RubyGems - mihari - Versions diffs - 3.6.0 → 3.7.2 - Mend

mihari 3.6.0 → 3.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

checksums.yaml +4 -4
data/.gitmodules +3 -0
data/Steepfile +32 -0
data/lib/mihari/analyzers/base.rb +7 -22
data/lib/mihari/analyzers/binaryedge.rb +13 -0
data/lib/mihari/analyzers/censys.rb +5 -0
data/lib/mihari/analyzers/circl.rb +15 -0
data/lib/mihari/analyzers/crtsh.rb +5 -0
data/lib/mihari/analyzers/dnpedia.rb +5 -0
data/lib/mihari/analyzers/dnstwister.rb +17 -0
data/lib/mihari/analyzers/onyphe.rb +20 -4
data/lib/mihari/analyzers/otx.rb +20 -0
data/lib/mihari/analyzers/passivetotal.rb +25 -0
data/lib/mihari/analyzers/pulsedive.rb +10 -0
data/lib/mihari/analyzers/rule.rb +18 -0
data/lib/mihari/analyzers/securitytrails.rb +25 -0
data/lib/mihari/analyzers/shodan.rb +13 -0
data/lib/mihari/analyzers/spyse.rb +20 -0
data/lib/mihari/analyzers/urlscan.rb +10 -0
data/lib/mihari/analyzers/virustotal.rb +20 -0
data/lib/mihari/analyzers/zoomeye.rb +38 -0
data/lib/mihari/database.rb +13 -0
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +38 -5
data/lib/mihari/emitters/slack.rb +20 -2
data/lib/mihari/emitters/the_hive.rb +16 -3
data/lib/mihari/emitters/webhook.rb +18 -3
data/lib/mihari/enrichers/base.rb +18 -0
data/lib/mihari/enrichers/ipinfo.rb +49 -0
data/lib/mihari/mixins/autonomous_system.rb +19 -0
data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
data/lib/mihari/models/artifact.rb +42 -3
data/lib/mihari/models/autonomous_system.rb +18 -1
data/lib/mihari/models/dns.rb +2 -0
data/lib/mihari/models/geolocation.rb +21 -1
data/lib/mihari/models/reverse_dns.rb +2 -0
data/lib/mihari/models/whois.rb +1 -1
data/lib/mihari/status.rb +7 -2
data/lib/mihari/structs/ipinfo.rb +39 -0
data/lib/mihari/structs/onyphe.rb +2 -2
data/lib/mihari/type_checker.rb +9 -9
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/controllers/artifacts_controller.rb +27 -1
data/lib/mihari/web/controllers/ip_address_controller.rb +4 -19
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +7 -6
data/lib/mihari/web/public/static/js/app.06d5cf1c.js +36 -0
data/lib/mihari/web/public/static/js/app.06d5cf1c.js.map +1 -0
data/lib/mihari.rb +40 -26
data/mihari.gemspec +7 -4
data/sig/lib/mihari/analyzers/base.rbs +90 -0
data/sig/lib/mihari/analyzers/basic.rbs +17 -0
data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
data/sig/lib/mihari/analyzers/censys.rbs +38 -0
data/sig/lib/mihari/analyzers/circl.rbs +29 -0
data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
data/sig/lib/mihari/analyzers/otx.rbs +33 -0
data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
data/sig/lib/mihari/analyzers/rule.rbs +68 -0
data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
data/sig/lib/mihari/cli/analyzer.rbs +39 -0
data/sig/lib/mihari/cli/base.rbs +11 -0
data/sig/lib/mihari/cli/init.rbs +7 -0
data/sig/lib/mihari/cli/main.rbs +9 -0
data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
data/sig/lib/mihari/cli/validator.rbs +7 -0
data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
data/sig/lib/mihari/commands/censys.rbs +7 -0
data/sig/lib/mihari/commands/circl.rbs +7 -0
data/sig/lib/mihari/commands/crtsh.rbs +7 -0
data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
data/sig/lib/mihari/commands/init.rbs +11 -0
data/sig/lib/mihari/commands/json.rbs +7 -0
data/sig/lib/mihari/commands/onyphe.rbs +7 -0
data/sig/lib/mihari/commands/otx.rbs +7 -0
data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
data/sig/lib/mihari/commands/search.rbs +35 -0
data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
data/sig/lib/mihari/commands/shodan.rbs +7 -0
data/sig/lib/mihari/commands/spyse.rbs +7 -0
data/sig/lib/mihari/commands/urlscan.rbs +7 -0
data/sig/lib/mihari/commands/validator.rbs +11 -0
data/sig/lib/mihari/commands/virustotal.rbs +7 -0
data/sig/lib/mihari/commands/web.rbs +7 -0
data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
data/sig/lib/mihari/constants.rbs +3 -0
data/sig/lib/mihari/database.rbs +25 -0
data/sig/lib/mihari/emitters/base.rbs +18 -0
data/sig/lib/mihari/emitters/database.rbs +9 -0
data/sig/lib/mihari/emitters/misp.rbs +28 -0
data/sig/lib/mihari/emitters/slack.rbs +58 -0
data/sig/lib/mihari/emitters/stdout.rbs +9 -0
data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
data/sig/lib/mihari/emitters/webhook.rbs +20 -0
data/sig/lib/mihari/enrichers/base.rbs +12 -0
data/sig/lib/mihari/enrichers/ipinfo.rbs +16 -0
data/sig/lib/mihari/errors.rbs +10 -0
data/sig/lib/mihari/mixins/autonomous_system.rbs +14 -0
data/sig/lib/mihari/mixins/configurable.rbs +26 -0
data/sig/lib/mihari/mixins/configuration.rbs +45 -0
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
data/sig/lib/mihari/mixins/hash.rbs +14 -0
data/sig/lib/mihari/mixins/refang.rbs +14 -0
data/sig/lib/mihari/mixins/retriable.rbs +15 -0
data/sig/lib/mihari/mixins/rule.rbs +41 -0
data/sig/lib/mihari/models/alert.rbs +46 -0
data/sig/lib/mihari/models/artifact.rbs +65 -0
data/sig/lib/mihari/models/autonomous_system.rbs +14 -0
data/sig/lib/mihari/models/dns.rbs +19 -0
data/sig/lib/mihari/models/geolocation.rbs +15 -0
data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
data/sig/lib/mihari/models/tag.rbs +5 -0
data/sig/lib/mihari/models/tagging.rbs +4 -0
data/sig/lib/mihari/models/whois.rbs +66 -0
data/sig/lib/mihari/notifiers/base.rbs +18 -0
data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
data/sig/lib/mihari/notifiers/slack.rbs +50 -0
data/sig/lib/mihari/status.rbs +25 -0
data/sig/lib/mihari/structs/censys.rbs +50 -0
data/sig/lib/mihari/structs/ipinfo.rbs +17 -0
data/sig/lib/mihari/structs/onyphe.rbs +25 -0
data/sig/lib/mihari/structs/shodan.rbs +28 -0
data/sig/lib/mihari/type_checker.rbs +48 -0
data/sig/lib/mihari/types.rbs +17 -0
data/sig/lib/mihari/version.rbs +3 -0
data/sig/lib/mihari/web/app.rbs +5 -0
data/sig/lib/mihari.rbs +59 -0
metadata +148 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9c1cbdf0570c25e2d89d7f6fd402b64991dfaebc75cf3cf5422a56504287ae9
-  data.tar.gz: d5b7a0db7b49f245e3c949135011fb674e28a9d3c251e165f827e8f3d90673b1
+  metadata.gz: e4ce5b3ce24278b8141bf2078dce45d572846a4838a0dc00c34e695201c36d77
+  data.tar.gz: '0992223bccd1d9732e0cc9cb6063f822efef8f0db34a27a45ad829efc930a60f'
 SHA512:
-  metadata.gz: e76a216dedbc1aec17748c37a1b874c2c825fed6f7716ef356a48ddf2861584da299c384737e588a48b67165874f495192bb42a4c20c2f29f4620f8b559d1a83
-  data.tar.gz: 2f3e380b252ba238594ccacd2df8e362a62b9685aafeff34d6506e7301184cf5b38c4244db9498842f4aee9df109d7c43a9ad99cecc3b63616d333a7f5093333
+  metadata.gz: 26aa441c9e982df2a84e5d3f8cc5bc261b49b9dae618fc73384a116927481125b4a87dac8317a6fb319caf5523398020ebcf8973eee6229d128a377f1054c4db
+  data.tar.gz: bfee6864b187018a6a9f9b5f4c68cfdea496b36ebad0b796425642ed9b80b2f7c70c4d74ef16964838e16b2985acddb11d4b0c0a6c4cca73dfb93d7a1ff83875

data/.gitmodules ADDED Viewed

@@ -0,0 +1,3 @@
+[submodule "vendor/rbs/gem_rbs_collection"]
+	path = vendor/rbs/gem_rbs_collection
+	url = https://github.com/ruby/gem_rbs_collection.git

data/Steepfile ADDED Viewed

@@ -0,0 +1,32 @@
+target :lib do
+  signature "sig"
+  check "lib"
+  repo_path "vendor/rbs/gem_rbs_collection/gems"
+  library "date"
+  library "json"
+  library "logger"
+  library "monitor"
+  library "mutex_m"
+  library "pathname"
+  library "securerandom"
+  library "singleton"
+  library "time"
+  library "tsort"
+  library "uri"
+  library "resolv"
+  library "timeout"
+  library "socket"
+  library "rack"
+  library "actionpack"
+  library "actionview"
+  library "activejob"
+  library "activemodel"
+  library "activerecord"
+  library "activesupport"
+  library "parallel"
+  library "railties"
+end

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Mihari
     class Base
       extend Dry::Initializer
+      include Mixins::AutonomousSystem
       include Mixins::Configurable
       include Mixins::Retriable
@@ -27,7 +28,7 @@ module Mihari
       # @return [String]
       def title
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [String]
@@ -37,7 +38,7 @@ module Mihari
       # @return [String]
       def source
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [Array<String>]
@@ -111,9 +112,7 @@ module Mihari
       #
       def enriched_artifacts
         @enriched_artifacts ||= unique_artifacts.map do |artifact|
-          artifact.enrich_whois
-          artifact.enrich_dns
-          artifact.enrich_reverse_dns
+          artifact.enrich_all
           artifact
         end
       end
@@ -125,9 +124,9 @@ module Mihari
       #
       def set_enriched_artifacts
         retry_on_error { enriched_artifacts }
-      rescue ArgumentError => _e
+      rescue ArgumentError => e
         klass = self.class.to_s.split("::").last.to_s
-        raise Error, "Please configure #{klass} API settings properly"
+        raise Error, "Please configure #{klass} settings properly. (#{e})"
       end
       #
@@ -139,21 +138,7 @@ module Mihari
         @valid_emitters ||= Mihari.emitters.filter_map do |klass|
           emitter = klass.new
           emitter.valid? ? emitter : nil
-        end
-      end
-      #
-      # Normalize ASN value
-      #
-      # @param [String, Integer] asn
-      #
-      # @return [Integer]
-      #
-      def normalize_asn(asn)
-        return asn if asn.is_a?(Integer)
-        return asn.to_i unless asn.start_with?("AS")
-        asn.delete_prefix("AS").to_i
+        end.compact
       end
     end
   end

data/lib/mihari/analyzers/binaryedge.rb CHANGED Viewed

@@ -26,6 +26,14 @@ module Mihari
       PAGE_SIZE = 20
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Hash]
+      #
       def search_with_page(query, page: 1)
         api.host.search(query, page: page)
       rescue ::BinaryEdge::Error => e
@@ -34,6 +42,11 @@ module Mihari
         raise e
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|

data/lib/mihari/analyzers/censys.rb CHANGED Viewed

@@ -16,6 +16,11 @@ module Mihari
       private
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         artifacts = []

data/lib/mihari/analyzers/circl.rb CHANGED Viewed

@@ -35,6 +35,11 @@ module Mihari
         @api ||= ::PassiveCIRCL::API.new(username: Mihari.config.circl_passive_username, password: Mihari.config.circl_passive_password)
       end
+      #
+      # Passive DNS/SSL search
+      #
+      # @return [Array<String>]
+      #
       def search
         case @type
         when "domain"
@@ -46,6 +51,11 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         results = api.dns.query(@query)
         results.filter_map do |result|
@@ -54,6 +64,11 @@ module Mihari
         end.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def passive_ssl_search
         result = api.ssl.cquery(@query)
         seen = result["seen"] || []

data/lib/mihari/analyzers/crtsh.rb CHANGED Viewed

@@ -23,6 +23,11 @@ module Mihari
         @api ||= ::Crtsh::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         exclude = exclude_expired ? "expired" : nil
         api.search(query, exclude: exclude)

data/lib/mihari/analyzers/dnpedia.rb CHANGED Viewed

@@ -20,6 +20,11 @@ module Mihari
         @api ||= ::DNPedia::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         res = api.search(query)
         rows = res["rows"] || []

data/lib/mihari/analyzers/dnstwister.rb CHANGED Viewed

@@ -29,6 +29,11 @@ module Mihari
       private
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         type == "domain"
       end
@@ -37,6 +42,13 @@ module Mihari
         @api ||= ::DNSTwister::API.new
       end
+      #
+      # Check whether a domain is resolvable or not
+      #
+      # @param [String] domain
+      #
+      # @return [Boolean]
+      #
       def resolvable?(domain)
         Resolv.getaddress domain
         true
@@ -44,6 +56,11 @@ module Mihari
         false
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/onyphe.rb CHANGED Viewed

@@ -33,11 +33,24 @@ module Mihari
         @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
       end
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Structs::Onyphe::Response]
+      #
       def search_with_page(query, page: 1)
         res = api.simple.datascan(query, page: page)
         Structs::Onyphe::Response.from_dynamic!(res)
       end
+      #
+      # Search
+      #
+      # @return [Array<Structs::Onyphe::Response>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|
@@ -60,10 +73,13 @@ module Mihari
       def build_artifact(result)
         as = AutonomousSystem.new(asn: normalize_asn(result.asn))
-        geolocation = Geolocation.new(
-          country: NormalizeCountry(result.country_code, to: :short),
-          country_code: result.country_code
-        )
+        geolocation = nil
+        unless result.country_code.nil?
+          geolocation = Geolocation.new(
+            country: NormalizeCountry(result.country_code, to: :short),
+            country_code: result.country_code
+          )
+        end
         Artifact.new(
           data: result.ip,

data/lib/mihari/analyzers/otx.rb CHANGED Viewed

@@ -39,10 +39,20 @@ module Mihari
         @ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # IP/domain search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain"
@@ -54,6 +64,11 @@ module Mihari
         end
       end
+      #
+      # Domain search
+      #
+      # @return [Array<String>]
+      #
       def domain_search
         records = domain_client.get_passive_dns(query)
         records.filter_map do |record|
@@ -61,6 +76,11 @@ module Mihari
         end.uniq
       end
+      #
+      # IP search
+      #
+      # @return [Array<String>]
+      #
       def ip_search
         records = ip_client.get_passive_dns(query)
         records.filter_map do |record|

data/lib/mihari/analyzers/passivetotal.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain mail hash].include? type
       end
+      #
+      # Passive DNS/SSL, reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain", "ip"
@@ -52,11 +62,21 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         res = api.dns.passive_unique(query)
         res["results"] || []
       end
+      #
+      # Reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def reverse_whois_search
         res = api.whois.search(query: query, field: "email")
         results = res["results"] || []
@@ -65,6 +85,11 @@ module Mihari
         end.flatten.compact.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def ssl_search
         res = api.ssl.history(query)
         results = res["results"] || []

data/lib/mihari/analyzers/pulsedive.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::Pulsedive::API.new(Mihari.config.pulsedive_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Mihari
         super(**kwargs)
         @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s
+        validate_analyzer_configurations
       end
       ANALYZER_TO_CLASS = {
@@ -119,6 +121,22 @@ module Mihari
         raise ArgumentError, "#{analyzer_name} is not supported"
       end
+      #
+      # Validate configuration of analyzers
+      #
+      def validate_analyzer_configurations
+        queries.each do |params|
+          analyzer_name = params[:analyzer]
+          klass = get_analyzer_class(analyzer_name)
+          instance = klass.new("dummy")
+          unless instance.configured?
+            klass_name = klass.to_s.split("::").last
+            raise ArgumentError, "#{klass_name} is not configured correctly"
+          end
+        end
+      end
     end
   end
 end