mihari 3.6.0 → 3.6.1

data/sig/lib/mihari/analyzers/passivetotal.rbs

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class PassiveTotal < Base
+      include Mixins::Refang
+
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["passivetotal_username" | "passivetotal_api_key"]
+
+      def api: () -> untyped
+
+      def valid_type?: () -> bool
+
+      def search: () -> Array[String]
+
+      def passive_dns_search: () -> Array[String]
+
+      def reverse_whois_search: () -> Array[String]
+
+      def ssl_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/pulsedive.rbs

@@ -0,0 +1,27 @@
+module Mihari
+  module Analyzers
+    class Pulsedive < Base
+      include Mixins::Refang
+
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["pulsedive_api_key"]
+
+      def api: () -> untyped
+
+      def valid_type?: () -> bool
+
+      def search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/rule.rbs

@@ -0,0 +1,68 @@
+module Mihari
+  module Analyzers
+    class Rule < Base
+      include Mihari::Mixins::DisallowedDataValue
+
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader queries: Hash[(String | Symbol), untyped]
+      attr_reader tags: Array[String]
+      attr_reader allowed_data_types: Array[String]
+      attr_reader disallowed_data_values: Array[String]
+      attr_reader source: String
+      attr_reader id: String?
+
+      def initialize: (**untyped kwargs) -> void
+
+      ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
+
+      #
+      # Returns a list of artifacts matched with queries
+      #
+      # @return [Array<Mihari::Artifact>]
+      #
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      #
+      # Normalize artifacts
+      # - Uniquefy artifacts by #uniq(&:data)
+      # - Reject an invalid artifact (for just in case)
+      # - Select artifacts with allowed data types
+      # - Reject artifacts with disallowed data values
+      #
+      # @return [Array<Mihari::Artifact>]
+      #
+      def normalized_artifacts: () -> untyped
+
+      #
+      # Normalized disallowed data values
+      #
+      # @return [Array<Regexp, String>]
+      #
+      def normalized_disallowed_data_values: () -> untyped
+
+      #
+      # Check whether a value is a disallowed data value or not
+      #
+      # @return [Boolean]
+      #
+      def disallowed_data_value?: (untyped value) -> untyped
+
+      private
+
+      #
+      # Get analyzer class
+      #
+      # @param [String] analyzer_name
+      #
+      # @return [Class<Mihari::Analyzers::Base>] analyzer class
+      #
+      def get_analyzer_class: (untyped analyzer_name) -> untyped
+
+      #
+      # Validate configuration of analyzers
+      #
+      def validate_analyzer_configurations: () -> untyped
+    end
+  end
+end

data/sig/lib/mihari/analyzers/securitytrails.rbs

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class SecurityTrails < Base
+      include Mixins::Refang
+
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["securitytrails_api_key"]
+
+      def api: () -> untyped
+
+      def valid_type?: () -> bool
+
+      def search: () -> Array[String]
+
+      def domain_search: () -> Array[String]
+
+      def ip_search: () -> Array[String]
+
+      def mail_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/shodan.rbs

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class Shodan < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      PAGE_SIZE: ::Integer
+
+      def configuration_keys: () -> ::Array["shodan_api_key"]
+
+      def api: () -> untyped
+
+      def search_with_page: (String query, ?page: ::Integer page) -> Hash[(String | Symbol), untyped]
+
+      def search: () -> Array[Hash[(String | Symbol), untyped]]
+
+      #
+      # Build an artifact from a Shodan search API response
+      #
+      # @param [Structs::Shodan::Match] match
+      #
+      # @return [Artifact]
+      #
+      def build_artifact: (Mihari::Structs::Shodan::Match match) -> Mihari::Artifact
+    end
+  end
+end

data/sig/lib/mihari/analyzers/spyse.rbs

@@ -0,0 +1,29 @@
+module Mihari
+  module Analyzers
+    class Spyse < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def search_params: () -> Hash[(String | Symbol), untyped]
+
+      def configuration_keys: () -> ::Array["spyse_api_key"]
+
+      def api: () -> untyped
+
+      def valid_type?: () -> bool
+
+      def domain_search: () -> Array[String]
+
+      def ip_search: () -> Array[String]
+
+      def search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/urlscan.rbs

@@ -0,0 +1,28 @@
+SUPPORTED_DATA_TYPES: untyped
+
+module Mihari
+  module Analyzers
+    class Urlscan < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader allowed_data_types: Array[String]
+      attr_reader use_similarity: bool
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["urlscan_api_key"]
+
+      def api: () -> untyped
+
+      def search: () -> Array[Hash[(String | Symbol), untyped]]
+
+      def valid_alllowed_data_types?: () -> bool
+    end
+  end
+end

data/sig/lib/mihari/analyzers/virustotal.rbs

@@ -0,0 +1,31 @@
+module Mihari
+  module Analyzers
+    class VirusTotal < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+
+      include Mixins::Refang
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["virustotal_api_key"]
+
+      def api: () -> untyped
+
+      def valid_type?: () -> bool
+
+      def search: () -> Array[String]
+
+      def domain_search: () -> Array[String]
+
+      def ip_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/analyzers/zoomeye.rbs

@@ -0,0 +1,33 @@
+module Mihari
+  module Analyzers
+    class ZoomEye < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+      attr_reader type: String
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      PAGE_SIZE: ::Integer
+
+      def valid_type?: () -> bool
+
+      def configuration_keys: () -> ::Array["zoomeye_api_key"]
+
+      def api: () -> untyped
+
+      def convert_responses: (Array[Hash[(String | Symbol), untyped]] responses) -> Array[String]
+
+      def _host_search: (String query, ?page: ::Integer page) -> (Hash[(String | Symbol), untyped] | nil)
+
+      def host_search: () -> Array[String]
+
+      def _web_search: (String query, ?page: ::Integer page) -> (Hash[(String | Symbol), untyped] | nil)
+
+      def web_search: () -> Array[String]
+    end
+  end
+end

data/sig/lib/mihari/cli/analyzer.rbs

@@ -0,0 +1,39 @@
+module Mihari
+  module CLI
+    class Analyzer < Base
+      include Mihari::Commands::BinaryEdge
+
+      include Mihari::Commands::Censys
+
+      include Mihari::Commands::CIRCL
+
+      include Mihari::Commands::Crtsh
+
+      include Mihari::Commands::DNPedia
+
+      include Mihari::Commands::DNSTwister
+
+      include Mihari::Commands::JSON
+
+      include Mihari::Commands::Onyphe
+
+      include Mihari::Commands::OTX
+
+      include Mihari::Commands::PassiveTotal
+
+      include Mihari::Commands::Pulsedive
+
+      include Mihari::Commands::SecurityTrails
+
+      include Mihari::Commands::Shodan
+
+      include Mihari::Commands::Spyse
+
+      include Mihari::Commands::Urlscan
+
+      include Mihari::Commands::VirusTotal
+
+      include Mihari::Commands::ZoomEye
+    end
+  end
+end

data/sig/lib/mihari/cli/base.rbs

@@ -0,0 +1,11 @@
+module Mihari
+  module CLI
+    class Base
+      include Mihari::Mixins::Hash
+
+      include Mihari::CLI::Mixins::Utils
+
+      def self.exit_on_failure?: () -> ::TrueClass
+    end
+  end
+end

data/sig/lib/mihari/cli/init.rbs

@@ -0,0 +1,7 @@
+module Mihari
+  module CLI
+    class Initialization < Base
+      include Mihari::Commands::Initialization
+    end
+  end
+end

data/sig/lib/mihari/cli/main.rbs

@@ -0,0 +1,9 @@
+module Mihari
+  module CLI
+    class Main < Base
+      include Mihari::Commands::Search
+
+      include Mihari::Commands::Web
+    end
+  end
+end

data/sig/lib/mihari/cli/mixins/utils.rbs

@@ -0,0 +1,50 @@
+module Mihari
+  module CLI
+    module Mixins
+      module Utils
+        #
+        # Send an exception notification if there is any error in a block
+        #
+        # @return [Nil]
+        #
+        def with_error_handling: () { () -> untyped } -> void
+
+        #
+        # Check required keys in JSON
+        #
+        # @param [Hash] json
+        #
+        # @return [Boolean]
+        #
+        def required_alert_keys?: (Hash[(String | Symbol), untyped] json) -> bool
+
+        #
+        # Load configuration and establish DB connection
+        #
+        # @return [Hash]
+        #
+        def load_configuration: () -> Hash[(String | Symbol), untyped]
+
+        #
+        # Run analyzer
+        #
+        # @param [Class<Mihari::Analyzers::Base>] analyzer_class
+        # @param [String] query
+        # @param [Hash] options
+        #
+        # @return [nil]
+        #
+        def run_analyzer: (untyped analyzer_class, query: String query, options: untyped options) -> void
+
+        #
+        # Normalize options (reject keys not for analyzers)
+        #
+        # @param [Hash] options
+        #
+        # @return [Hash]
+        #
+        def normalize_options: (Hash[(String | Symbol), untyped] options) -> Hash[(String | Symbol), untyped]
+      end
+    end
+  end
+end