mihari 3.5.0 → 3.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitmodules +3 -0
- data/README.md +2 -0
- data/Steepfile +32 -0
- data/config.ru +1 -0
- data/lib/mihari/analyzers/base.rb +24 -11
- data/lib/mihari/analyzers/binaryedge.rb +13 -0
- data/lib/mihari/analyzers/censys.rb +42 -9
- data/lib/mihari/analyzers/circl.rb +15 -0
- data/lib/mihari/analyzers/crtsh.rb +5 -0
- data/lib/mihari/analyzers/dnpedia.rb +5 -0
- data/lib/mihari/analyzers/dnstwister.rb +17 -0
- data/lib/mihari/analyzers/onyphe.rb +50 -9
- data/lib/mihari/analyzers/otx.rb +20 -0
- data/lib/mihari/analyzers/passivetotal.rb +25 -0
- data/lib/mihari/analyzers/pulsedive.rb +10 -0
- data/lib/mihari/analyzers/rule.rb +18 -0
- data/lib/mihari/analyzers/securitytrails.rb +25 -0
- data/lib/mihari/analyzers/shodan.rb +39 -5
- data/lib/mihari/analyzers/spyse.rb +20 -0
- data/lib/mihari/analyzers/urlscan.rb +10 -0
- data/lib/mihari/analyzers/virustotal.rb +20 -0
- data/lib/mihari/analyzers/zoomeye.rb +38 -0
- data/lib/mihari/{constraints.rb → constants.rb} +0 -0
- data/lib/mihari/database.rb +55 -3
- data/lib/mihari/emitters/base.rb +1 -1
- data/lib/mihari/emitters/misp.rb +38 -5
- data/lib/mihari/emitters/slack.rb +20 -2
- data/lib/mihari/emitters/the_hive.rb +16 -3
- data/lib/mihari/emitters/webhook.rb +18 -3
- data/lib/mihari/enrichers/base.rb +18 -0
- data/lib/mihari/enrichers/ipinfo.rb +49 -0
- data/lib/mihari/mixins/autonomous_system.rb +19 -0
- data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
- data/lib/mihari/models/alert.rb +8 -4
- data/lib/mihari/models/artifact.rb +94 -0
- data/lib/mihari/models/autonomous_system.rb +26 -0
- data/lib/mihari/models/dns.rb +55 -0
- data/lib/mihari/models/geolocation.rb +29 -0
- data/lib/mihari/models/reverse_dns.rb +26 -0
- data/lib/mihari/models/whois.rb +119 -0
- data/lib/mihari/schemas/rule.rb +2 -15
- data/lib/mihari/serializers/alert.rb +6 -4
- data/lib/mihari/serializers/artifact.rb +11 -2
- data/lib/mihari/serializers/autonomous_system.rb +9 -0
- data/lib/mihari/serializers/dns.rb +11 -0
- data/lib/mihari/serializers/geolocation.rb +11 -0
- data/lib/mihari/serializers/reverse_dns.rb +11 -0
- data/lib/mihari/serializers/tag.rb +4 -2
- data/lib/mihari/serializers/whois.rb +11 -0
- data/lib/mihari/status.rb +7 -2
- data/lib/mihari/structs/censys.rb +92 -0
- data/lib/mihari/structs/ipinfo.rb +39 -0
- data/lib/mihari/structs/onyphe.rb +47 -0
- data/lib/mihari/structs/shodan.rb +53 -0
- data/lib/mihari/type_checker.rb +9 -9
- data/lib/mihari/types.rb +21 -0
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/controllers/artifacts_controller.rb +53 -8
- data/lib/mihari/web/controllers/ip_address_controller.rb +4 -19
- data/lib/mihari/web/controllers/sources_controller.rb +2 -2
- data/lib/mihari/web/public/index.html +1 -1
- data/lib/mihari/web/public/redoc-static.html +7 -6
- data/lib/mihari/web/public/static/js/app.06d5cf1c.js +36 -0
- data/lib/mihari/web/public/static/js/app.06d5cf1c.js.map +1 -0
- data/lib/mihari/web/public/static/js/app.8e3e5150.js +36 -0
- data/lib/mihari/web/public/static/js/app.8e3e5150.js.map +1 -0
- data/lib/mihari.rb +39 -5
- data/mihari.gemspec +10 -1
- data/sig/lib/mihari/analyzers/base.rbs +90 -0
- data/sig/lib/mihari/analyzers/basic.rbs +17 -0
- data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
- data/sig/lib/mihari/analyzers/censys.rbs +38 -0
- data/sig/lib/mihari/analyzers/circl.rbs +29 -0
- data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
- data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
- data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
- data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
- data/sig/lib/mihari/analyzers/otx.rbs +33 -0
- data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
- data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
- data/sig/lib/mihari/analyzers/rule.rbs +68 -0
- data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
- data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
- data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
- data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
- data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
- data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
- data/sig/lib/mihari/cli/analyzer.rbs +39 -0
- data/sig/lib/mihari/cli/base.rbs +11 -0
- data/sig/lib/mihari/cli/init.rbs +7 -0
- data/sig/lib/mihari/cli/main.rbs +9 -0
- data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
- data/sig/lib/mihari/cli/validator.rbs +7 -0
- data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
- data/sig/lib/mihari/commands/censys.rbs +7 -0
- data/sig/lib/mihari/commands/circl.rbs +7 -0
- data/sig/lib/mihari/commands/crtsh.rbs +7 -0
- data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
- data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
- data/sig/lib/mihari/commands/init.rbs +11 -0
- data/sig/lib/mihari/commands/json.rbs +7 -0
- data/sig/lib/mihari/commands/onyphe.rbs +7 -0
- data/sig/lib/mihari/commands/otx.rbs +7 -0
- data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
- data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
- data/sig/lib/mihari/commands/search.rbs +35 -0
- data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
- data/sig/lib/mihari/commands/shodan.rbs +7 -0
- data/sig/lib/mihari/commands/spyse.rbs +7 -0
- data/sig/lib/mihari/commands/urlscan.rbs +7 -0
- data/sig/lib/mihari/commands/validator.rbs +11 -0
- data/sig/lib/mihari/commands/virustotal.rbs +7 -0
- data/sig/lib/mihari/commands/web.rbs +7 -0
- data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
- data/sig/lib/mihari/constants.rbs +3 -0
- data/sig/lib/mihari/database.rbs +25 -0
- data/sig/lib/mihari/emitters/base.rbs +18 -0
- data/sig/lib/mihari/emitters/database.rbs +9 -0
- data/sig/lib/mihari/emitters/misp.rbs +28 -0
- data/sig/lib/mihari/emitters/slack.rbs +58 -0
- data/sig/lib/mihari/emitters/stdout.rbs +9 -0
- data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
- data/sig/lib/mihari/emitters/webhook.rbs +20 -0
- data/sig/lib/mihari/enrichers/base.rbs +12 -0
- data/sig/lib/mihari/enrichers/ipinfo.rbs +16 -0
- data/sig/lib/mihari/errors.rbs +10 -0
- data/sig/lib/mihari/mixins/autonomous_system.rbs +14 -0
- data/sig/lib/mihari/mixins/configurable.rbs +26 -0
- data/sig/lib/mihari/mixins/configuration.rbs +45 -0
- data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
- data/sig/lib/mihari/mixins/hash.rbs +14 -0
- data/sig/lib/mihari/mixins/refang.rbs +14 -0
- data/sig/lib/mihari/mixins/retriable.rbs +15 -0
- data/sig/lib/mihari/mixins/rule.rbs +41 -0
- data/sig/lib/mihari/models/alert.rbs +46 -0
- data/sig/lib/mihari/models/artifact.rbs +65 -0
- data/sig/lib/mihari/models/autonomous_system.rbs +14 -0
- data/sig/lib/mihari/models/dns.rbs +19 -0
- data/sig/lib/mihari/models/geolocation.rbs +15 -0
- data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
- data/sig/lib/mihari/models/tag.rbs +5 -0
- data/sig/lib/mihari/models/tagging.rbs +4 -0
- data/sig/lib/mihari/models/whois.rbs +66 -0
- data/sig/lib/mihari/notifiers/base.rbs +18 -0
- data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
- data/sig/lib/mihari/notifiers/slack.rbs +50 -0
- data/sig/lib/mihari/status.rbs +25 -0
- data/sig/lib/mihari/structs/censys.rbs +50 -0
- data/sig/lib/mihari/structs/ipinfo.rbs +17 -0
- data/sig/lib/mihari/structs/onyphe.rbs +25 -0
- data/sig/lib/mihari/structs/shodan.rbs +28 -0
- data/sig/lib/mihari/type_checker.rbs +48 -0
- data/sig/lib/mihari/types.rbs +17 -0
- data/sig/lib/mihari/version.rbs +3 -0
- data/sig/lib/mihari/web/app.rbs +5 -0
- data/sig/lib/mihari.rbs +59 -0
- metadata +244 -6
data/lib/mihari/analyzers/otx.rb
CHANGED
@@ -39,10 +39,20 @@ module Mihari
|
|
39
39
|
@ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
|
40
40
|
end
|
41
41
|
|
42
|
+
#
|
43
|
+
# Check whether a type is valid or not
|
44
|
+
#
|
45
|
+
# @return [Boolean]
|
46
|
+
#
|
42
47
|
def valid_type?
|
43
48
|
%w[ip domain].include? type
|
44
49
|
end
|
45
50
|
|
51
|
+
#
|
52
|
+
# IP/domain search
|
53
|
+
#
|
54
|
+
# @return [Array<String>]
|
55
|
+
#
|
46
56
|
def search
|
47
57
|
case type
|
48
58
|
when "domain"
|
@@ -54,6 +64,11 @@ module Mihari
|
|
54
64
|
end
|
55
65
|
end
|
56
66
|
|
67
|
+
#
|
68
|
+
# Domain search
|
69
|
+
#
|
70
|
+
# @return [Array<String>]
|
71
|
+
#
|
57
72
|
def domain_search
|
58
73
|
records = domain_client.get_passive_dns(query)
|
59
74
|
records.filter_map do |record|
|
@@ -61,6 +76,11 @@ module Mihari
|
|
61
76
|
end.uniq
|
62
77
|
end
|
63
78
|
|
79
|
+
#
|
80
|
+
# IP search
|
81
|
+
#
|
82
|
+
# @return [Array<String>]
|
83
|
+
#
|
64
84
|
def ip_search
|
65
85
|
records = ip_client.get_passive_dns(query)
|
66
86
|
records.filter_map do |record|
|
@@ -35,10 +35,20 @@ module Mihari
|
|
35
35
|
@api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key)
|
36
36
|
end
|
37
37
|
|
38
|
+
#
|
39
|
+
# Check whether a type is valid or not
|
40
|
+
#
|
41
|
+
# @return [Boolean]
|
42
|
+
#
|
38
43
|
def valid_type?
|
39
44
|
%w[ip domain mail hash].include? type
|
40
45
|
end
|
41
46
|
|
47
|
+
#
|
48
|
+
# Passive DNS/SSL, reverse whois search
|
49
|
+
#
|
50
|
+
# @return [Array<String>]
|
51
|
+
#
|
42
52
|
def search
|
43
53
|
case type
|
44
54
|
when "domain", "ip"
|
@@ -52,11 +62,21 @@ module Mihari
|
|
52
62
|
end
|
53
63
|
end
|
54
64
|
|
65
|
+
#
|
66
|
+
# Passive DNS search
|
67
|
+
#
|
68
|
+
# @return [Array<String>]
|
69
|
+
#
|
55
70
|
def passive_dns_search
|
56
71
|
res = api.dns.passive_unique(query)
|
57
72
|
res["results"] || []
|
58
73
|
end
|
59
74
|
|
75
|
+
#
|
76
|
+
# Reverse whois search
|
77
|
+
#
|
78
|
+
# @return [Array<String>]
|
79
|
+
#
|
60
80
|
def reverse_whois_search
|
61
81
|
res = api.whois.search(query: query, field: "email")
|
62
82
|
results = res["results"] || []
|
@@ -65,6 +85,11 @@ module Mihari
|
|
65
85
|
end.flatten.compact.uniq
|
66
86
|
end
|
67
87
|
|
88
|
+
#
|
89
|
+
# Passive SSL search
|
90
|
+
#
|
91
|
+
# @return [Array<String>]
|
92
|
+
#
|
68
93
|
def ssl_search
|
69
94
|
res = api.ssl.history(query)
|
70
95
|
results = res["results"] || []
|
@@ -35,10 +35,20 @@ module Mihari
|
|
35
35
|
@api ||= ::Pulsedive::API.new(Mihari.config.pulsedive_api_key)
|
36
36
|
end
|
37
37
|
|
38
|
+
#
|
39
|
+
# Check whether a type is valid or not
|
40
|
+
#
|
41
|
+
# @return [Boolean]
|
42
|
+
#
|
38
43
|
def valid_type?
|
39
44
|
%w[ip domain].include? type
|
40
45
|
end
|
41
46
|
|
47
|
+
#
|
48
|
+
# Search
|
49
|
+
#
|
50
|
+
# @return [Array<String>]
|
51
|
+
#
|
42
52
|
def search
|
43
53
|
raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
|
44
54
|
|
@@ -22,6 +22,8 @@ module Mihari
|
|
22
22
|
super(**kwargs)
|
23
23
|
|
24
24
|
@source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s
|
25
|
+
|
26
|
+
validate_analyzer_configurations
|
25
27
|
end
|
26
28
|
|
27
29
|
ANALYZER_TO_CLASS = {
|
@@ -119,6 +121,22 @@ module Mihari
|
|
119
121
|
|
120
122
|
raise ArgumentError, "#{analyzer_name} is not supported"
|
121
123
|
end
|
124
|
+
|
125
|
+
#
|
126
|
+
# Validate configuration of analyzers
|
127
|
+
#
|
128
|
+
def validate_analyzer_configurations
|
129
|
+
queries.each do |params|
|
130
|
+
analyzer_name = params[:analyzer]
|
131
|
+
klass = get_analyzer_class(analyzer_name)
|
132
|
+
|
133
|
+
instance = klass.new("dummy")
|
134
|
+
unless instance.configured?
|
135
|
+
klass_name = klass.to_s.split("::").last
|
136
|
+
raise ArgumentError, "#{klass_name} is not configured correctly"
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
122
140
|
end
|
123
141
|
end
|
124
142
|
end
|
@@ -35,10 +35,20 @@ module Mihari
|
|
35
35
|
@api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key)
|
36
36
|
end
|
37
37
|
|
38
|
+
#
|
39
|
+
# Check whether a type is valid or not
|
40
|
+
#
|
41
|
+
# @return [Boolean]
|
42
|
+
#
|
38
43
|
def valid_type?
|
39
44
|
%w[ip domain mail].include? type
|
40
45
|
end
|
41
46
|
|
47
|
+
#
|
48
|
+
# IP/domain/mail search
|
49
|
+
#
|
50
|
+
# @return [Array<String>]
|
51
|
+
#
|
42
52
|
def search
|
43
53
|
case type
|
44
54
|
when "domain"
|
@@ -52,6 +62,11 @@ module Mihari
|
|
52
62
|
end
|
53
63
|
end
|
54
64
|
|
65
|
+
#
|
66
|
+
# Domain search
|
67
|
+
#
|
68
|
+
# @return [Array<String>]
|
69
|
+
#
|
55
70
|
def domain_search
|
56
71
|
result = api.history.get_all_dns_history(query, type: "a")
|
57
72
|
records = result["records"] || []
|
@@ -60,12 +75,22 @@ module Mihari
|
|
60
75
|
end.flatten.compact.uniq
|
61
76
|
end
|
62
77
|
|
78
|
+
#
|
79
|
+
# IP search
|
80
|
+
#
|
81
|
+
# @return [Array<String>]
|
82
|
+
#
|
63
83
|
def ip_search
|
64
84
|
result = api.domains.search(filter: { ipv4: query })
|
65
85
|
records = result["records"] || []
|
66
86
|
records.filter_map { |record| record["hostname"] }.uniq
|
67
87
|
end
|
68
88
|
|
89
|
+
#
|
90
|
+
# Mail search
|
91
|
+
#
|
92
|
+
# @return [Array<String>]
|
93
|
+
#
|
69
94
|
def mail_search
|
70
95
|
result = api.domains.search(filter: { whois_email: query })
|
71
96
|
records = result["records"] || []
|
@@ -14,12 +14,11 @@ module Mihari
|
|
14
14
|
results = search
|
15
15
|
return [] unless results || results.empty?
|
16
16
|
|
17
|
+
results = results.map { |result| Structs::Shodan::Result.from_dynamic!(result) }
|
17
18
|
results.map do |result|
|
18
|
-
matches = result
|
19
|
-
matches.
|
20
|
-
|
21
|
-
end
|
22
|
-
end.flatten.compact.uniq
|
19
|
+
matches = result.matches || []
|
20
|
+
matches.map { |match| build_artifact match }
|
21
|
+
end.flatten.compact.uniq(&:data)
|
23
22
|
end
|
24
23
|
|
25
24
|
private
|
@@ -34,6 +33,14 @@ module Mihari
|
|
34
33
|
@api ||= ::Shodan::API.new(key: Mihari.config.shodan_api_key)
|
35
34
|
end
|
36
35
|
|
36
|
+
#
|
37
|
+
# Search with pagination
|
38
|
+
#
|
39
|
+
# @param [String] query
|
40
|
+
# @param [Integer] page
|
41
|
+
#
|
42
|
+
# @return [Hash]
|
43
|
+
#
|
37
44
|
def search_with_page(query, page: 1)
|
38
45
|
api.host.search(query, page: page)
|
39
46
|
rescue ::Shodan::Error => e
|
@@ -42,6 +49,11 @@ module Mihari
|
|
42
49
|
raise e
|
43
50
|
end
|
44
51
|
|
52
|
+
#
|
53
|
+
# Search
|
54
|
+
#
|
55
|
+
# @return [Array<Hash>]
|
56
|
+
#
|
45
57
|
def search
|
46
58
|
responses = []
|
47
59
|
(1..Float::INFINITY).each do |page|
|
@@ -57,6 +69,28 @@ module Mihari
|
|
57
69
|
end
|
58
70
|
responses
|
59
71
|
end
|
72
|
+
|
73
|
+
#
|
74
|
+
# Build an artifact from a Shodan search API response
|
75
|
+
#
|
76
|
+
# @param [Structs::Shodan::Match] match
|
77
|
+
#
|
78
|
+
# @return [Artifact]
|
79
|
+
#
|
80
|
+
def build_artifact(match)
|
81
|
+
as = AutonomousSystem.new(asn: normalize_asn(match.asn))
|
82
|
+
geolocation = Geolocation.new(
|
83
|
+
country: match.location.country_name,
|
84
|
+
country_code: match.location.country_code
|
85
|
+
)
|
86
|
+
|
87
|
+
Artifact.new(
|
88
|
+
data: match.ip_str,
|
89
|
+
source: source,
|
90
|
+
autonomous_system: as,
|
91
|
+
geolocation: geolocation
|
92
|
+
)
|
93
|
+
end
|
60
94
|
end
|
61
95
|
end
|
62
96
|
end
|
@@ -30,10 +30,20 @@ module Mihari
|
|
30
30
|
@api ||= ::Spyse::API.new(Mihari.config.spyse_api_key)
|
31
31
|
end
|
32
32
|
|
33
|
+
#
|
34
|
+
# Check whether a type is valid or not
|
35
|
+
#
|
36
|
+
# @return [Boolean]
|
37
|
+
#
|
33
38
|
def valid_type?
|
34
39
|
%w[ip domain cert].include? type
|
35
40
|
end
|
36
41
|
|
42
|
+
#
|
43
|
+
# Domain search
|
44
|
+
#
|
45
|
+
# @return [Array<String>]
|
46
|
+
#
|
37
47
|
def domain_search
|
38
48
|
res = api.domain.search(search_params, limit: 100)
|
39
49
|
items = res.dig("data", "items") || []
|
@@ -42,6 +52,11 @@ module Mihari
|
|
42
52
|
end.uniq.compact
|
43
53
|
end
|
44
54
|
|
55
|
+
#
|
56
|
+
# IP search
|
57
|
+
#
|
58
|
+
# @return [Array<String>]
|
59
|
+
#
|
45
60
|
def ip_search
|
46
61
|
res = api.ip.search(search_params, limit: 100)
|
47
62
|
items = res.dig("data", "items") || []
|
@@ -50,6 +65,11 @@ module Mihari
|
|
50
65
|
end.uniq.compact
|
51
66
|
end
|
52
67
|
|
68
|
+
#
|
69
|
+
# IP/domain search
|
70
|
+
#
|
71
|
+
# @return [Array<String>]
|
72
|
+
#
|
53
73
|
def search
|
54
74
|
case type
|
55
75
|
when "domain"
|
@@ -43,12 +43,22 @@ module Mihari
|
|
43
43
|
@api ||= ::UrlScan::API.new(Mihari.config.urlscan_api_key)
|
44
44
|
end
|
45
45
|
|
46
|
+
#
|
47
|
+
# Search
|
48
|
+
#
|
49
|
+
# @return [Array<Hash>]
|
50
|
+
#
|
46
51
|
def search
|
47
52
|
return api.pro.similar(query) if use_similarity
|
48
53
|
|
49
54
|
api.search(query, size: 10_000)
|
50
55
|
end
|
51
56
|
|
57
|
+
#
|
58
|
+
# Check whether a data type is valid or not
|
59
|
+
#
|
60
|
+
# @return [Boolean]
|
61
|
+
#
|
52
62
|
def valid_alllowed_data_types?
|
53
63
|
allowed_data_types.all? { |type| SUPPORTED_DATA_TYPES.include? type }
|
54
64
|
end
|
@@ -35,10 +35,20 @@ module Mihari
|
|
35
35
|
@api = ::VirusTotal::API.new(key: Mihari.config.virustotal_api_key)
|
36
36
|
end
|
37
37
|
|
38
|
+
#
|
39
|
+
# Check whether a type is valid or not
|
40
|
+
#
|
41
|
+
# @return [Boolean]
|
42
|
+
#
|
38
43
|
def valid_type?
|
39
44
|
%w[ip domain].include? type
|
40
45
|
end
|
41
46
|
|
47
|
+
#
|
48
|
+
# Search
|
49
|
+
#
|
50
|
+
# @return [Array<String>]
|
51
|
+
#
|
42
52
|
def search
|
43
53
|
case type
|
44
54
|
when "domain"
|
@@ -50,6 +60,11 @@ module Mihari
|
|
50
60
|
end
|
51
61
|
end
|
52
62
|
|
63
|
+
#
|
64
|
+
# Domain search
|
65
|
+
#
|
66
|
+
# @return [Array<String>]
|
67
|
+
#
|
53
68
|
def domain_search
|
54
69
|
res = api.domain.resolutions(query)
|
55
70
|
|
@@ -59,6 +74,11 @@ module Mihari
|
|
59
74
|
end.uniq
|
60
75
|
end
|
61
76
|
|
77
|
+
#
|
78
|
+
# IP search
|
79
|
+
#
|
80
|
+
# @return [Array<String>]
|
81
|
+
#
|
62
82
|
def ip_search
|
63
83
|
res = api.ip_address.resolutions(query)
|
64
84
|
|
@@ -26,6 +26,11 @@ module Mihari
|
|
26
26
|
|
27
27
|
PAGE_SIZE = 10
|
28
28
|
|
29
|
+
#
|
30
|
+
# Check whether a type is valid or not
|
31
|
+
#
|
32
|
+
# @return [Boolean]
|
33
|
+
#
|
29
34
|
def valid_type?
|
30
35
|
%w[host web].include? type
|
31
36
|
end
|
@@ -38,6 +43,13 @@ module Mihari
|
|
38
43
|
@api ||= ::ZoomEye::API.new(api_key: Mihari.config.zoomeye_api_key)
|
39
44
|
end
|
40
45
|
|
46
|
+
#
|
47
|
+
# Convert responses into an array of String
|
48
|
+
#
|
49
|
+
# @param [Array<Hash>] responses
|
50
|
+
#
|
51
|
+
# @return [Array<String>]
|
52
|
+
#
|
41
53
|
def convert_responses(responses)
|
42
54
|
responses.map do |res|
|
43
55
|
matches = res["matches"] || []
|
@@ -47,12 +59,25 @@ module Mihari
|
|
47
59
|
end.flatten.compact.uniq
|
48
60
|
end
|
49
61
|
|
62
|
+
#
|
63
|
+
# Host search
|
64
|
+
#
|
65
|
+
# @param [String] query
|
66
|
+
# @param [Integer] page
|
67
|
+
#
|
68
|
+
# @return [Hash, nil]
|
69
|
+
#
|
50
70
|
def _host_search(query, page: 1)
|
51
71
|
api.host.search(query, page: page)
|
52
72
|
rescue ::ZoomEye::Error => _e
|
53
73
|
nil
|
54
74
|
end
|
55
75
|
|
76
|
+
#
|
77
|
+
# Host search
|
78
|
+
#
|
79
|
+
# @return [Array<String>]
|
80
|
+
#
|
56
81
|
def host_search
|
57
82
|
responses = []
|
58
83
|
(1..Float::INFINITY).each do |page|
|
@@ -66,12 +91,25 @@ module Mihari
|
|
66
91
|
convert_responses responses.compact
|
67
92
|
end
|
68
93
|
|
94
|
+
#
|
95
|
+
# Web search
|
96
|
+
#
|
97
|
+
# @param [String] query
|
98
|
+
# @param [Integer] page
|
99
|
+
#
|
100
|
+
# @return [Hash, nil]
|
101
|
+
#
|
69
102
|
def _web_search(query, page: 1)
|
70
103
|
api.web.search(query, page: page)
|
71
104
|
rescue ::ZoomEye::Error => _e
|
72
105
|
nil
|
73
106
|
end
|
74
107
|
|
108
|
+
#
|
109
|
+
# Web search
|
110
|
+
#
|
111
|
+
# @return [Array<String>]
|
112
|
+
#
|
75
113
|
def web_search
|
76
114
|
responses = []
|
77
115
|
(1..Float::INFINITY).each do |page|
|