RubyGems - mihari - Versions diffs - 3.4.0 → 3.6.1 - Mend

mihari 3.4.0 → 3.6.1

Files changed (173) hide show

checksums.yaml +4 -4
data/.gitmodules +3 -0
data/README.md +2 -0
data/Steepfile +32 -0
data/config.ru +1 -0
data/lib/mihari/analyzers/base.rb +39 -11
data/lib/mihari/analyzers/binaryedge.rb +13 -0
data/lib/mihari/analyzers/censys.rb +42 -9
data/lib/mihari/analyzers/circl.rb +15 -0
data/lib/mihari/analyzers/crtsh.rb +5 -0
data/lib/mihari/analyzers/dnpedia.rb +5 -0
data/lib/mihari/analyzers/dnstwister.rb +17 -0
data/lib/mihari/analyzers/onyphe.rb +50 -9
data/lib/mihari/analyzers/otx.rb +20 -0
data/lib/mihari/analyzers/passivetotal.rb +25 -0
data/lib/mihari/analyzers/pulsedive.rb +10 -0
data/lib/mihari/analyzers/rule.rb +18 -0
data/lib/mihari/analyzers/securitytrails.rb +25 -0
data/lib/mihari/analyzers/shodan.rb +39 -5
data/lib/mihari/analyzers/spyse.rb +20 -0
data/lib/mihari/analyzers/urlscan.rb +10 -0
data/lib/mihari/analyzers/virustotal.rb +20 -0
data/lib/mihari/analyzers/zoomeye.rb +38 -0
data/lib/mihari/cli/analyzer.rb +1 -0
data/lib/mihari/cli/base.rb +0 -2
data/lib/mihari/commands/init.rb +4 -4
data/lib/mihari/commands/search.rb +1 -0
data/lib/mihari/commands/web.rb +1 -0
data/lib/mihari/{constraints.rb → constants.rb} +0 -0
data/lib/mihari/database.rb +42 -3
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +38 -5
data/lib/mihari/emitters/slack.rb +20 -2
data/lib/mihari/emitters/the_hive.rb +16 -3
data/lib/mihari/emitters/webhook.rb +18 -3
data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
data/lib/mihari/models/alert.rb +28 -10
data/lib/mihari/models/artifact.rb +55 -0
data/lib/mihari/models/autonomous_system.rb +9 -0
data/lib/mihari/models/dns.rb +53 -0
data/lib/mihari/models/geolocation.rb +9 -0
data/lib/mihari/models/reverse_dns.rb +24 -0
data/lib/mihari/models/whois.rb +119 -0
data/lib/mihari/schemas/configuration.rb +1 -0
data/lib/mihari/schemas/rule.rb +2 -15
data/lib/mihari/serializers/alert.rb +6 -4
data/lib/mihari/serializers/artifact.rb +11 -2
data/lib/mihari/serializers/autonomous_system.rb +9 -0
data/lib/mihari/serializers/dns.rb +11 -0
data/lib/mihari/serializers/geolocation.rb +11 -0
data/lib/mihari/serializers/reverse_dns.rb +11 -0
data/lib/mihari/serializers/tag.rb +4 -2
data/lib/mihari/serializers/whois.rb +11 -0
data/lib/mihari/structs/censys.rb +92 -0
data/lib/mihari/structs/onyphe.rb +47 -0
data/lib/mihari/structs/shodan.rb +53 -0
data/lib/mihari/type_checker.rb +9 -9
data/lib/mihari/types.rb +21 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/app.rb +2 -0
data/lib/mihari/web/controllers/alerts_controller.rb +3 -4
data/lib/mihari/web/controllers/artifacts_controller.rb +46 -2
data/lib/mihari/web/controllers/ip_address_controller.rb +36 -0
data/lib/mihari/web/controllers/sources_controller.rb +2 -2
data/lib/mihari/web/controllers/tags_controller.rb +3 -1
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +12 -10
data/lib/mihari/web/public/static/fonts/fa-brands-400.1a575a41.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.513aa607.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.592643a8.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.ed311c7a.woff2 +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.766913e6.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.b0e2db3b.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.b91d376b.woff2 +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.d1d7e3b4.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.0c6bfc66.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.b9625119.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.d745348d.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.d824df7e.woff2 +0 -0
data/lib/mihari/web/public/static/img/fa-brands-400.1d5619cd.svg +3717 -0
data/lib/mihari/web/public/static/img/fa-regular-400.c5d109be.svg +801 -0
data/lib/mihari/web/public/static/img/fa-solid-900.37bc7099.svg +5034 -0
data/lib/mihari/web/public/static/js/app.8e3e5150.js +36 -0
data/lib/mihari/web/public/static/js/app.8e3e5150.js.map +1 -0
data/lib/mihari/web/public/static/js/app.b5914c39.js +36 -0
data/lib/mihari/web/public/static/js/app.b5914c39.js.map +1 -0
data/lib/mihari.rb +25 -4
data/mihari.gemspec +10 -2
data/sig/lib/mihari/analyzers/base.rbs +99 -0
data/sig/lib/mihari/analyzers/basic.rbs +17 -0
data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
data/sig/lib/mihari/analyzers/censys.rbs +38 -0
data/sig/lib/mihari/analyzers/circl.rbs +29 -0
data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
data/sig/lib/mihari/analyzers/otx.rbs +33 -0
data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
data/sig/lib/mihari/analyzers/rule.rbs +68 -0
data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
data/sig/lib/mihari/cli/analyzer.rbs +39 -0
data/sig/lib/mihari/cli/base.rbs +11 -0
data/sig/lib/mihari/cli/init.rbs +7 -0
data/sig/lib/mihari/cli/main.rbs +9 -0
data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
data/sig/lib/mihari/cli/validator.rbs +7 -0
data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
data/sig/lib/mihari/commands/censys.rbs +7 -0
data/sig/lib/mihari/commands/circl.rbs +7 -0
data/sig/lib/mihari/commands/crtsh.rbs +7 -0
data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
data/sig/lib/mihari/commands/init.rbs +11 -0
data/sig/lib/mihari/commands/json.rbs +7 -0
data/sig/lib/mihari/commands/onyphe.rbs +7 -0
data/sig/lib/mihari/commands/otx.rbs +7 -0
data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
data/sig/lib/mihari/commands/search.rbs +35 -0
data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
data/sig/lib/mihari/commands/shodan.rbs +7 -0
data/sig/lib/mihari/commands/spyse.rbs +7 -0
data/sig/lib/mihari/commands/urlscan.rbs +7 -0
data/sig/lib/mihari/commands/validator.rbs +11 -0
data/sig/lib/mihari/commands/virustotal.rbs +7 -0
data/sig/lib/mihari/commands/web.rbs +7 -0
data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
data/sig/lib/mihari/constants.rbs +3 -0
data/sig/lib/mihari/database.rbs +25 -0
data/sig/lib/mihari/emitters/base.rbs +18 -0
data/sig/lib/mihari/emitters/database.rbs +9 -0
data/sig/lib/mihari/emitters/misp.rbs +28 -0
data/sig/lib/mihari/emitters/slack.rbs +58 -0
data/sig/lib/mihari/emitters/stdout.rbs +9 -0
data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
data/sig/lib/mihari/emitters/webhook.rbs +20 -0
data/sig/lib/mihari/errors.rbs +10 -0
data/sig/lib/mihari/mixins/configurable.rbs +26 -0
data/sig/lib/mihari/mixins/configuration.rbs +45 -0
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
data/sig/lib/mihari/mixins/hash.rbs +14 -0
data/sig/lib/mihari/mixins/refang.rbs +14 -0
data/sig/lib/mihari/mixins/retriable.rbs +15 -0
data/sig/lib/mihari/mixins/rule.rbs +41 -0
data/sig/lib/mihari/models/alert.rbs +46 -0
data/sig/lib/mihari/models/artifact.rbs +54 -0
data/sig/lib/mihari/models/autonomous_system.rbs +5 -0
data/sig/lib/mihari/models/dns.rbs +19 -0
data/sig/lib/mihari/models/geolocation.rbs +6 -0
data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
data/sig/lib/mihari/models/tag.rbs +5 -0
data/sig/lib/mihari/models/tagging.rbs +4 -0
data/sig/lib/mihari/models/whois.rbs +66 -0
data/sig/lib/mihari/notifiers/base.rbs +18 -0
data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
data/sig/lib/mihari/notifiers/slack.rbs +50 -0
data/sig/lib/mihari/status.rbs +25 -0
data/sig/lib/mihari/structs/censys.rbs +50 -0
data/sig/lib/mihari/structs/onyphe.rbs +25 -0
data/sig/lib/mihari/structs/shodan.rbs +28 -0
data/sig/lib/mihari/type_checker.rbs +48 -0
data/sig/lib/mihari/types.rbs +17 -0
data/sig/lib/mihari/version.rbs +3 -0
data/sig/lib/mihari/web/app.rbs +5 -0
data/sig/lib/mihari.rbs +57 -0
metadata +240 -8

data/sig/lib/mihari/analyzers/onyphe.rbs ADDED Viewed

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class Onyphe < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      PAGE_SIZE: ::Integer
+      def configuration_keys: () -> ::Array["onyphe_api_key"]
+      def api: () -> untyped
+      def search_with_page: (String query, ?page: ::Integer page) -> Mihari::Structs::Onyphe::Response
+      def search: () -> Array[Mihari::Structs::Onyphe::Response]
+      #
+      # Build an artifact from an Onyphe search API result
+      #
+      # @param [Structs::Onyphe::Result] result
+      #
+      # @return [Artifact]
+      #
+      def build_artifact: (Mihari::Structs::Onyphe::Result result) -> Mihari::Artifact
+    end
+  end
+end

data/sig/lib/mihari/analyzers/otx.rbs ADDED Viewed

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class OTX < Base
+      include Mixins::Refang
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      def initialize: (*untyped args, **untyped kwargs) -> void
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def configuration_keys: () -> ::Array["otx_api_key"]
+      def domain_client: () -> untyped
+      def ip_client: () -> untyped
+      def valid_type?: () -> bool
+      def search: () -> Array[String]
+      def domain_search: () -> Array[String]
+      def ip_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/passivetotal.rbs ADDED Viewed

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class PassiveTotal < Base
+      include Mixins::Refang
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      def initialize: (*untyped args, **untyped kwargs) -> void
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def configuration_keys: () -> ::Array["passivetotal_username" | "passivetotal_api_key"]
+      def api: () -> untyped
+      def valid_type?: () -> bool
+      def search: () -> Array[String]
+      def passive_dns_search: () -> Array[String]
+      def reverse_whois_search: () -> Array[String]
+      def ssl_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/pulsedive.rbs ADDED Viewed

@@ -0,0 +1,27 @@
+module Mihari
+  module Analyzers
+    class Pulsedive < Base
+      include Mixins::Refang
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      def initialize: (*untyped args, **untyped kwargs) -> void
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def configuration_keys: () -> ::Array["pulsedive_api_key"]
+      def api: () -> untyped
+      def valid_type?: () -> bool
+      def search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/rule.rbs ADDED Viewed

@@ -0,0 +1,68 @@
+module Mihari
+  module Analyzers
+    class Rule < Base
+      include Mihari::Mixins::DisallowedDataValue
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader queries: Hash[(String | Symbol), untyped]
+      attr_reader tags: Array[String]
+      attr_reader allowed_data_types: Array[String]
+      attr_reader disallowed_data_values: Array[String]
+      attr_reader source: String
+      attr_reader id: String?
+      def initialize: (**untyped kwargs) -> void
+      ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
+      #
+      # Returns a list of artifacts matched with queries
+      #
+      # @return [Array<Mihari::Artifact>]
+      #
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      #
+      # Normalize artifacts
+      # - Uniquefy artifacts by #uniq(&:data)
+      # - Reject an invalid artifact (for just in case)
+      # - Select artifacts with allowed data types
+      # - Reject artifacts with disallowed data values
+      #
+      # @return [Array<Mihari::Artifact>]
+      #
+      def normalized_artifacts: () -> untyped
+      #
+      # Normalized disallowed data values
+      #
+      # @return [Array<Regexp, String>]
+      #
+      def normalized_disallowed_data_values: () -> untyped
+      #
+      # Check whether a value is a disallowed data value or not
+      #
+      # @return [Boolean]
+      #
+      def disallowed_data_value?: (untyped value) -> untyped
+      private
+      #
+      # Get analyzer class
+      #
+      # @param [String] analyzer_name
+      #
+      # @return [Class<Mihari::Analyzers::Base>] analyzer class
+      #
+      def get_analyzer_class: (untyped analyzer_name) -> untyped
+      #
+      # Validate configuration of analyzers
+      #
+      def validate_analyzer_configurations: () -> untyped
+    end
+  end
+end

data/sig/lib/mihari/analyzers/securitytrails.rbs ADDED Viewed

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class SecurityTrails < Base
+      include Mixins::Refang
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      def initialize: (*untyped args, **untyped kwargs) -> void
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def configuration_keys: () -> ::Array["securitytrails_api_key"]
+      def api: () -> untyped
+      def valid_type?: () -> bool
+      def search: () -> Array[String]
+      def domain_search: () -> Array[String]
+      def ip_search: () -> Array[String]
+      def mail_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/shodan.rbs ADDED Viewed

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class Shodan < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      PAGE_SIZE: ::Integer
+      def configuration_keys: () -> ::Array["shodan_api_key"]
+      def api: () -> untyped
+      def search_with_page: (String query, ?page: ::Integer page) -> Hash[(String | Symbol), untyped]
+      def search: () -> Array[Hash[(String | Symbol), untyped]]
+      #
+      # Build an artifact from a Shodan search API response
+      #
+      # @param [Structs::Shodan::Match] match
+      #
+      # @return [Artifact]
+      #
+      def build_artifact: (Mihari::Structs::Shodan::Match match) -> Mihari::Artifact
+    end
+  end
+end

data/sig/lib/mihari/analyzers/spyse.rbs ADDED Viewed

@@ -0,0 +1,29 @@
+module Mihari
+  module Analyzers
+    class Spyse < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def search_params: () -> Hash[(String | Symbol), untyped]
+      def configuration_keys: () -> ::Array["spyse_api_key"]
+      def api: () -> untyped
+      def valid_type?: () -> bool
+      def domain_search: () -> Array[String]
+      def ip_search: () -> Array[String]
+      def search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/urlscan.rbs ADDED Viewed

@@ -0,0 +1,28 @@
+SUPPORTED_DATA_TYPES: untyped
+module Mihari
+  module Analyzers
+    class Urlscan < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader allowed_data_types: Array[String]
+      attr_reader use_similarity: bool
+      def initialize: (*untyped args, **untyped kwargs) -> void
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def configuration_keys: () -> ::Array["urlscan_api_key"]
+      def api: () -> untyped
+      def search: () -> Array[Hash[(String | Symbol), untyped]]
+      def valid_alllowed_data_types?: () -> bool
+    end
+  end
+end

data/sig/lib/mihari/analyzers/virustotal.rbs ADDED Viewed

@@ -0,0 +1,31 @@
+module Mihari
+  module Analyzers
+    class VirusTotal < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      include Mixins::Refang
+      def initialize: (*untyped args, **untyped kwargs) -> void
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      def configuration_keys: () -> ::Array["virustotal_api_key"]
+      def api: () -> untyped
+      def valid_type?: () -> bool
+      def search: () -> Array[String]
+      def domain_search: () -> Array[String]
+      def ip_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/zoomeye.rbs ADDED Viewed

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class ZoomEye < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      private
+      PAGE_SIZE: ::Integer
+      def valid_type?: () -> bool
+      def configuration_keys: () -> ::Array["zoomeye_api_key"]
+      def api: () -> untyped
+      def convert_responses: (Array[Hash[(String | Symbol), untyped]] responses) -> Array[String]
+      def _host_search: (String query, ?page: ::Integer page) -> (Hash[(String | Symbol), untyped] | nil)
+      def host_search: () -> Array[String]
+      def _web_search: (String query, ?page: ::Integer page) -> (Hash[(String | Symbol), untyped] | nil)
+      def web_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/cli/analyzer.rbs ADDED Viewed

@@ -0,0 +1,39 @@
+module Mihari
+  module CLI
+    class Analyzer < Base
+      include Mihari::Commands::BinaryEdge
+      include Mihari::Commands::Censys
+      include Mihari::Commands::CIRCL
+      include Mihari::Commands::Crtsh
+      include Mihari::Commands::DNPedia
+      include Mihari::Commands::DNSTwister
+      include Mihari::Commands::JSON
+      include Mihari::Commands::Onyphe
+      include Mihari::Commands::OTX
+      include Mihari::Commands::PassiveTotal
+      include Mihari::Commands::Pulsedive
+      include Mihari::Commands::SecurityTrails
+      include Mihari::Commands::Shodan
+      include Mihari::Commands::Spyse
+      include Mihari::Commands::Urlscan
+      include Mihari::Commands::VirusTotal
+      include Mihari::Commands::ZoomEye
+    end
+  end
+end

data/sig/lib/mihari/cli/base.rbs ADDED Viewed

@@ -0,0 +1,11 @@
+module Mihari
+  module CLI
+    class Base
+      include Mihari::Mixins::Hash
+      include Mihari::CLI::Mixins::Utils
+      def self.exit_on_failure?: () -> ::TrueClass
+    end
+  end
+end