mihari 3.3.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/lib/mihari/cli/analyzer.rb +3 -0
- data/lib/mihari/cli/base.rb +0 -3
- data/lib/mihari/commands/search.rb +16 -8
- data/lib/mihari/mixins/rule.rb +5 -1
- data/lib/mihari/schemas/rule.rb +3 -0
- data/lib/mihari/templates/rule.yml.erb +3 -0
- data/lib/mihari/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 142df147927aee93e6c653b2eb29cca50f4ba11606d68f1302af21780d6f0dc5
|
|
4
|
+
data.tar.gz: 594f762c94e361cc53cab08b39abad5e3503555b51d93add3cbce744fcbff711
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8483d2d125e30f04bdaf74243877dd9a261511d7d857f6dba42c6ea54af5de95f63c23759d1937badfdb5ae75819b99e70270edb0fb2f466601b8eaf6912dc8e
|
|
7
|
+
data.tar.gz: 8ffca15aadc0bc783086dd11df9fd051933af31e6778fcd4a67ddf51af5532b452603526a0303eb7c1dfdb530636a6e91df8440210189af3dc0f2806a4e64218
|
data/README.md
CHANGED
|
@@ -53,6 +53,10 @@ Mihari supports the following services by default.
|
|
|
53
53
|
|
|
54
54
|
- [Mihari Knowledge Base](https://www.notion.so/Mihari-Knowledge-Base-266994ff61204428ba6cfcebe40b0bd1)
|
|
55
55
|
|
|
56
|
+
## Presentations
|
|
57
|
+
|
|
58
|
+
- [Adversary Infrastructure Tracking with Mihari](https://ninoseki.github.io/presentations/Adversary%20Infrastructure%20Tracking%20with%20Mihari.pdf)
|
|
59
|
+
|
|
56
60
|
## License
|
|
57
61
|
|
|
58
62
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/lib/mihari/cli/analyzer.rb
CHANGED
|
@@ -22,6 +22,9 @@ require "mihari/commands/json"
|
|
|
22
22
|
module Mihari
|
|
23
23
|
module CLI
|
|
24
24
|
class Analyzer < Base
|
|
25
|
+
class_option :ignore_old_artifacts, type: :boolean, default: false, desc: "Whether to ignore old artifacts from checking or not."
|
|
26
|
+
class_option :ignore_threshold, type: :numeric, default: 0, desc: "Number of days to define whether an artifact is old or not."
|
|
27
|
+
|
|
25
28
|
include Mihari::Commands::BinaryEdge
|
|
26
29
|
include Mihari::Commands::Censys
|
|
27
30
|
include Mihari::Commands::CIRCL
|
data/lib/mihari/cli/base.rb
CHANGED
|
@@ -14,9 +14,6 @@ module Mihari
|
|
|
14
14
|
|
|
15
15
|
class_option :config, type: :string, desc: "Path to the config file"
|
|
16
16
|
|
|
17
|
-
class_option :ignore_old_artifacts, type: :boolean, default: false, desc: "Whether to ignore old artifacts from checking or not. Only affects with analyze commands."
|
|
18
|
-
class_option :ignore_threshold, type: :numeric, default: 0, desc: "Number of days to define whether an artifact is old or not. Only affects with analyze commands."
|
|
19
|
-
|
|
20
17
|
class << self
|
|
21
18
|
def exit_on_failure?
|
|
22
19
|
true
|
|
@@ -13,12 +13,21 @@ module Mihari
|
|
|
13
13
|
rule = load_rule(rule)
|
|
14
14
|
|
|
15
15
|
# validate rule schema
|
|
16
|
-
validate_rule
|
|
16
|
+
rule = validate_rule(rule)
|
|
17
17
|
|
|
18
|
-
analyzer = build_rule_analyzer(
|
|
18
|
+
analyzer = build_rule_analyzer(
|
|
19
|
+
title: rule[:title],
|
|
20
|
+
description: rule[:description],
|
|
21
|
+
queries: rule[:queries],
|
|
22
|
+
tags: rule[:tags],
|
|
23
|
+
allowed_data_types: rule[:allowed_data_types],
|
|
24
|
+
disallowed_data_values: rule[:disallowed_data_values],
|
|
25
|
+
source: rule[:source],
|
|
26
|
+
id: rule[:id]
|
|
27
|
+
)
|
|
19
28
|
|
|
20
|
-
ignore_old_artifacts =
|
|
21
|
-
ignore_threshold =
|
|
29
|
+
ignore_old_artifacts = rule[:ignore_old_artifacts]
|
|
30
|
+
ignore_threshold = rule[:ignore_threshold]
|
|
22
31
|
|
|
23
32
|
with_error_handling do
|
|
24
33
|
run_rule_analyzer analyzer, ignore_old_artifacts: ignore_old_artifacts, ignore_threshold: ignore_threshold
|
|
@@ -42,7 +51,7 @@ module Mihari
|
|
|
42
51
|
#
|
|
43
52
|
# @return [Mihari::Analyzers::Rule]
|
|
44
53
|
#
|
|
45
|
-
def build_rule_analyzer(title:, description:, queries:, tags: nil, allowed_data_types: nil, disallowed_data_values: nil, source: nil)
|
|
54
|
+
def build_rule_analyzer(title:, description:, queries:, tags: nil, allowed_data_types: nil, disallowed_data_values: nil, source: nil, id: nil)
|
|
46
55
|
tags = [] if tags.nil?
|
|
47
56
|
allowed_data_types = ALLOWED_DATA_TYPES if allowed_data_types.nil?
|
|
48
57
|
disallowed_data_values = [] if disallowed_data_values.nil?
|
|
@@ -54,7 +63,8 @@ module Mihari
|
|
|
54
63
|
queries: queries,
|
|
55
64
|
allowed_data_types: allowed_data_types,
|
|
56
65
|
disallowed_data_values: disallowed_data_values,
|
|
57
|
-
source: source
|
|
66
|
+
source: source,
|
|
67
|
+
id: id
|
|
58
68
|
)
|
|
59
69
|
end
|
|
60
70
|
|
|
@@ -62,8 +72,6 @@ module Mihari
|
|
|
62
72
|
# Run rule analyzer
|
|
63
73
|
#
|
|
64
74
|
# @param [Mihari::Analyzer::Rule] analyzer
|
|
65
|
-
# @param [Boolean] ignore_old_artifacts
|
|
66
|
-
# @param [Integer] ignore_threshold
|
|
67
75
|
#
|
|
68
76
|
# @return [nil]
|
|
69
77
|
#
|
data/lib/mihari/mixins/rule.rb
CHANGED
|
@@ -20,10 +20,12 @@ module Mihari
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
#
|
|
23
|
-
# Validate rule schema
|
|
23
|
+
# Validate rule schema and return a normalized rule
|
|
24
24
|
#
|
|
25
25
|
# @param [Hash] rule
|
|
26
26
|
#
|
|
27
|
+
# @return [Hash]
|
|
28
|
+
#
|
|
27
29
|
def validate_rule(rule)
|
|
28
30
|
error_message = "Failed to parse the input as a rule!"
|
|
29
31
|
|
|
@@ -42,6 +44,8 @@ module Mihari
|
|
|
42
44
|
puts error_message.colorize(:red)
|
|
43
45
|
raise ArgumentError, "Invalid rule schema"
|
|
44
46
|
end
|
|
47
|
+
|
|
48
|
+
result.to_h
|
|
45
49
|
end
|
|
46
50
|
|
|
47
51
|
#
|
data/lib/mihari/schemas/rule.rb
CHANGED
|
@@ -64,6 +64,9 @@ module Mihari
|
|
|
64
64
|
|
|
65
65
|
optional(:allowed_data_types).value(array[DataTypes]).default(ALLOWED_DATA_TYPES)
|
|
66
66
|
optional(:disallowed_data_values).value(array[:string]).default([])
|
|
67
|
+
|
|
68
|
+
optional(:ignore_old_artifacts).value(:bool).default(false)
|
|
69
|
+
optional(:ignore_threshold).value(:integer).default(0)
|
|
67
70
|
end
|
|
68
71
|
|
|
69
72
|
class RuleContract < Dry::Validation::Contract
|
|
@@ -15,6 +15,9 @@ allowed_data_types: # Array<String> (Optional, defaults to ["hash", "ip", "domai
|
|
|
15
15
|
- mail
|
|
16
16
|
disallowed_data_values: [] # Array<String> (Optional, defaults to [])
|
|
17
17
|
|
|
18
|
+
ignore_old_artifacts: true # Whether to ignore old artifacts from checking or not (Optional, defaults to true)
|
|
19
|
+
ignore_threshold: 0 # Number of days to define whether an artifact is old or not (Optional, defaults to 0)
|
|
20
|
+
|
|
18
21
|
queries: # Array<Hash> (required)
|
|
19
22
|
- analyzer: shodan # String (required)
|
|
20
23
|
query: ... # String (required)
|
data/lib/mihari/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-08-
|
|
11
|
+
date: 2021-08-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|