mihari 3.3.0 → 3.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/lib/mihari/cli/analyzer.rb +3 -0
- data/lib/mihari/cli/base.rb +0 -3
- data/lib/mihari/commands/search.rb +16 -8
- data/lib/mihari/mixins/rule.rb +5 -1
- data/lib/mihari/schemas/rule.rb +3 -0
- data/lib/mihari/templates/rule.yml.erb +3 -0
- data/lib/mihari/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 142df147927aee93e6c653b2eb29cca50f4ba11606d68f1302af21780d6f0dc5
|
|
4
|
+
data.tar.gz: 594f762c94e361cc53cab08b39abad5e3503555b51d93add3cbce744fcbff711
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8483d2d125e30f04bdaf74243877dd9a261511d7d857f6dba42c6ea54af5de95f63c23759d1937badfdb5ae75819b99e70270edb0fb2f466601b8eaf6912dc8e
|
|
7
|
+
data.tar.gz: 8ffca15aadc0bc783086dd11df9fd051933af31e6778fcd4a67ddf51af5532b452603526a0303eb7c1dfdb530636a6e91df8440210189af3dc0f2806a4e64218
|
data/README.md
CHANGED
|
@@ -53,6 +53,10 @@ Mihari supports the following services by default.
|
|
|
53
53
|
|
|
54
54
|
- [Mihari Knowledge Base](https://www.notion.so/Mihari-Knowledge-Base-266994ff61204428ba6cfcebe40b0bd1)
|
|
55
55
|
|
|
56
|
+
## Presentations
|
|
57
|
+
|
|
58
|
+
- [Adversary Infrastructure Tracking with Mihari](https://ninoseki.github.io/presentations/Adversary%20Infrastructure%20Tracking%20with%20Mihari.pdf)
|
|
59
|
+
|
|
56
60
|
## License
|
|
57
61
|
|
|
58
62
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/lib/mihari/cli/analyzer.rb
CHANGED
|
@@ -22,6 +22,9 @@ require "mihari/commands/json"
|
|
|
22
22
|
module Mihari
|
|
23
23
|
module CLI
|
|
24
24
|
class Analyzer < Base
|
|
25
|
+
class_option :ignore_old_artifacts, type: :boolean, default: false, desc: "Whether to ignore old artifacts from checking or not."
|
|
26
|
+
class_option :ignore_threshold, type: :numeric, default: 0, desc: "Number of days to define whether an artifact is old or not."
|
|
27
|
+
|
|
25
28
|
include Mihari::Commands::BinaryEdge
|
|
26
29
|
include Mihari::Commands::Censys
|
|
27
30
|
include Mihari::Commands::CIRCL
|
data/lib/mihari/cli/base.rb
CHANGED
|
@@ -14,9 +14,6 @@ module Mihari
|
|
|
14
14
|
|
|
15
15
|
class_option :config, type: :string, desc: "Path to the config file"
|
|
16
16
|
|
|
17
|
-
class_option :ignore_old_artifacts, type: :boolean, default: false, desc: "Whether to ignore old artifacts from checking or not. Only affects with analyze commands."
|
|
18
|
-
class_option :ignore_threshold, type: :numeric, default: 0, desc: "Number of days to define whether an artifact is old or not. Only affects with analyze commands."
|
|
19
|
-
|
|
20
17
|
class << self
|
|
21
18
|
def exit_on_failure?
|
|
22
19
|
true
|
|
@@ -13,12 +13,21 @@ module Mihari
|
|
|
13
13
|
rule = load_rule(rule)
|
|
14
14
|
|
|
15
15
|
# validate rule schema
|
|
16
|
-
validate_rule
|
|
16
|
+
rule = validate_rule(rule)
|
|
17
17
|
|
|
18
|
-
analyzer = build_rule_analyzer(
|
|
18
|
+
analyzer = build_rule_analyzer(
|
|
19
|
+
title: rule[:title],
|
|
20
|
+
description: rule[:description],
|
|
21
|
+
queries: rule[:queries],
|
|
22
|
+
tags: rule[:tags],
|
|
23
|
+
allowed_data_types: rule[:allowed_data_types],
|
|
24
|
+
disallowed_data_values: rule[:disallowed_data_values],
|
|
25
|
+
source: rule[:source],
|
|
26
|
+
id: rule[:id]
|
|
27
|
+
)
|
|
19
28
|
|
|
20
|
-
ignore_old_artifacts =
|
|
21
|
-
ignore_threshold =
|
|
29
|
+
ignore_old_artifacts = rule[:ignore_old_artifacts]
|
|
30
|
+
ignore_threshold = rule[:ignore_threshold]
|
|
22
31
|
|
|
23
32
|
with_error_handling do
|
|
24
33
|
run_rule_analyzer analyzer, ignore_old_artifacts: ignore_old_artifacts, ignore_threshold: ignore_threshold
|
|
@@ -42,7 +51,7 @@ module Mihari
|
|
|
42
51
|
#
|
|
43
52
|
# @return [Mihari::Analyzers::Rule]
|
|
44
53
|
#
|
|
45
|
-
def build_rule_analyzer(title:, description:, queries:, tags: nil, allowed_data_types: nil, disallowed_data_values: nil, source: nil)
|
|
54
|
+
def build_rule_analyzer(title:, description:, queries:, tags: nil, allowed_data_types: nil, disallowed_data_values: nil, source: nil, id: nil)
|
|
46
55
|
tags = [] if tags.nil?
|
|
47
56
|
allowed_data_types = ALLOWED_DATA_TYPES if allowed_data_types.nil?
|
|
48
57
|
disallowed_data_values = [] if disallowed_data_values.nil?
|
|
@@ -54,7 +63,8 @@ module Mihari
|
|
|
54
63
|
queries: queries,
|
|
55
64
|
allowed_data_types: allowed_data_types,
|
|
56
65
|
disallowed_data_values: disallowed_data_values,
|
|
57
|
-
source: source
|
|
66
|
+
source: source,
|
|
67
|
+
id: id
|
|
58
68
|
)
|
|
59
69
|
end
|
|
60
70
|
|
|
@@ -62,8 +72,6 @@ module Mihari
|
|
|
62
72
|
# Run rule analyzer
|
|
63
73
|
#
|
|
64
74
|
# @param [Mihari::Analyzer::Rule] analyzer
|
|
65
|
-
# @param [Boolean] ignore_old_artifacts
|
|
66
|
-
# @param [Integer] ignore_threshold
|
|
67
75
|
#
|
|
68
76
|
# @return [nil]
|
|
69
77
|
#
|
data/lib/mihari/mixins/rule.rb
CHANGED
|
@@ -20,10 +20,12 @@ module Mihari
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
#
|
|
23
|
-
# Validate rule schema
|
|
23
|
+
# Validate rule schema and return a normalized rule
|
|
24
24
|
#
|
|
25
25
|
# @param [Hash] rule
|
|
26
26
|
#
|
|
27
|
+
# @return [Hash]
|
|
28
|
+
#
|
|
27
29
|
def validate_rule(rule)
|
|
28
30
|
error_message = "Failed to parse the input as a rule!"
|
|
29
31
|
|
|
@@ -42,6 +44,8 @@ module Mihari
|
|
|
42
44
|
puts error_message.colorize(:red)
|
|
43
45
|
raise ArgumentError, "Invalid rule schema"
|
|
44
46
|
end
|
|
47
|
+
|
|
48
|
+
result.to_h
|
|
45
49
|
end
|
|
46
50
|
|
|
47
51
|
#
|
data/lib/mihari/schemas/rule.rb
CHANGED
|
@@ -64,6 +64,9 @@ module Mihari
|
|
|
64
64
|
|
|
65
65
|
optional(:allowed_data_types).value(array[DataTypes]).default(ALLOWED_DATA_TYPES)
|
|
66
66
|
optional(:disallowed_data_values).value(array[:string]).default([])
|
|
67
|
+
|
|
68
|
+
optional(:ignore_old_artifacts).value(:bool).default(false)
|
|
69
|
+
optional(:ignore_threshold).value(:integer).default(0)
|
|
67
70
|
end
|
|
68
71
|
|
|
69
72
|
class RuleContract < Dry::Validation::Contract
|
|
@@ -15,6 +15,9 @@ allowed_data_types: # Array<String> (Optional, defaults to ["hash", "ip", "domai
|
|
|
15
15
|
- mail
|
|
16
16
|
disallowed_data_values: [] # Array<String> (Optional, defaults to [])
|
|
17
17
|
|
|
18
|
+
ignore_old_artifacts: true # Whether to ignore old artifacts from checking or not (Optional, defaults to true)
|
|
19
|
+
ignore_threshold: 0 # Number of days to define whether an artifact is old or not (Optional, defaults to 0)
|
|
20
|
+
|
|
18
21
|
queries: # Array<Hash> (required)
|
|
19
22
|
- analyzer: shodan # String (required)
|
|
20
23
|
query: ... # String (required)
|
data/lib/mihari/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-08-
|
|
11
|
+
date: 2021-08-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|