib/mihari/analyzers/zoomeye.rb +14 -20
data/lib/mihari/cli/analyzer.rb +44 -0
data/lib/mihari/cli/base.rb +27 -0
data/lib/mihari/cli/init.rb +13 -0
data/lib/mihari/cli/main.rb +30 -0
data/lib/mihari/cli/mixins/utils.rb +88 -0
data/lib/mihari/cli/validator.rb +11 -0
data/lib/mihari/commands/binaryedge.rb +1 -1
data/lib/mihari/commands/censys.rb +1 -1
data/lib/mihari/commands/circl.rb +2 -2
data/lib/mihari/commands/crtsh.rb +1 -1
data/lib/mihari/commands/dnpedia.rb +1 -1
data/lib/mihari/commands/dnstwister.rb +2 -2
data/lib/mihari/commands/init.rb +46 -0
data/lib/mihari/commands/json.rb +1 -1
data/lib/mihari/commands/onyphe.rb +1 -1
data/lib/mihari/commands/otx.rb +2 -2
data/lib/mihari/commands/passivetotal.rb +2 -2
data/lib/mihari/commands/pulsedive.rb +2 -2
data/lib/mihari/commands/search.rb +77 -0
data/lib/mihari/commands/securitytrails.rb +2 -2
data/lib/mihari/commands/shodan.rb +1 -1
data/lib/mihari/commands/spyse.rb +1 -1
data/lib/mihari/commands/urlscan.rb +2 -2
data/lib/mihari/commands/validator.rb +38 -0
data/lib/mihari/commands/virustotal.rb +2 -2
data/lib/mihari/commands/zoomeye.rb +1 -1
data/lib/mihari/constraints.rb +5 -0
data/lib/mihari/database.rb +13 -2
data/lib/mihari/emitters/base.rb +2 -2
data/lib/mihari/emitters/database.rb +1 -1
data/lib/mihari/emitters/misp.rb +3 -1
data/lib/mihari/emitters/slack.rb +6 -7
data/lib/mihari/emitters/the_hive.rb +1 -1
data/lib/mihari/emitters/webhook.rb +2 -9
data/lib/mihari/mixins/configurable.rb +38 -0
data/lib/mihari/mixins/configuration.rb +90 -0
data/lib/mihari/mixins/hash.rb +20 -0
data/lib/mihari/mixins/refang.rb +21 -0
data/lib/mihari/mixins/retriable.rb +27 -0
data/lib/mihari/mixins/rule.rb +79 -0
data/lib/mihari/models/alert.rb +28 -1
data/lib/mihari/models/artifact.rb +11 -1
data/lib/mihari/notifiers/base.rb +9 -1
data/lib/mihari/notifiers/exception_notifier.rb +50 -0
data/lib/mihari/notifiers/slack.rb +29 -0
data/lib/mihari/schemas/analyzer.rb +25 -0
data/lib/mihari/schemas/configuration.rb +42 -0
data/lib/mihari/schemas/macros.rb +17 -0
data/lib/mihari/schemas/rule.rb +72 -0
data/lib/mihari/serializers/artifact.rb +1 -1
data/lib/mihari/status.rb +14 -0
data/lib/mihari/templates/rule.yml.erb +19 -0
data/lib/mihari/type_checker.rb +8 -3
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/app.rb +2 -1
data/lib/mihari/web/controllers/analyzers_controller.rb +38 -0
data/lib/mihari/web/controllers/base_controller.rb +1 -1
data/lib/mihari/web/public/index.html +1 -21
data/lib/mihari/web/public/redoc-static.html +338 -461
data/lib/mihari/web/public/static/js/app.365f1907.js +13 -0
data/lib/mihari/web/public/static/js/app.365f1907.js.map +1 -0
data/lib/mihari/web/public/static/js/app.ab213f7c.js +12 -0
data/lib/mihari/web/public/static/js/app.ab213f7c.js.map +1 -0
data/mihari.gemspec +16 -9
metadata +135 -58
data/.rubocop.yml +0 -161
data/lib/mihari/analyzers/free_text.rb +0 -48
data/lib/mihari/analyzers/http_hash.rb +0 -100
data/lib/mihari/analyzers/passive_dns.rb +0 -59
data/lib/mihari/analyzers/passive_ssl.rb +0 -55
data/lib/mihari/analyzers/reverse_whois.rb +0 -55
data/lib/mihari/analyzers/securitytrails_domain_feed.rb +0 -59
data/lib/mihari/analyzers/ssh_fingerprint.rb +0 -58
data/lib/mihari/cli.rb +0 -126
data/lib/mihari/commands/config.rb +0 -27
data/lib/mihari/commands/free_text.rb +0 -21
data/lib/mihari/commands/http_hash.rb +0 -25
data/lib/mihari/commands/passive_dns.rb +0 -21
data/lib/mihari/commands/passive_ssl.rb +0 -21
data/lib/mihari/commands/reverse_whois.rb +0 -21
data/lib/mihari/commands/securitytrails_domain_feed.rb +0 -23
data/lib/mihari/commands/ssh_fingerprint.rb +0 -21
data/lib/mihari/config.rb +0 -85
data/lib/mihari/configurable.rb +0 -21
data/lib/mihari/html.rb +0 -43
data/lib/mihari/retriable.rb +0 -17

data/.rubocop.yml DELETED Viewed

@@ -1,161 +0,0 @@
-# Relaxed.Ruby.Style
-## Version 2.5
-require:
-  - rubocop-performance
-AllCops:
-  NewCops: enable
-Style/Alias:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylealias
-Style/AsciiComments:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleasciicomments
-Style/BeginBlock:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylebeginblock
-Style/BlockDelimiters:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleblockdelimiters
-Style/CommentAnnotation:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylecommentannotation
-Style/Documentation:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styledocumentation
-Layout/DotPosition:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#layoutdotposition
-Style/DoubleNegation:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styledoublenegation
-Style/EndBlock:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleendblock
-Style/FormatString:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleformatstring
-Style/IfUnlessModifier:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleifunlessmodifier
-Style/Lambda:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylelambda
-Style/ModuleFunction:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylemodulefunction
-Style/MultilineBlockChain:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylemultilineblockchain
-Style/NegatedIf:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylenegatedif
-Style/NegatedWhile:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylenegatedwhile
-Style/NumericPredicate:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylenumericpredicate
-Style/ParallelAssignment:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleparallelassignment
-Style/PercentLiteralDelimiters:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylepercentliteraldelimiters
-Style/PerlBackrefs:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleperlbackrefs
-Style/Semicolon:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesemicolon
-Style/SignalException:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesignalexception
-Style/SingleLineBlockParams:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesinglelineblockparams
-Style/SingleLineMethods:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesinglelinemethods
-Layout/SpaceBeforeBlockBraces:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#layoutspacebeforeblockbraces
-Layout/SpaceInsideParens:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#layoutspaceinsideparens
-Style/SpecialGlobalVars:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylespecialglobalvars
-Style/StringLiterals:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylestringliterals
-Style/TrailingCommaInArguments:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainarguments
-Style/TrailingCommaInArrayLiteral:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainarrayliteral
-Style/TrailingCommaInHashLiteral:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainhashliteral
-Style/SymbolArray:
-  Enabled: false
-  StyleGuide: http://relaxed.ruby.style/#stylesymbolarray
-Style/WhileUntilModifier:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylewhileuntilmodifier
-Style/WordArray:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylewordarray
-Lint/AmbiguousRegexpLiteral:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#lintambiguousregexpliteral
-Lint/AssignmentInCondition:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#lintassignmentincondition
-Layout/LineLength:
-  Enabled: false
-Style/StringLiteralsInInterpolation:
-  Enabled: false
-Metrics:
-  Enabled: false

data/lib/mihari/analyzers/free_text.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class FreeText < Base
-      attr_reader :query, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::BinaryEdge,
-        Mihari::Analyzers::Censys
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @title = title || "Free text cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def analyzers
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::BinaryEdge::Error, ::Censys::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/http_hash.rb DELETED Viewed

@@ -1,100 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class HTTPHash < Base
-      attr_reader :md5, :sha256, :mmh3, :html, :title, :description, :tags
-      def initialize(_query, md5: nil, sha256: nil, mmh3: nil, html: nil, title: nil, description: nil, tags: [])
-        super()
-        @md5 = md5
-        @sha256 = sha256
-        @mmh3 = mmh3
-        @html = html
-        load_from_html
-        @title = title || "HTTP hash cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_query?
-        [md5, sha256, mmh3].compact.any?
-      end
-      def load_from_html
-        return unless html
-        html_file = HTML.new(html)
-        return unless html_file.exists?
-        @md5 = html_file.md5
-        @sha256 = html_file.sha256
-        @mmh3 = html_file.mmh3
-      end
-      def query
-        [
-          md5 ? "md5:#{md5}" : nil,
-          sha256 ? "sha256:#{sha256}" : nil,
-          mmh3 ? "mmh3:#{mmh3}" : nil
-        ].compact.join(",")
-      end
-      def binary_edge
-        return nil unless sha256
-        BinaryEdge.new sha256
-      end
-      def censys
-        return nil unless sha256
-        Censys.new sha256
-      end
-      def onyphe
-        return nil unless md5
-        Onyphe.new "app.http.bodymd5:#{md5}"
-      end
-      def shodan
-        return nil unless mmh3
-        Shodan.new "http.html_hash:#{mmh3}"
-      end
-      def analyzers
-        raise InvalidInputError, "No hashes are given." unless valid_query?
-        [
-          binary_edge,
-          censys,
-          onyphe,
-          shodan
-        ].compact
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::BinaryEdge::Error, ::Censys::ResponseError, ::Onyphe::Error, ::Shodan::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/passive_dns.rb DELETED Viewed

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class PassiveDNS < Base
-      attr_reader :query, :type, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::CIRCL,
-        Mihari::Analyzers::OTX,
-        Mihari::Analyzers::PassiveTotal,
-        Mihari::Analyzers::Pulsedive,
-        Mihari::Analyzers::SecurityTrails,
-        Mihari::Analyzers::VirusTotal
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @type = TypeChecker.type(query)
-        @title = title || "PassiveDNS cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_type?
-        %w[ip domain].include? type
-      end
-      def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue Faraday::Error, ::PassiveCIRCL::Error, ::PassiveTotal::Error, ::Pulsedive::ResponseError, ::SecurityTrails::Error, ::VirusTotal::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/passive_ssl.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class PassiveSSL < Base
-      attr_reader :query, :type, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::CIRCL,
-        Mihari::Analyzers::PassiveTotal
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @type = TypeChecker.detailed_type(query)
-        @title = title || "PassiveSSL cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_type?
-        %w[sha1].include? type
-      end
-      def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::PassiveCIRCL::Error, ::PassiveTotal::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/reverse_whois.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class ReveseWhois < Base
-      attr_reader :query, :type, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::PassiveTotal,
-        Mihari::Analyzers::SecurityTrails
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @type = TypeChecker.type(query)
-        @title = title || "ReveseWhois cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_type?
-        %w[mail].include? type
-      end
-      def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::PassiveTotal::Error, ::SecurityTrails::Error => _e
-        nil
-      end
-    end
-  end
-end