mihari 3.7.0 → 3.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/lib/mihari.rb CHANGED
@@ -6,6 +6,9 @@ require "dry/files"
6
6
  require "mem"
7
7
  require "yaml"
8
8
 
9
+ # Load .env
10
+ require "dotenv/load"
11
+
9
12
  # Mixins
10
13
  require "mihari/mixins/autonomous_system"
11
14
  require "mihari/mixins/configurable"
@@ -27,32 +30,32 @@ module Mihari
27
30
  extend Dry::Configurable
28
31
  extend Mixins::Configuration
29
32
 
30
- setting :binaryedge_api_key, ENV["BINARYEDGE_API_KEY"]
31
- setting :censys_id, ENV["CENSYS_ID"]
32
- setting :censys_secret, ENV["CENSYS_SECRET"]
33
- setting :circl_passive_password, ENV["CIRCL_PASSIVE_PASSWORD"]
34
- setting :circl_passive_username, ENV["CIRCL_PASSIVE_USERNAME"]
35
- setting :ipinfo_api_key, ENV["ipinfo_api_key"]
36
- setting :misp_api_endpoint, ENV["MISP_API_ENDPOINT"]
37
- setting :misp_api_key, ENV["MISP_API_KEY"]
38
- setting :onyphe_api_key, ENV["ONYPHE_API_KEY"]
39
- setting :otx_api_key, ENV["OTX_API_KEY"]
40
- setting :passivetotal_api_key, ENV["PASSIVETOTAL_API_KEY"]
41
- setting :passivetotal_username, ENV["PASSIVETOTAL_USERNAME"]
42
- setting :pulsedive_api_key, ENV["PULSEDIVE_API_KEY"]
43
- setting :securitytrails_api_key, ENV["SECURITYTRAILS_API_KEY"]
44
- setting :shodan_api_key, ENV["SHODAN_API_KEY"]
45
- setting :slack_channel, ENV["SLACK_CHANNEL"]
46
- setting :slack_webhook_url, ENV["SLACK_WEBHOOK_URL"]
47
- setting :spyse_api_key, ENV["SPYSE_API_KEY"]
48
- setting :thehive_api_endpoint, ENV["THEHIVE_API_ENDPOINT"]
49
- setting :thehive_api_key, ENV["THEHIVE_API_KEY"]
50
- setting :urlscan_api_key, ENV["URLSCAN_API_KEY"]
51
- setting :virustotal_api_key, ENV["VIRUSTOTAL_API_KEY"]
52
- setting :zoomeye_api_key, ENV["ZOOMEYE_API_KEY"]
53
- setting :webhook_url, ENV["WEBHOOK_URL"]
54
- setting(:webhook_use_json_body, ENV["WEBHOOK_USE_JSON_BODY"]) { |value| truthy?(value) }
55
- setting :database, ENV["DATABASE"] || "mihari.db"
33
+ setting :binaryedge_api_key, default: ENV["BINARYEDGE_API_KEY"]
34
+ setting :censys_id, default: ENV["CENSYS_ID"]
35
+ setting :censys_secret, default: ENV["CENSYS_SECRET"]
36
+ setting :circl_passive_password, default: ENV["CIRCL_PASSIVE_PASSWORD"]
37
+ setting :circl_passive_username, default: ENV["CIRCL_PASSIVE_USERNAME"]
38
+ setting :ipinfo_api_key, default: ENV["IPINFO_API_KEY"]
39
+ setting :misp_api_endpoint, default: ENV["MISP_API_ENDPOINT"]
40
+ setting :misp_api_key, default: ENV["MISP_API_KEY"]
41
+ setting :onyphe_api_key, default: ENV["ONYPHE_API_KEY"]
42
+ setting :otx_api_key, default: ENV["OTX_API_KEY"]
43
+ setting :passivetotal_api_key, default: ENV["PASSIVETOTAL_API_KEY"]
44
+ setting :passivetotal_username, default: ENV["PASSIVETOTAL_USERNAME"]
45
+ setting :pulsedive_api_key, default: ENV["PULSEDIVE_API_KEY"]
46
+ setting :securitytrails_api_key, default: ENV["SECURITYTRAILS_API_KEY"]
47
+ setting :shodan_api_key, default: ENV["SHODAN_API_KEY"]
48
+ setting :slack_channel, default: ENV["SLACK_CHANNEL"]
49
+ setting :slack_webhook_url, default: ENV["SLACK_WEBHOOK_URL"]
50
+ setting :spyse_api_key, default: ENV["SPYSE_API_KEY"]
51
+ setting :thehive_api_endpoint, default: ENV["THEHIVE_API_ENDPOINT"]
52
+ setting :thehive_api_key, default: ENV["THEHIVE_API_KEY"]
53
+ setting :urlscan_api_key, default: ENV["URLSCAN_API_KEY"]
54
+ setting :virustotal_api_key, default: ENV["VIRUSTOTAL_API_KEY"]
55
+ setting :zoomeye_api_key, default: ENV["ZOOMEYE_API_KEY"]
56
+ setting :webhook_url, default: ENV["WEBHOOK_URL"]
57
+ setting :webhook_use_json_body, constructor: ->(value = ENV["WEBHOOK_USE_JSON_BODY"]) { truthy?(value) }
58
+ setting :database, default: ENV["DATABASE"] || "mihari.db"
56
59
 
57
60
  class << self
58
61
  include Mem
@@ -67,6 +70,11 @@ module Mihari
67
70
  end
68
71
  memoize :analyzers
69
72
 
73
+ def enrichers
74
+ []
75
+ end
76
+ memoize :enrichers
77
+
70
78
  #
71
79
  # Load configuration from YAML file
72
80
  #
@@ -104,6 +112,7 @@ require "mihari/structs/censys"
104
112
  require "mihari/structs/ipinfo"
105
113
  require "mihari/structs/onyphe"
106
114
  require "mihari/structs/shodan"
115
+ require "mihari/structs/virustotal_intelligence"
107
116
 
108
117
  # Schemas
109
118
  require "mihari/schemas/analyzer"
@@ -111,6 +120,7 @@ require "mihari/schemas/configuration"
111
120
  require "mihari/schemas/rule"
112
121
 
113
122
  # Enrichers
123
+ require "mihari/enrichers/base"
114
124
  require "mihari/enrichers/ipinfo"
115
125
 
116
126
  # Models
@@ -154,9 +164,9 @@ require "mihari/analyzers/securitytrails"
154
164
  require "mihari/analyzers/shodan"
155
165
  require "mihari/analyzers/spyse"
156
166
  require "mihari/analyzers/urlscan"
167
+ require "mihari/analyzers/virustotal_intelligence"
157
168
  require "mihari/analyzers/virustotal"
158
169
  require "mihari/analyzers/zoomeye"
159
-
160
170
  require "mihari/analyzers/rule"
161
171
 
162
172
  # Notifiers
data/mihari.gemspec CHANGED
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
26
26
  spec.require_paths = ["lib"]
27
27
 
28
28
  spec.add_development_dependency "bundler", "~> 2.2"
29
- spec.add_development_dependency "coveralls_reborn", "~> 0.22"
29
+ spec.add_development_dependency "coveralls_reborn", "~> 0.23"
30
30
  spec.add_development_dependency "fakefs", "~> 1.3"
31
31
  spec.add_development_dependency "mysql2", "~> 0.5"
32
32
  spec.add_development_dependency "overcommit", "~> 0.58"
@@ -54,11 +54,12 @@ Gem::Specification.new do |spec|
54
54
  spec.add_dependency "cymbal", "~> 2.0"
55
55
  spec.add_dependency "dnpedia", "~> 0.1"
56
56
  spec.add_dependency "dnstwister", "~> 0.1"
57
- spec.add_dependency "dry-configurable", "~> 0.12"
57
+ spec.add_dependency "dotenv", "~> 2.7"
58
+ spec.add_dependency "dry-configurable", "~> 0.13"
58
59
  spec.add_dependency "dry-files", "~> 0.1"
59
60
  spec.add_dependency "dry-initializer", "~> 3.0"
60
61
  spec.add_dependency "dry-struct", "~> 1.4"
61
- spec.add_dependency "dry-validation", "~> 1.6"
62
+ spec.add_dependency "dry-validation", "~> 1.7"
62
63
  spec.add_dependency "email_address", "~> 0.2"
63
64
  spec.add_dependency "hachi", "~> 1.0"
64
65
  spec.add_dependency "http", "~> 5.0"
@@ -91,7 +92,7 @@ Gem::Specification.new do |spec|
91
92
  spec.add_dependency "thread_safe", "~> 0.3"
92
93
  spec.add_dependency "urlscan", "~> 0.7"
93
94
  spec.add_dependency "uuidtools", "~> 2.2"
94
- spec.add_dependency "virustotalx", "~> 1.1"
95
+ spec.add_dependency "virustotalx", "~> 1.2"
95
96
  spec.add_dependency "whois", "~> 5.0"
96
97
  spec.add_dependency "whois-parser", "~> 1.2"
97
98
  spec.add_dependency "zoomeye-rb", "~> 0.2"
@@ -1,5 +1,7 @@
1
1
  module Mihari
2
2
  module Analyzers
3
+ ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
4
+
3
5
  class Rule < Base
4
6
  include Mihari::Mixins::DisallowedDataValue
5
7
 
@@ -14,8 +16,6 @@ module Mihari
14
16
 
15
17
  def initialize: (**untyped kwargs) -> void
16
18
 
17
- ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
18
-
19
19
  #
20
20
  # Returns a list of artifacts matched with queries
21
21
  #
@@ -0,0 +1,32 @@
1
+ module Mihari
2
+ module Analyzers
3
+ class VirusTotalIntelligence < Base
4
+ attr_reader query: String
5
+ attr_reader title: String
6
+ attr_reader description: String
7
+ attr_reader tags: Array[String]
8
+
9
+ def initialize: (*untyped args, **untyped kwargs) -> void
10
+
11
+ def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
12
+
13
+ private
14
+
15
+ def configuration_keys: () -> ::Array["virustotal_api_key"]
16
+
17
+ #
18
+ # VT API
19
+ #
20
+ # @return [::VirusTotal::API]
21
+ #
22
+ def api: () -> untyped
23
+
24
+ #
25
+ # Search with cursor
26
+ #
27
+ # @return [Array<Mihari::Structs::VirusTotalIntelligence::Response>]
28
+ #
29
+ def search_witgh_cursor: () -> Array[Mihari::Structs::VirusTotalIntelligence::Response]
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,12 @@
1
+ module Mihari
2
+ module Enrichers
3
+ class Base
4
+ include Mixins::Configurable
5
+
6
+ def self.inherited: (untyped child) -> untyped
7
+
8
+ # @return [Boolean]
9
+ def valid?: () -> bool
10
+ end
11
+ end
12
+ end
@@ -1,6 +1,8 @@
1
1
  module Mihari
2
2
  module Enrichers
3
3
  class IPInfo
4
+ def valid?: () -> bool
5
+
4
6
  #
5
7
  # Query IPInfo
6
8
  #
@@ -6,7 +6,7 @@ module Mihari
6
6
  attr_reader hostname: String?
7
7
  attr_reader loc: String
8
8
  attr_reader country_code: String
9
- attr_reader asn: String
9
+ attr_reader asn: Integer?
10
10
 
11
11
  def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::IPInfo::Response
12
12
 
@@ -0,0 +1,33 @@
1
+ module Mihari
2
+ module Structs
3
+ module VirusTotalIntelligence
4
+ class ContextAttributes
5
+ attr_reader url: Array[String]?
6
+
7
+ def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::ContextAttributes
8
+ end
9
+
10
+ class Datum
11
+ attr_reader type: String
12
+ attr_reader context_attributes: Mihari::Structs::VirusTotalIntelligence::ContextAttributes?
13
+
14
+ def value: () -> String?
15
+
16
+ def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Datum
17
+ end
18
+
19
+ class Meta
20
+ attr_reader cursor: String?
21
+
22
+ def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Meta
23
+ end
24
+
25
+ class Response
26
+ attr_reader meta: Mihari::Structs::VirusTotalIntelligence::Meta
27
+ attr_reader data: Array[Mihari::Structs::VirusTotalIntelligence::Datum]
28
+
29
+ def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Response
30
+ end
31
+ end
32
+ end
33
+ end
data/sig/lib/mihari.rbs CHANGED
@@ -42,6 +42,8 @@ module Mihari
42
42
 
43
43
  def self.analyzers: () -> ::Array[singleton(Mihari::Analyzers::Base)]
44
44
 
45
+ def self.enrichers: () -> ::Array[singleton(Mihari::Enrichers::Base)]
46
+
45
47
  #
46
48
  # Load configuration from YAML file
47
49
  #
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.0
4
+ version: 3.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-09-03 00:00:00.000000000 Z
11
+ date: 2021-09-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.22'
33
+ version: '0.23'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.22'
40
+ version: '0.23'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: fakefs
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -402,20 +402,34 @@ dependencies:
402
402
  - - "~>"
403
403
  - !ruby/object:Gem::Version
404
404
  version: '0.1'
405
+ - !ruby/object:Gem::Dependency
406
+ name: dotenv
407
+ requirement: !ruby/object:Gem::Requirement
408
+ requirements:
409
+ - - "~>"
410
+ - !ruby/object:Gem::Version
411
+ version: '2.7'
412
+ type: :runtime
413
+ prerelease: false
414
+ version_requirements: !ruby/object:Gem::Requirement
415
+ requirements:
416
+ - - "~>"
417
+ - !ruby/object:Gem::Version
418
+ version: '2.7'
405
419
  - !ruby/object:Gem::Dependency
406
420
  name: dry-configurable
407
421
  requirement: !ruby/object:Gem::Requirement
408
422
  requirements:
409
423
  - - "~>"
410
424
  - !ruby/object:Gem::Version
411
- version: '0.12'
425
+ version: '0.13'
412
426
  type: :runtime
413
427
  prerelease: false
414
428
  version_requirements: !ruby/object:Gem::Requirement
415
429
  requirements:
416
430
  - - "~>"
417
431
  - !ruby/object:Gem::Version
418
- version: '0.12'
432
+ version: '0.13'
419
433
  - !ruby/object:Gem::Dependency
420
434
  name: dry-files
421
435
  requirement: !ruby/object:Gem::Requirement
@@ -464,14 +478,14 @@ dependencies:
464
478
  requirements:
465
479
  - - "~>"
466
480
  - !ruby/object:Gem::Version
467
- version: '1.6'
481
+ version: '1.7'
468
482
  type: :runtime
469
483
  prerelease: false
470
484
  version_requirements: !ruby/object:Gem::Requirement
471
485
  requirements:
472
486
  - - "~>"
473
487
  - !ruby/object:Gem::Version
474
- version: '1.6'
488
+ version: '1.7'
475
489
  - !ruby/object:Gem::Dependency
476
490
  name: email_address
477
491
  requirement: !ruby/object:Gem::Requirement
@@ -926,14 +940,14 @@ dependencies:
926
940
  requirements:
927
941
  - - "~>"
928
942
  - !ruby/object:Gem::Version
929
- version: '1.1'
943
+ version: '1.2'
930
944
  type: :runtime
931
945
  prerelease: false
932
946
  version_requirements: !ruby/object:Gem::Requirement
933
947
  requirements:
934
948
  - - "~>"
935
949
  - !ruby/object:Gem::Version
936
- version: '1.1'
950
+ version: '1.2'
937
951
  - !ruby/object:Gem::Dependency
938
952
  name: whois
939
953
  requirement: !ruby/object:Gem::Requirement
@@ -1032,6 +1046,7 @@ files:
1032
1046
  - lib/mihari/analyzers/spyse.rb
1033
1047
  - lib/mihari/analyzers/urlscan.rb
1034
1048
  - lib/mihari/analyzers/virustotal.rb
1049
+ - lib/mihari/analyzers/virustotal_intelligence.rb
1035
1050
  - lib/mihari/analyzers/zoomeye.rb
1036
1051
  - lib/mihari/cli/analyzer.rb
1037
1052
  - lib/mihari/cli/base.rb
@@ -1058,6 +1073,7 @@ files:
1058
1073
  - lib/mihari/commands/urlscan.rb
1059
1074
  - lib/mihari/commands/validator.rb
1060
1075
  - lib/mihari/commands/virustotal.rb
1076
+ - lib/mihari/commands/virustotal_intelligence.rb
1061
1077
  - lib/mihari/commands/web.rb
1062
1078
  - lib/mihari/commands/zoomeye.rb
1063
1079
  - lib/mihari/constants.rb
@@ -1069,6 +1085,7 @@ files:
1069
1085
  - lib/mihari/emitters/stdout.rb
1070
1086
  - lib/mihari/emitters/the_hive.rb
1071
1087
  - lib/mihari/emitters/webhook.rb
1088
+ - lib/mihari/enrichers/base.rb
1072
1089
  - lib/mihari/enrichers/ipinfo.rb
1073
1090
  - lib/mihari/errors.rb
1074
1091
  - lib/mihari/mixins/autonomous_system.rb
@@ -1108,6 +1125,7 @@ files:
1108
1125
  - lib/mihari/structs/ipinfo.rb
1109
1126
  - lib/mihari/structs/onyphe.rb
1110
1127
  - lib/mihari/structs/shodan.rb
1128
+ - lib/mihari/structs/virustotal_intelligence.rb
1111
1129
  - lib/mihari/templates/rule.yml.erb
1112
1130
  - lib/mihari/type_checker.rb
1113
1131
  - lib/mihari/types.rb
@@ -1162,6 +1180,8 @@ files:
1162
1180
  - lib/mihari/web/public/static/js/app.365f1907.js.map
1163
1181
  - lib/mihari/web/public/static/js/app.8e3e5150.js
1164
1182
  - lib/mihari/web/public/static/js/app.8e3e5150.js.map
1183
+ - lib/mihari/web/public/static/js/app.a862ebca.js
1184
+ - lib/mihari/web/public/static/js/app.a862ebca.js.map
1165
1185
  - lib/mihari/web/public/static/js/app.ab213f7c.js
1166
1186
  - lib/mihari/web/public/static/js/app.ab213f7c.js.map
1167
1187
  - lib/mihari/web/public/static/js/app.b5914c39.js
@@ -1189,6 +1209,7 @@ files:
1189
1209
  - sig/lib/mihari/analyzers/spyse.rbs
1190
1210
  - sig/lib/mihari/analyzers/urlscan.rbs
1191
1211
  - sig/lib/mihari/analyzers/virustotal.rbs
1212
+ - sig/lib/mihari/analyzers/virustotal_intelligence.rbs
1192
1213
  - sig/lib/mihari/analyzers/zoomeye.rbs
1193
1214
  - sig/lib/mihari/cli/analyzer.rbs
1194
1215
  - sig/lib/mihari/cli/base.rbs
@@ -1226,6 +1247,7 @@ files:
1226
1247
  - sig/lib/mihari/emitters/stdout.rbs
1227
1248
  - sig/lib/mihari/emitters/the_hive.rbs
1228
1249
  - sig/lib/mihari/emitters/webhook.rbs
1250
+ - sig/lib/mihari/enrichers/base.rbs
1229
1251
  - sig/lib/mihari/enrichers/ipinfo.rbs
1230
1252
  - sig/lib/mihari/errors.rbs
1231
1253
  - sig/lib/mihari/mixins/autonomous_system.rbs
@@ -1253,6 +1275,7 @@ files:
1253
1275
  - sig/lib/mihari/structs/ipinfo.rbs
1254
1276
  - sig/lib/mihari/structs/onyphe.rbs
1255
1277
  - sig/lib/mihari/structs/shodan.rbs
1278
+ - sig/lib/mihari/structs/virustotal_intelligence.rbs
1256
1279
  - sig/lib/mihari/type_checker.rbs
1257
1280
  - sig/lib/mihari/types.rbs
1258
1281
  - sig/lib/mihari/version.rbs