RubyGems - mihari - Versions diffs - 2.4.0 → 3.2.0 - Mend

mihari 2.4.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

checksums.yaml +4 -4
data/.gitignore +7 -0
data/.overcommit.yml +12 -0
data/README.md +1 -9
data/build_frontend.sh +5 -0
data/docker/Dockerfile +1 -1
data/exe/mihari +1 -1
data/lib/mihari.rb +89 -15
data/lib/mihari/analyzers/base.rb +49 -8
data/lib/mihari/analyzers/basic.rb +1 -2
data/lib/mihari/analyzers/binaryedge.rb +7 -13
data/lib/mihari/analyzers/censys.rb +26 -63
data/lib/mihari/analyzers/circl.rb +20 -17
data/lib/mihari/analyzers/crtsh.rb +6 -13
data/lib/mihari/analyzers/dnpedia.rb +6 -12
data/lib/mihari/analyzers/dnstwister.rb +13 -10
data/lib/mihari/analyzers/onyphe.rb +6 -12
data/lib/mihari/analyzers/otx.rb +22 -19
data/lib/mihari/analyzers/passivetotal.rb +22 -21
data/lib/mihari/analyzers/pulsedive.rb +16 -13
data/lib/mihari/analyzers/rule.rb +97 -0
data/lib/mihari/analyzers/securitytrails.rb +22 -19
data/lib/mihari/analyzers/shodan.rb +7 -13
data/lib/mihari/analyzers/spyse.rb +12 -19
data/lib/mihari/analyzers/urlscan.rb +22 -27
data/lib/mihari/analyzers/virustotal.rb +25 -22
data/lib/mihari/analyzers/zoomeye.rb +14 -20
data/lib/mihari/cli/analyzer.rb +44 -0
data/lib/mihari/cli/base.rb +27 -0
data/lib/mihari/cli/init.rb +13 -0
data/lib/mihari/cli/main.rb +30 -0
data/lib/mihari/cli/mixins/utils.rb +88 -0
data/lib/mihari/cli/validator.rb +11 -0
data/lib/mihari/commands/binaryedge.rb +1 -1
data/lib/mihari/commands/censys.rb +1 -1
data/lib/mihari/commands/circl.rb +2 -2
data/lib/mihari/commands/crtsh.rb +1 -1
data/lib/mihari/commands/dnpedia.rb +1 -1
data/lib/mihari/commands/dnstwister.rb +2 -2
data/lib/mihari/commands/init.rb +46 -0
data/lib/mihari/commands/json.rb +1 -1
data/lib/mihari/commands/onyphe.rb +1 -1
data/lib/mihari/commands/otx.rb +2 -2
data/lib/mihari/commands/passivetotal.rb +2 -2
data/lib/mihari/commands/pulsedive.rb +2 -2
data/lib/mihari/commands/search.rb +77 -0
data/lib/mihari/commands/securitytrails.rb +2 -2
data/lib/mihari/commands/shodan.rb +1 -1
data/lib/mihari/commands/spyse.rb +1 -1
data/lib/mihari/commands/urlscan.rb +2 -2
data/lib/mihari/commands/validator.rb +38 -0
data/lib/mihari/commands/virustotal.rb +2 -2
data/lib/mihari/commands/zoomeye.rb +1 -1
data/lib/mihari/constraints.rb +5 -0
data/lib/mihari/database.rb +13 -2
data/lib/mihari/emitters/base.rb +2 -2
data/lib/mihari/emitters/database.rb +1 -1
data/lib/mihari/emitters/misp.rb +3 -1
data/lib/mihari/emitters/slack.rb +6 -7
data/lib/mihari/emitters/the_hive.rb +1 -1
data/lib/mihari/emitters/webhook.rb +2 -9
data/lib/mihari/mixins/configurable.rb +38 -0
data/lib/mihari/mixins/configuration.rb +90 -0
data/lib/mihari/mixins/hash.rb +20 -0
data/lib/mihari/mixins/refang.rb +21 -0
data/lib/mihari/mixins/retriable.rb +27 -0
data/lib/mihari/mixins/rule.rb +79 -0
data/lib/mihari/models/alert.rb +28 -1
data/lib/mihari/models/artifact.rb +11 -1
data/lib/mihari/notifiers/base.rb +9 -1
data/lib/mihari/notifiers/exception_notifier.rb +50 -0
data/lib/mihari/notifiers/slack.rb +29 -0
data/lib/mihari/schemas/analyzer.rb +25 -0
data/lib/mihari/schemas/configuration.rb +42 -0
data/lib/mihari/schemas/macros.rb +17 -0
data/lib/mihari/schemas/rule.rb +72 -0
data/lib/mihari/serializers/artifact.rb +1 -1
data/lib/mihari/status.rb +14 -0
data/lib/mihari/templates/rule.yml.erb +19 -0
data/lib/mihari/type_checker.rb +8 -3
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/app.rb +2 -1
data/lib/mihari/web/controllers/analyzers_controller.rb +38 -0
data/lib/mihari/web/controllers/base_controller.rb +1 -1
data/lib/mihari/web/public/index.html +1 -21
data/lib/mihari/web/public/redoc-static.html +338 -461
data/lib/mihari/web/public/static/js/app.365f1907.js +13 -0
data/lib/mihari/web/public/static/js/app.365f1907.js.map +1 -0
data/lib/mihari/web/public/static/js/app.ab213f7c.js +12 -0
data/lib/mihari/web/public/static/js/app.ab213f7c.js.map +1 -0
data/mihari.gemspec +16 -9
metadata +135 -58
data/.rubocop.yml +0 -161
data/lib/mihari/analyzers/free_text.rb +0 -48
data/lib/mihari/analyzers/http_hash.rb +0 -100
data/lib/mihari/analyzers/passive_dns.rb +0 -59
data/lib/mihari/analyzers/passive_ssl.rb +0 -55
data/lib/mihari/analyzers/reverse_whois.rb +0 -55
data/lib/mihari/analyzers/securitytrails_domain_feed.rb +0 -59
data/lib/mihari/analyzers/ssh_fingerprint.rb +0 -58
data/lib/mihari/cli.rb +0 -126
data/lib/mihari/commands/config.rb +0 -27
data/lib/mihari/commands/free_text.rb +0 -21
data/lib/mihari/commands/http_hash.rb +0 -25
data/lib/mihari/commands/passive_dns.rb +0 -21
data/lib/mihari/commands/passive_ssl.rb +0 -21
data/lib/mihari/commands/reverse_whois.rb +0 -21
data/lib/mihari/commands/securitytrails_domain_feed.rb +0 -23
data/lib/mihari/commands/ssh_fingerprint.rb +0 -21
data/lib/mihari/config.rb +0 -85
data/lib/mihari/configurable.rb +0 -21
data/lib/mihari/html.rb +0 -43
data/lib/mihari/retriable.rb +0 -17

data/.rubocop.yml DELETED Viewed

@@ -1,161 +0,0 @@
-# Relaxed.Ruby.Style
-## Version 2.5
-require:
-  - rubocop-performance
-AllCops:
-  NewCops: enable
-Style/Alias:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylealias
-Style/AsciiComments:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleasciicomments
-Style/BeginBlock:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylebeginblock
-Style/BlockDelimiters:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleblockdelimiters
-Style/CommentAnnotation:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylecommentannotation
-Style/Documentation:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styledocumentation
-Layout/DotPosition:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#layoutdotposition
-Style/DoubleNegation:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styledoublenegation
-Style/EndBlock:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleendblock
-Style/FormatString:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleformatstring
-Style/IfUnlessModifier:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleifunlessmodifier
-Style/Lambda:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylelambda
-Style/ModuleFunction:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylemodulefunction
-Style/MultilineBlockChain:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylemultilineblockchain
-Style/NegatedIf:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylenegatedif
-Style/NegatedWhile:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylenegatedwhile
-Style/NumericPredicate:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylenumericpredicate
-Style/ParallelAssignment:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleparallelassignment
-Style/PercentLiteralDelimiters:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylepercentliteraldelimiters
-Style/PerlBackrefs:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styleperlbackrefs
-Style/Semicolon:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesemicolon
-Style/SignalException:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesignalexception
-Style/SingleLineBlockParams:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesinglelineblockparams
-Style/SingleLineMethods:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylesinglelinemethods
-Layout/SpaceBeforeBlockBraces:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#layoutspacebeforeblockbraces
-Layout/SpaceInsideParens:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#layoutspaceinsideparens
-Style/SpecialGlobalVars:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylespecialglobalvars
-Style/StringLiterals:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylestringliterals
-Style/TrailingCommaInArguments:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainarguments
-Style/TrailingCommaInArrayLiteral:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainarrayliteral
-Style/TrailingCommaInHashLiteral:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainhashliteral
-Style/SymbolArray:
-  Enabled: false
-  StyleGuide: http://relaxed.ruby.style/#stylesymbolarray
-Style/WhileUntilModifier:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylewhileuntilmodifier
-Style/WordArray:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#stylewordarray
-Lint/AmbiguousRegexpLiteral:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#lintambiguousregexpliteral
-Lint/AssignmentInCondition:
-  Enabled: false
-  StyleGuide: https://relaxed.ruby.style/#lintassignmentincondition
-Layout/LineLength:
-  Enabled: false
-Style/StringLiteralsInInterpolation:
-  Enabled: false
-Metrics:
-  Enabled: false

data/lib/mihari/analyzers/free_text.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class FreeText < Base
-      attr_reader :query, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::BinaryEdge,
-        Mihari::Analyzers::Censys
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @title = title || "Free text cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def analyzers
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::BinaryEdge::Error, ::Censys::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/http_hash.rb DELETED Viewed

@@ -1,100 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class HTTPHash < Base
-      attr_reader :md5, :sha256, :mmh3, :html, :title, :description, :tags
-      def initialize(_query, md5: nil, sha256: nil, mmh3: nil, html: nil, title: nil, description: nil, tags: [])
-        super()
-        @md5 = md5
-        @sha256 = sha256
-        @mmh3 = mmh3
-        @html = html
-        load_from_html
-        @title = title || "HTTP hash cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_query?
-        [md5, sha256, mmh3].compact.any?
-      end
-      def load_from_html
-        return unless html
-        html_file = HTML.new(html)
-        return unless html_file.exists?
-        @md5 = html_file.md5
-        @sha256 = html_file.sha256
-        @mmh3 = html_file.mmh3
-      end
-      def query
-        [
-          md5 ? "md5:#{md5}" : nil,
-          sha256 ? "sha256:#{sha256}" : nil,
-          mmh3 ? "mmh3:#{mmh3}" : nil
-        ].compact.join(",")
-      end
-      def binary_edge
-        return nil unless sha256
-        BinaryEdge.new sha256
-      end
-      def censys
-        return nil unless sha256
-        Censys.new sha256
-      end
-      def onyphe
-        return nil unless md5
-        Onyphe.new "app.http.bodymd5:#{md5}"
-      end
-      def shodan
-        return nil unless mmh3
-        Shodan.new "http.html_hash:#{mmh3}"
-      end
-      def analyzers
-        raise InvalidInputError, "No hashes are given." unless valid_query?
-        [
-          binary_edge,
-          censys,
-          onyphe,
-          shodan
-        ].compact
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::BinaryEdge::Error, ::Censys::ResponseError, ::Onyphe::Error, ::Shodan::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/passive_dns.rb DELETED Viewed

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class PassiveDNS < Base
-      attr_reader :query, :type, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::CIRCL,
-        Mihari::Analyzers::OTX,
-        Mihari::Analyzers::PassiveTotal,
-        Mihari::Analyzers::Pulsedive,
-        Mihari::Analyzers::SecurityTrails,
-        Mihari::Analyzers::VirusTotal
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @type = TypeChecker.type(query)
-        @title = title || "PassiveDNS cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_type?
-        %w[ip domain].include? type
-      end
-      def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue Faraday::Error, ::PassiveCIRCL::Error, ::PassiveTotal::Error, ::Pulsedive::ResponseError, ::SecurityTrails::Error, ::VirusTotal::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/passive_ssl.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class PassiveSSL < Base
-      attr_reader :query, :type, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::CIRCL,
-        Mihari::Analyzers::PassiveTotal
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @type = TypeChecker.detailed_type(query)
-        @title = title || "PassiveSSL cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_type?
-        %w[sha1].include? type
-      end
-      def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::PassiveCIRCL::Error, ::PassiveTotal::Error => _e
-        nil
-      end
-    end
-  end
-end

data/lib/mihari/analyzers/reverse_whois.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "parallel"
-module Mihari
-  module Analyzers
-    class ReveseWhois < Base
-      attr_reader :query, :type, :title, :description, :tags
-      ANALYZERS = [
-        Mihari::Analyzers::PassiveTotal,
-        Mihari::Analyzers::SecurityTrails
-      ].freeze
-      def initialize(query, title: nil, description: nil, tags: [])
-        super()
-        @query = query
-        @type = TypeChecker.type(query)
-        @title = title || "ReveseWhois cross search"
-        @description = description || "query = #{query}"
-        @tags = tags
-      end
-      def artifacts
-        Parallel.map(analyzers) do |analyzer|
-          run_analyzer analyzer
-        end.flatten
-      end
-      private
-      def valid_type?
-        %w[mail].include? type
-      end
-      def analyzers
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        ANALYZERS.map do |klass|
-          klass.new(query)
-        end
-      end
-      def run_analyzer(analyzer)
-        analyzer.artifacts
-      rescue ArgumentError, InvalidInputError => _e
-        nil
-      rescue ::PassiveTotal::Error, ::SecurityTrails::Error => _e
-        nil
-      end
-    end
-  end
-end