RubyGems - mihari - Versions diffs - 3.6.0 → 3.7.2 - Mend

mihari 3.6.0 → 3.7.2

Files changed (139) hide show

checksums.yaml +4 -4
data/.gitmodules +3 -0
data/Steepfile +32 -0
data/lib/mihari/analyzers/base.rb +7 -22
data/lib/mihari/analyzers/binaryedge.rb +13 -0
data/lib/mihari/analyzers/censys.rb +5 -0
data/lib/mihari/analyzers/circl.rb +15 -0
data/lib/mihari/analyzers/crtsh.rb +5 -0
data/lib/mihari/analyzers/dnpedia.rb +5 -0
data/lib/mihari/analyzers/dnstwister.rb +17 -0
data/lib/mihari/analyzers/onyphe.rb +20 -4
data/lib/mihari/analyzers/otx.rb +20 -0
data/lib/mihari/analyzers/passivetotal.rb +25 -0
data/lib/mihari/analyzers/pulsedive.rb +10 -0
data/lib/mihari/analyzers/rule.rb +18 -0
data/lib/mihari/analyzers/securitytrails.rb +25 -0
data/lib/mihari/analyzers/shodan.rb +13 -0
data/lib/mihari/analyzers/spyse.rb +20 -0
data/lib/mihari/analyzers/urlscan.rb +10 -0
data/lib/mihari/analyzers/virustotal.rb +20 -0
data/lib/mihari/analyzers/zoomeye.rb +38 -0
data/lib/mihari/database.rb +13 -0
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +38 -5
data/lib/mihari/emitters/slack.rb +20 -2
data/lib/mihari/emitters/the_hive.rb +16 -3
data/lib/mihari/emitters/webhook.rb +18 -3
data/lib/mihari/enrichers/base.rb +18 -0
data/lib/mihari/enrichers/ipinfo.rb +49 -0
data/lib/mihari/mixins/autonomous_system.rb +19 -0
data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
data/lib/mihari/models/artifact.rb +42 -3
data/lib/mihari/models/autonomous_system.rb +18 -1
data/lib/mihari/models/dns.rb +2 -0
data/lib/mihari/models/geolocation.rb +21 -1
data/lib/mihari/models/reverse_dns.rb +2 -0
data/lib/mihari/models/whois.rb +1 -1
data/lib/mihari/status.rb +7 -2
data/lib/mihari/structs/ipinfo.rb +39 -0
data/lib/mihari/structs/onyphe.rb +2 -2
data/lib/mihari/type_checker.rb +9 -9
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/controllers/artifacts_controller.rb +27 -1
data/lib/mihari/web/controllers/ip_address_controller.rb +4 -19
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +7 -6
data/lib/mihari/web/public/static/js/app.06d5cf1c.js +36 -0
data/lib/mihari/web/public/static/js/app.06d5cf1c.js.map +1 -0
data/lib/mihari.rb +40 -26
data/mihari.gemspec +7 -4
data/sig/lib/mihari/analyzers/base.rbs +90 -0
data/sig/lib/mihari/analyzers/basic.rbs +17 -0
data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
data/sig/lib/mihari/analyzers/censys.rbs +38 -0
data/sig/lib/mihari/analyzers/circl.rbs +29 -0
data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
data/sig/lib/mihari/analyzers/otx.rbs +33 -0
data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
data/sig/lib/mihari/analyzers/rule.rbs +68 -0
data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
data/sig/lib/mihari/cli/analyzer.rbs +39 -0
data/sig/lib/mihari/cli/base.rbs +11 -0
data/sig/lib/mihari/cli/init.rbs +7 -0
data/sig/lib/mihari/cli/main.rbs +9 -0
data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
data/sig/lib/mihari/cli/validator.rbs +7 -0
data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
data/sig/lib/mihari/commands/censys.rbs +7 -0
data/sig/lib/mihari/commands/circl.rbs +7 -0
data/sig/lib/mihari/commands/crtsh.rbs +7 -0
data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
data/sig/lib/mihari/commands/init.rbs +11 -0
data/sig/lib/mihari/commands/json.rbs +7 -0
data/sig/lib/mihari/commands/onyphe.rbs +7 -0
data/sig/lib/mihari/commands/otx.rbs +7 -0
data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
data/sig/lib/mihari/commands/search.rbs +35 -0
data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
data/sig/lib/mihari/commands/shodan.rbs +7 -0
data/sig/lib/mihari/commands/spyse.rbs +7 -0
data/sig/lib/mihari/commands/urlscan.rbs +7 -0
data/sig/lib/mihari/commands/validator.rbs +11 -0
data/sig/lib/mihari/commands/virustotal.rbs +7 -0
data/sig/lib/mihari/commands/web.rbs +7 -0
data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
data/sig/lib/mihari/constants.rbs +3 -0
data/sig/lib/mihari/database.rbs +25 -0
data/sig/lib/mihari/emitters/base.rbs +18 -0
data/sig/lib/mihari/emitters/database.rbs +9 -0
data/sig/lib/mihari/emitters/misp.rbs +28 -0
data/sig/lib/mihari/emitters/slack.rbs +58 -0
data/sig/lib/mihari/emitters/stdout.rbs +9 -0
data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
data/sig/lib/mihari/emitters/webhook.rbs +20 -0
data/sig/lib/mihari/enrichers/base.rbs +12 -0
data/sig/lib/mihari/enrichers/ipinfo.rbs +16 -0
data/sig/lib/mihari/errors.rbs +10 -0
data/sig/lib/mihari/mixins/autonomous_system.rbs +14 -0
data/sig/lib/mihari/mixins/configurable.rbs +26 -0
data/sig/lib/mihari/mixins/configuration.rbs +45 -0
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
data/sig/lib/mihari/mixins/hash.rbs +14 -0
data/sig/lib/mihari/mixins/refang.rbs +14 -0
data/sig/lib/mihari/mixins/retriable.rbs +15 -0
data/sig/lib/mihari/mixins/rule.rbs +41 -0
data/sig/lib/mihari/models/alert.rbs +46 -0
data/sig/lib/mihari/models/artifact.rbs +65 -0
data/sig/lib/mihari/models/autonomous_system.rbs +14 -0
data/sig/lib/mihari/models/dns.rbs +19 -0
data/sig/lib/mihari/models/geolocation.rbs +15 -0
data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
data/sig/lib/mihari/models/tag.rbs +5 -0
data/sig/lib/mihari/models/tagging.rbs +4 -0
data/sig/lib/mihari/models/whois.rbs +66 -0
data/sig/lib/mihari/notifiers/base.rbs +18 -0
data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
data/sig/lib/mihari/notifiers/slack.rbs +50 -0
data/sig/lib/mihari/status.rbs +25 -0
data/sig/lib/mihari/structs/censys.rbs +50 -0
data/sig/lib/mihari/structs/ipinfo.rbs +17 -0
data/sig/lib/mihari/structs/onyphe.rbs +25 -0
data/sig/lib/mihari/structs/shodan.rbs +28 -0
data/sig/lib/mihari/type_checker.rbs +48 -0
data/sig/lib/mihari/types.rbs +17 -0
data/sig/lib/mihari/version.rbs +3 -0
data/sig/lib/mihari/web/app.rbs +5 -0
data/sig/lib/mihari.rbs +59 -0
metadata +148 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9c1cbdf0570c25e2d89d7f6fd402b64991dfaebc75cf3cf5422a56504287ae9
-  data.tar.gz: d5b7a0db7b49f245e3c949135011fb674e28a9d3c251e165f827e8f3d90673b1
+  metadata.gz: e4ce5b3ce24278b8141bf2078dce45d572846a4838a0dc00c34e695201c36d77
+  data.tar.gz: '0992223bccd1d9732e0cc9cb6063f822efef8f0db34a27a45ad829efc930a60f'
 SHA512:
-  metadata.gz: e76a216dedbc1aec17748c37a1b874c2c825fed6f7716ef356a48ddf2861584da299c384737e588a48b67165874f495192bb42a4c20c2f29f4620f8b559d1a83
-  data.tar.gz: 2f3e380b252ba238594ccacd2df8e362a62b9685aafeff34d6506e7301184cf5b38c4244db9498842f4aee9df109d7c43a9ad99cecc3b63616d333a7f5093333
+  metadata.gz: 26aa441c9e982df2a84e5d3f8cc5bc261b49b9dae618fc73384a116927481125b4a87dac8317a6fb319caf5523398020ebcf8973eee6229d128a377f1054c4db
+  data.tar.gz: bfee6864b187018a6a9f9b5f4c68cfdea496b36ebad0b796425642ed9b80b2f7c70c4d74ef16964838e16b2985acddb11d4b0c0a6c4cca73dfb93d7a1ff83875

data/.gitmodules ADDED Viewed

@@ -0,0 +1,3 @@
+[submodule "vendor/rbs/gem_rbs_collection"]
+	path = vendor/rbs/gem_rbs_collection
+	url = https://github.com/ruby/gem_rbs_collection.git

data/Steepfile ADDED Viewed

@@ -0,0 +1,32 @@
+target :lib do
+  signature "sig"
+  check "lib"
+  repo_path "vendor/rbs/gem_rbs_collection/gems"
+  library "date"
+  library "json"
+  library "logger"
+  library "monitor"
+  library "mutex_m"
+  library "pathname"
+  library "securerandom"
+  library "singleton"
+  library "time"
+  library "tsort"
+  library "uri"
+  library "resolv"
+  library "timeout"
+  library "socket"
+  library "rack"
+  library "actionpack"
+  library "actionview"
+  library "activejob"
+  library "activemodel"
+  library "activerecord"
+  library "activesupport"
+  library "parallel"
+  library "railties"
+end

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Mihari
     class Base
       extend Dry::Initializer
+      include Mixins::AutonomousSystem
       include Mixins::Configurable
       include Mixins::Retriable
@@ -27,7 +28,7 @@ module Mihari
       # @return [String]
       def title
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [String]
@@ -37,7 +38,7 @@ module Mihari
       # @return [String]
       def source
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [Array<String>]
@@ -111,9 +112,7 @@ module Mihari
       #
       def enriched_artifacts
         @enriched_artifacts ||= unique_artifacts.map do |artifact|
-          artifact.enrich_whois
-          artifact.enrich_dns
-          artifact.enrich_reverse_dns
+          artifact.enrich_all
           artifact
         end
       end
@@ -125,9 +124,9 @@ module Mihari
       #
       def set_enriched_artifacts
         retry_on_error { enriched_artifacts }
-      rescue ArgumentError => _e
+      rescue ArgumentError => e
         klass = self.class.to_s.split("::").last.to_s
-        raise Error, "Please configure #{klass} API settings properly"
+        raise Error, "Please configure #{klass} settings properly. (#{e})"
       end
       #
@@ -139,21 +138,7 @@ module Mihari
         @valid_emitters ||= Mihari.emitters.filter_map do |klass|
           emitter = klass.new
           emitter.valid? ? emitter : nil
-        end
-      end
-      #
-      # Normalize ASN value
-      #
-      # @param [String, Integer] asn
-      #
-      # @return [Integer]
-      #
-      def normalize_asn(asn)
-        return asn if asn.is_a?(Integer)
-        return asn.to_i unless asn.start_with?("AS")
-        asn.delete_prefix("AS").to_i
+        end.compact
       end
     end
   end

data/lib/mihari/analyzers/binaryedge.rb CHANGED Viewed

@@ -26,6 +26,14 @@ module Mihari
       PAGE_SIZE = 20
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Hash]
+      #
       def search_with_page(query, page: 1)
         api.host.search(query, page: page)
       rescue ::BinaryEdge::Error => e
@@ -34,6 +42,11 @@ module Mihari
         raise e
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|

data/lib/mihari/analyzers/censys.rb CHANGED Viewed

@@ -16,6 +16,11 @@ module Mihari
       private
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         artifacts = []

data/lib/mihari/analyzers/circl.rb CHANGED Viewed

@@ -35,6 +35,11 @@ module Mihari
         @api ||= ::PassiveCIRCL::API.new(username: Mihari.config.circl_passive_username, password: Mihari.config.circl_passive_password)
       end
+      #
+      # Passive DNS/SSL search
+      #
+      # @return [Array<String>]
+      #
       def search
         case @type
         when "domain"
@@ -46,6 +51,11 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         results = api.dns.query(@query)
         results.filter_map do |result|
@@ -54,6 +64,11 @@ module Mihari
         end.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def passive_ssl_search
         result = api.ssl.cquery(@query)
         seen = result["seen"] || []

data/lib/mihari/analyzers/crtsh.rb CHANGED Viewed

@@ -23,6 +23,11 @@ module Mihari
         @api ||= ::Crtsh::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         exclude = exclude_expired ? "expired" : nil
         api.search(query, exclude: exclude)

data/lib/mihari/analyzers/dnpedia.rb CHANGED Viewed

@@ -20,6 +20,11 @@ module Mihari
         @api ||= ::DNPedia::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         res = api.search(query)
         rows = res["rows"] || []

data/lib/mihari/analyzers/dnstwister.rb CHANGED Viewed

@@ -29,6 +29,11 @@ module Mihari
       private
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         type == "domain"
       end
@@ -37,6 +42,13 @@ module Mihari
         @api ||= ::DNSTwister::API.new
       end
+      #
+      # Check whether a domain is resolvable or not
+      #
+      # @param [String] domain
+      #
+      # @return [Boolean]
+      #
       def resolvable?(domain)
         Resolv.getaddress domain
         true
@@ -44,6 +56,11 @@ module Mihari
         false
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/onyphe.rb CHANGED Viewed

@@ -33,11 +33,24 @@ module Mihari
         @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
       end
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Structs::Onyphe::Response]
+      #
       def search_with_page(query, page: 1)
         res = api.simple.datascan(query, page: page)
         Structs::Onyphe::Response.from_dynamic!(res)
       end
+      #
+      # Search
+      #
+      # @return [Array<Structs::Onyphe::Response>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|
@@ -60,10 +73,13 @@ module Mihari
       def build_artifact(result)
         as = AutonomousSystem.new(asn: normalize_asn(result.asn))
-        geolocation = Geolocation.new(
-          country: NormalizeCountry(result.country_code, to: :short),
-          country_code: result.country_code
-        )
+        geolocation = nil
+        unless result.country_code.nil?
+          geolocation = Geolocation.new(
+            country: NormalizeCountry(result.country_code, to: :short),
+            country_code: result.country_code
+          )
+        end
         Artifact.new(
           data: result.ip,

data/lib/mihari/analyzers/otx.rb CHANGED Viewed

@@ -39,10 +39,20 @@ module Mihari
         @ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # IP/domain search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain"
@@ -54,6 +64,11 @@ module Mihari
         end
       end
+      #
+      # Domain search
+      #
+      # @return [Array<String>]
+      #
       def domain_search
         records = domain_client.get_passive_dns(query)
         records.filter_map do |record|
@@ -61,6 +76,11 @@ module Mihari
         end.uniq
       end
+      #
+      # IP search
+      #
+      # @return [Array<String>]
+      #
       def ip_search
         records = ip_client.get_passive_dns(query)
         records.filter_map do |record|

data/lib/mihari/analyzers/passivetotal.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain mail hash].include? type
       end
+      #
+      # Passive DNS/SSL, reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain", "ip"
@@ -52,11 +62,21 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         res = api.dns.passive_unique(query)
         res["results"] || []
       end
+      #
+      # Reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def reverse_whois_search
         res = api.whois.search(query: query, field: "email")
         results = res["results"] || []
@@ -65,6 +85,11 @@ module Mihari
         end.flatten.compact.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def ssl_search
         res = api.ssl.history(query)
         results = res["results"] || []

data/lib/mihari/analyzers/pulsedive.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::Pulsedive::API.new(Mihari.config.pulsedive_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Mihari
         super(**kwargs)
         @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s
+        validate_analyzer_configurations
       end
       ANALYZER_TO_CLASS = {
@@ -119,6 +121,22 @@ module Mihari
         raise ArgumentError, "#{analyzer_name} is not supported"
       end
+      #
+      # Validate configuration of analyzers
+      #
+      def validate_analyzer_configurations
+        queries.each do |params|
+          analyzer_name = params[:analyzer]
+          klass = get_analyzer_class(analyzer_name)
+          instance = klass.new("dummy")
+          unless instance.configured?
+            klass_name = klass.to_s.split("::").last
+            raise ArgumentError, "#{klass_name} is not configured correctly"
+          end
+        end
+      end
     end
   end
 end