mihari 3.5.0 → 3.7.1

data/sig/lib/mihari/structs/onyphe.rbs

@@ -0,0 +1,25 @@
+module Mihari
+  module Structs
+    module Onyphe
+      class Result
+        attr_reader asn: String
+        attr_reader country_code: String?
+        attr_reader ip: String
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Onyphe::Result
+      end
+
+      class Response
+        attr_reader count: Integer
+        attr_reader error: Integer
+        attr_reader max_page: Integer
+        attr_reader page: String
+        attr_reader results: Array[Mihari::Structs::Onyphe::Result]
+        attr_reader status: String
+        attr_reader total: Integer
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Onyphe::Response
+      end
+    end
+  end
+end

data/sig/lib/mihari/structs/shodan.rbs

@@ -0,0 +1,28 @@
+module Mihari
+  module Structs
+    module Shodan
+      class Location
+        attr_reader country_code: String
+        attr_reader country_name: String
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Shodan::Location
+      end
+
+      class Match
+        attr_reader asn: String
+        attr_reader hostnames: Array[String]
+        attr_reader location: Mihari::Structs::Shodan::Location
+        attr_reader domains: Array[String]
+        attr_reader ip_str: String
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Shodan::Match
+      end
+
+      class Result
+        attr_reader matches: Array[Mihari::Structs::Shodan::Match]
+        attr_reader total: Integer
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Shodan::Result
+      end
+    end
+  end
+end

data/sig/lib/mihari/type_checker.rbs

@@ -0,0 +1,48 @@
+module Mihari
+  class TypeChecker
+    # extend Dry::Initializer
+
+    def initialize: (*untyped args, **untyped kwargs) -> void
+
+    # @return [true, false]
+    def hash?: () -> bool
+
+    # @return [true, false]
+    def ip?: () -> bool
+
+    # @return [true, false]
+    def domain?: () -> bool
+
+    # @return [true, false]
+    def url?: () -> bool
+
+    # @return [true, false]
+    def mail?: () -> bool
+
+    # @return [String, nil]
+    def type: () -> ("hash" | "ip" | "domain" | "url" | nil)
+
+    # @return [String, nil]
+    def detailed_type: () -> ("md5" | "sha1" | "sha256" | "sha512" | nil)
+
+    # @return [String, nil]
+    def self.type: (untyped data) -> String?
+
+    # @return [String, nil]
+    def self.detailed_type: (untyped data) -> String?
+
+    private
+
+    # @return [true, false]
+    def md5?: () -> bool
+
+    # @return [true, false]
+    def sha1?: () -> bool
+
+    # @return [true, false]
+    def sha256?: () -> bool
+
+    # @return [true, false]
+    def sha512?: () -> bool
+  end
+end

data/sig/lib/mihari/types.rbs

@@ -0,0 +1,17 @@
+module Mihari
+  module Types
+    Int: ::Integer
+
+    Nil: nil
+
+    Hash: Hash[(String | Symbol), untyped]
+
+    String: ::String
+
+    Double: (::Float | ::Integer)
+
+    DataTypes: Array[String]
+
+    AnalyzerTypes: Array[String]
+  end
+end

data/sig/lib/mihari/version.rbs

@@ -0,0 +1,3 @@
+module Mihari
+  VERSION: ::String
+end

data/sig/lib/mihari/web/app.rbs

@@ -0,0 +1,5 @@
+module Mihari
+  class App # < Sinatra::Base
+    def self.run!: (?port: ::Integer port, ?host: ::String host) -> void
+  end
+end

data/sig/lib/mihari.rbs

@@ -0,0 +1,59 @@
+class Configuration
+  attr_accessor binaryedge_api_key (): String?
+  attr_accessor censys_id (): String?
+  attr_accessor censys_secret (): String?
+  attr_accessor circl_passive_password (): String?
+  attr_accessor circl_passive_username (): String?
+  attr_accessor ipinfo_api_key (): String?
+  attr_accessor misp_api_endpoint (): String?
+  attr_accessor misp_api_key (): String?
+  attr_accessor onyphe_api_key (): String?
+  attr_accessor otx_api_key (): String?
+  attr_accessor passivetotal_api_key (): String?
+  attr_accessor passivetotal_username (): String?
+  attr_accessor pulsedive_api_key (): String?
+  attr_accessor securitytrails_api_key (): String?
+  attr_accessor shodan_api_key (): String?
+  attr_accessor slack_channel (): String?
+  attr_accessor slack_webhook_url (): String?
+  attr_accessor spyse_api_key (): String?
+  attr_accessor thehive_api_endpoint (): String?
+  attr_accessor thehive_api_key (): String?
+  attr_accessor urlscan_api_key (): String?
+  attr_accessor virustotal_api_key (): String?
+  attr_accessor zoomeye_api_key (): String?
+  attr_accessor webhook_url (): String?
+  attr_accessor webhook_use_json_body (): (bool | nil)
+  attr_accessor database (): String?
+
+  attr_reader values: Hash[(String | Symbol), String?]
+end
+
+module Mihari
+  def self.config: () -> Configuration
+
+  # extend Dry::Configurable
+
+  extend Mixins::Configuration
+
+  # include Mem
+
+  def self.emitters: () -> ::Array[singleton(Mihari::Emitters::Base)]
+
+  def self.analyzers: () -> ::Array[singleton(Mihari::Analyzers::Base)]
+
+  def self.enrichers: () -> ::Array[singleton(Mihari::Enrichers::Base)]
+
+  #
+  # Load configuration from YAML file
+  #
+  # @param [String] path Path to YAML file
+  #
+  # @return [nil]
+  #
+  def self.load_config_from_yaml: (String path) -> void
+end
+
+class Object
+  def truthy?: (untyped value) -> bool
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.7.1
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-08-15 00:00:00.000000000 Z
+date: 2021-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -122,6 +122,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: rerun
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +170,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: steep
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.46'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.46'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -360,6 +402,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: dry-configurable
   requirement: !ruby/object:Gem::Requirement
@@ -402,6 +458,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: dry-struct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: dry-validation
   requirement: !ruby/object:Gem::Requirement
@@ -486,6 +556,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: memist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: misp
   requirement: !ruby/object:Gem::Requirement
@@ -514,6 +598,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: normalize_country
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: onyphe
   requirement: !ruby/object:Gem::Requirement
@@ -850,6 +948,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: whois
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: whois-parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: zoomeye-rb
   requirement: !ruby/object:Gem::Requirement
@@ -876,6 +1002,7 @@ files:
 - ".github/ISSUE_TEMPLATE/feature_request.md"
 - ".github/workflows/test.yml"
 - ".gitignore"
+- ".gitmodules"
 - ".overcommit.yml"
 - ".rspec"
 - ".standard.yml"
@@ -883,6 +1010,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- Steepfile
 - bin/console
 - bin/setup
 - build_frontend.sh
@@ -946,7 +1074,7 @@ files:
 - lib/mihari/commands/virustotal.rb
 - lib/mihari/commands/web.rb
 - lib/mihari/commands/zoomeye.rb
-- lib/mihari/constraints.rb
+- lib/mihari/constants.rb
 - lib/mihari/database.rb
 - lib/mihari/emitters/base.rb
 - lib/mihari/emitters/database.rb
@@ -955,7 +1083,10 @@ files:
 - lib/mihari/emitters/stdout.rb
 - lib/mihari/emitters/the_hive.rb
 - lib/mihari/emitters/webhook.rb
+- lib/mihari/enrichers/base.rb
+- lib/mihari/enrichers/ipinfo.rb
 - lib/mihari/errors.rb
+- lib/mihari/mixins/autonomous_system.rb
 - lib/mihari/mixins/configurable.rb
 - lib/mihari/mixins/configuration.rb
 - lib/mihari/mixins/disallowed_data_value.rb
@@ -965,8 +1096,13 @@ files:
 - lib/mihari/mixins/rule.rb
 - lib/mihari/models/alert.rb
 - lib/mihari/models/artifact.rb
+- lib/mihari/models/autonomous_system.rb
+- lib/mihari/models/dns.rb
+- lib/mihari/models/geolocation.rb
+- lib/mihari/models/reverse_dns.rb
 - lib/mihari/models/tag.rb
 - lib/mihari/models/tagging.rb
+- lib/mihari/models/whois.rb
 - lib/mihari/notifiers/base.rb
 - lib/mihari/notifiers/exception_notifier.rb
 - lib/mihari/notifiers/slack.rb
@@ -976,10 +1112,20 @@ files:
 - lib/mihari/schemas/rule.rb
 - lib/mihari/serializers/alert.rb
 - lib/mihari/serializers/artifact.rb
+- lib/mihari/serializers/autonomous_system.rb
+- lib/mihari/serializers/dns.rb
+- lib/mihari/serializers/geolocation.rb
+- lib/mihari/serializers/reverse_dns.rb
 - lib/mihari/serializers/tag.rb
+- lib/mihari/serializers/whois.rb
 - lib/mihari/status.rb
+- lib/mihari/structs/censys.rb
+- lib/mihari/structs/ipinfo.rb
+- lib/mihari/structs/onyphe.rb
+- lib/mihari/structs/shodan.rb
 - lib/mihari/templates/rule.yml.erb
 - lib/mihari/type_checker.rb
+- lib/mihari/types.rb
 - lib/mihari/version.rb
 - lib/mihari/web/app.rb
 - lib/mihari/web/controllers/alerts_controller.rb
@@ -1025,8 +1171,12 @@ files:
 - lib/mihari/web/public/static/img/fa-regular-400.c5d109be.svg
 - lib/mihari/web/public/static/img/fa-solid-900.376c1f97.svg
 - lib/mihari/web/public/static/img/fa-solid-900.37bc7099.svg
+- lib/mihari/web/public/static/js/app.06d5cf1c.js
+- lib/mihari/web/public/static/js/app.06d5cf1c.js.map
 - lib/mihari/web/public/static/js/app.365f1907.js
 - lib/mihari/web/public/static/js/app.365f1907.js.map
+- lib/mihari/web/public/static/js/app.8e3e5150.js
+- lib/mihari/web/public/static/js/app.8e3e5150.js.map
 - lib/mihari/web/public/static/js/app.ab213f7c.js
 - lib/mihari/web/public/static/js/app.ab213f7c.js.map
 - lib/mihari/web/public/static/js/app.b5914c39.js
@@ -1035,6 +1185,94 @@ files:
 - lib/mihari/web/public/static/js/app.cccddb2b.js.map
 - mihari.gemspec
 - renovate.json
+- sig/lib/mihari.rbs
+- sig/lib/mihari/analyzers/base.rbs
+- sig/lib/mihari/analyzers/basic.rbs
+- sig/lib/mihari/analyzers/binaryedge.rbs
+- sig/lib/mihari/analyzers/censys.rbs
+- sig/lib/mihari/analyzers/circl.rbs
+- sig/lib/mihari/analyzers/crtsh.rbs
+- sig/lib/mihari/analyzers/dnpedia.rbs
+- sig/lib/mihari/analyzers/dnstwister.rbs
+- sig/lib/mihari/analyzers/onyphe.rbs
+- sig/lib/mihari/analyzers/otx.rbs
+- sig/lib/mihari/analyzers/passivetotal.rbs
+- sig/lib/mihari/analyzers/pulsedive.rbs
+- sig/lib/mihari/analyzers/rule.rbs
+- sig/lib/mihari/analyzers/securitytrails.rbs
+- sig/lib/mihari/analyzers/shodan.rbs
+- sig/lib/mihari/analyzers/spyse.rbs
+- sig/lib/mihari/analyzers/urlscan.rbs
+- sig/lib/mihari/analyzers/virustotal.rbs
+- sig/lib/mihari/analyzers/zoomeye.rbs
+- sig/lib/mihari/cli/analyzer.rbs
+- sig/lib/mihari/cli/base.rbs
+- sig/lib/mihari/cli/init.rbs
+- sig/lib/mihari/cli/main.rbs
+- sig/lib/mihari/cli/mixins/utils.rbs
+- sig/lib/mihari/cli/validator.rbs
+- sig/lib/mihari/commands/binaryedge.rbs
+- sig/lib/mihari/commands/censys.rbs
+- sig/lib/mihari/commands/circl.rbs
+- sig/lib/mihari/commands/crtsh.rbs
+- sig/lib/mihari/commands/dnpedia.rbs
+- sig/lib/mihari/commands/dnstwister.rbs
+- sig/lib/mihari/commands/init.rbs
+- sig/lib/mihari/commands/json.rbs
+- sig/lib/mihari/commands/onyphe.rbs
+- sig/lib/mihari/commands/otx.rbs
+- sig/lib/mihari/commands/passivetotal.rbs
+- sig/lib/mihari/commands/pulsedive.rbs
+- sig/lib/mihari/commands/search.rbs
+- sig/lib/mihari/commands/securitytrails.rbs
+- sig/lib/mihari/commands/shodan.rbs
+- sig/lib/mihari/commands/spyse.rbs
+- sig/lib/mihari/commands/urlscan.rbs
+- sig/lib/mihari/commands/validator.rbs
+- sig/lib/mihari/commands/virustotal.rbs
+- sig/lib/mihari/commands/web.rbs
+- sig/lib/mihari/commands/zoomeye.rbs
+- sig/lib/mihari/constants.rbs
+- sig/lib/mihari/database.rbs
+- sig/lib/mihari/emitters/base.rbs
+- sig/lib/mihari/emitters/database.rbs
+- sig/lib/mihari/emitters/misp.rbs
+- sig/lib/mihari/emitters/slack.rbs
+- sig/lib/mihari/emitters/stdout.rbs
+- sig/lib/mihari/emitters/the_hive.rbs
+- sig/lib/mihari/emitters/webhook.rbs
+- sig/lib/mihari/enrichers/base.rbs
+- sig/lib/mihari/enrichers/ipinfo.rbs
+- sig/lib/mihari/errors.rbs
+- sig/lib/mihari/mixins/autonomous_system.rbs
+- sig/lib/mihari/mixins/configurable.rbs
+- sig/lib/mihari/mixins/configuration.rbs
+- sig/lib/mihari/mixins/disallowed_data_value.rbs
+- sig/lib/mihari/mixins/hash.rbs
+- sig/lib/mihari/mixins/refang.rbs
+- sig/lib/mihari/mixins/retriable.rbs
+- sig/lib/mihari/mixins/rule.rbs
+- sig/lib/mihari/models/alert.rbs
+- sig/lib/mihari/models/artifact.rbs
+- sig/lib/mihari/models/autonomous_system.rbs
+- sig/lib/mihari/models/dns.rbs
+- sig/lib/mihari/models/geolocation.rbs
+- sig/lib/mihari/models/reverse_dns.rbs
+- sig/lib/mihari/models/tag.rbs
+- sig/lib/mihari/models/tagging.rbs
+- sig/lib/mihari/models/whois.rbs
+- sig/lib/mihari/notifiers/base.rbs
+- sig/lib/mihari/notifiers/exception_notifier.rbs
+- sig/lib/mihari/notifiers/slack.rbs
+- sig/lib/mihari/status.rbs
+- sig/lib/mihari/structs/censys.rbs
+- sig/lib/mihari/structs/ipinfo.rbs
+- sig/lib/mihari/structs/onyphe.rbs
+- sig/lib/mihari/structs/shodan.rbs
+- sig/lib/mihari/type_checker.rbs
+- sig/lib/mihari/types.rbs
+- sig/lib/mihari/version.rbs
+- sig/lib/mihari/web/app.rbs
 homepage: https://github.com/ninoseki/mihari
 licenses:
 - MIT
@@ -1054,7 +1292,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: A framework for continuous OSINT based threat hunting