mihari 3.7.0 → 3.8.1

data/lib/mihari.rb

@@ -6,6 +6,9 @@ require "dry/files"
 require "mem"
 require "yaml"
 
+# Load .env
+require "dotenv/load"
+
 # Mixins
 require "mihari/mixins/autonomous_system"
 require "mihari/mixins/configurable"
@@ -27,32 +30,32 @@ module Mihari
   extend Dry::Configurable
   extend Mixins::Configuration
 
-  setting :binaryedge_api_key, ENV["BINARYEDGE_API_KEY"]
-  setting :censys_id, ENV["CENSYS_ID"]
-  setting :censys_secret, ENV["CENSYS_SECRET"]
-  setting :circl_passive_password, ENV["CIRCL_PASSIVE_PASSWORD"]
-  setting :circl_passive_username, ENV["CIRCL_PASSIVE_USERNAME"]
-  setting :ipinfo_api_key, ENV["ipinfo_api_key"]
-  setting :misp_api_endpoint, ENV["MISP_API_ENDPOINT"]
-  setting :misp_api_key, ENV["MISP_API_KEY"]
-  setting :onyphe_api_key, ENV["ONYPHE_API_KEY"]
-  setting :otx_api_key, ENV["OTX_API_KEY"]
-  setting :passivetotal_api_key, ENV["PASSIVETOTAL_API_KEY"]
-  setting :passivetotal_username, ENV["PASSIVETOTAL_USERNAME"]
-  setting :pulsedive_api_key, ENV["PULSEDIVE_API_KEY"]
-  setting :securitytrails_api_key, ENV["SECURITYTRAILS_API_KEY"]
-  setting :shodan_api_key, ENV["SHODAN_API_KEY"]
-  setting :slack_channel, ENV["SLACK_CHANNEL"]
-  setting :slack_webhook_url, ENV["SLACK_WEBHOOK_URL"]
-  setting :spyse_api_key, ENV["SPYSE_API_KEY"]
-  setting :thehive_api_endpoint, ENV["THEHIVE_API_ENDPOINT"]
-  setting :thehive_api_key, ENV["THEHIVE_API_KEY"]
-  setting :urlscan_api_key, ENV["URLSCAN_API_KEY"]
-  setting :virustotal_api_key, ENV["VIRUSTOTAL_API_KEY"]
-  setting :zoomeye_api_key, ENV["ZOOMEYE_API_KEY"]
-  setting :webhook_url, ENV["WEBHOOK_URL"]
-  setting(:webhook_use_json_body, ENV["WEBHOOK_USE_JSON_BODY"]) { |value| truthy?(value) }
-  setting :database, ENV["DATABASE"] || "mihari.db"
+  setting :binaryedge_api_key, default: ENV["BINARYEDGE_API_KEY"]
+  setting :censys_id, default: ENV["CENSYS_ID"]
+  setting :censys_secret, default: ENV["CENSYS_SECRET"]
+  setting :circl_passive_password, default: ENV["CIRCL_PASSIVE_PASSWORD"]
+  setting :circl_passive_username, default: ENV["CIRCL_PASSIVE_USERNAME"]
+  setting :ipinfo_api_key, default: ENV["IPINFO_API_KEY"]
+  setting :misp_api_endpoint, default: ENV["MISP_API_ENDPOINT"]
+  setting :misp_api_key, default: ENV["MISP_API_KEY"]
+  setting :onyphe_api_key, default: ENV["ONYPHE_API_KEY"]
+  setting :otx_api_key, default: ENV["OTX_API_KEY"]
+  setting :passivetotal_api_key, default: ENV["PASSIVETOTAL_API_KEY"]
+  setting :passivetotal_username, default: ENV["PASSIVETOTAL_USERNAME"]
+  setting :pulsedive_api_key, default: ENV["PULSEDIVE_API_KEY"]
+  setting :securitytrails_api_key, default: ENV["SECURITYTRAILS_API_KEY"]
+  setting :shodan_api_key, default: ENV["SHODAN_API_KEY"]
+  setting :slack_channel, default: ENV["SLACK_CHANNEL"]
+  setting :slack_webhook_url, default: ENV["SLACK_WEBHOOK_URL"]
+  setting :spyse_api_key, default: ENV["SPYSE_API_KEY"]
+  setting :thehive_api_endpoint, default: ENV["THEHIVE_API_ENDPOINT"]
+  setting :thehive_api_key, default: ENV["THEHIVE_API_KEY"]
+  setting :urlscan_api_key, default: ENV["URLSCAN_API_KEY"]
+  setting :virustotal_api_key, default: ENV["VIRUSTOTAL_API_KEY"]
+  setting :zoomeye_api_key, default: ENV["ZOOMEYE_API_KEY"]
+  setting :webhook_url, default: ENV["WEBHOOK_URL"]
+  setting :webhook_use_json_body, constructor: ->(value = ENV["WEBHOOK_USE_JSON_BODY"]) { truthy?(value) }
+  setting :database, default: ENV["DATABASE"] || "mihari.db"
 
   class << self
     include Mem
@@ -67,6 +70,11 @@ module Mihari
     end
     memoize :analyzers
 
+    def enrichers
+      []
+    end
+    memoize :enrichers
+
     #
     # Load configuration from YAML file
     #
@@ -104,6 +112,7 @@ require "mihari/structs/censys"
 require "mihari/structs/ipinfo"
 require "mihari/structs/onyphe"
 require "mihari/structs/shodan"
+require "mihari/structs/virustotal_intelligence"
 
 # Schemas
 require "mihari/schemas/analyzer"
@@ -111,6 +120,7 @@ require "mihari/schemas/configuration"
 require "mihari/schemas/rule"
 
 # Enrichers
+require "mihari/enrichers/base"
 require "mihari/enrichers/ipinfo"
 
 # Models
@@ -154,9 +164,9 @@ require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"
 require "mihari/analyzers/spyse"
 require "mihari/analyzers/urlscan"
+require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"
 require "mihari/analyzers/zoomeye"
-
 require "mihari/analyzers/rule"
 
 # Notifiers

data/mihari.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler", "~> 2.2"
-  spec.add_development_dependency "coveralls_reborn", "~> 0.22"
+  spec.add_development_dependency "coveralls_reborn", "~> 0.23"
   spec.add_development_dependency "fakefs", "~> 1.3"
   spec.add_development_dependency "mysql2", "~> 0.5"
   spec.add_development_dependency "overcommit", "~> 0.58"
@@ -54,11 +54,12 @@ Gem::Specification.new do |spec|
   spec.add_dependency "cymbal", "~> 2.0"
   spec.add_dependency "dnpedia", "~> 0.1"
   spec.add_dependency "dnstwister", "~> 0.1"
-  spec.add_dependency "dry-configurable", "~> 0.12"
+  spec.add_dependency "dotenv", "~> 2.7"
+  spec.add_dependency "dry-configurable", "~> 0.13"
   spec.add_dependency "dry-files", "~> 0.1"
   spec.add_dependency "dry-initializer", "~> 3.0"
   spec.add_dependency "dry-struct", "~> 1.4"
-  spec.add_dependency "dry-validation", "~> 1.6"
+  spec.add_dependency "dry-validation", "~> 1.7"
   spec.add_dependency "email_address", "~> 0.2"
   spec.add_dependency "hachi", "~> 1.0"
   spec.add_dependency "http", "~> 5.0"
@@ -91,7 +92,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "thread_safe", "~> 0.3"
   spec.add_dependency "urlscan", "~> 0.7"
   spec.add_dependency "uuidtools", "~> 2.2"
-  spec.add_dependency "virustotalx", "~> 1.1"
+  spec.add_dependency "virustotalx", "~> 1.2"
   spec.add_dependency "whois", "~> 5.0"
   spec.add_dependency "whois-parser", "~> 1.2"
   spec.add_dependency "zoomeye-rb", "~> 0.2"

data/sig/lib/mihari/analyzers/rule.rbs

@@ -1,5 +1,7 @@
 module Mihari
   module Analyzers
+    ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
+
     class Rule < Base
       include Mihari::Mixins::DisallowedDataValue
 
@@ -14,8 +16,6 @@ module Mihari
 
       def initialize: (**untyped kwargs) -> void
 
-      ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
-
       #
       # Returns a list of artifacts matched with queries
       #

data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs

@@ -0,0 +1,32 @@
+module Mihari
+  module Analyzers
+    class VirusTotalIntelligence < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["virustotal_api_key"]
+
+      #
+      # VT API
+      #
+      # @return [::VirusTotal::API]
+      #
+      def api: () -> untyped
+
+      #
+      # Search with cursor
+      #
+      # @return [Array<Mihari::Structs::VirusTotalIntelligence::Response>]
+      #
+      def search_witgh_cursor: () -> Array[Mihari::Structs::VirusTotalIntelligence::Response]
+    end
+  end
+end

data/sig/lib/mihari/enrichers/base.rbs

@@ -0,0 +1,12 @@
+module Mihari
+  module Enrichers
+    class Base
+      include Mixins::Configurable
+
+      def self.inherited: (untyped child) -> untyped
+
+      # @return [Boolean]
+      def valid?: () -> bool
+    end
+  end
+end

data/sig/lib/mihari/enrichers/ipinfo.rbs

@@ -1,6 +1,8 @@
 module Mihari
   module Enrichers
     class IPInfo
+      def valid?: () -> bool
+
       #
       # Query IPInfo
       #

data/sig/lib/mihari/structs/ipinfo.rbs

@@ -6,7 +6,7 @@ module Mihari
         attr_reader hostname: String?
         attr_reader loc: String
         attr_reader country_code: String
-        attr_reader asn: String
+        attr_reader asn: Integer?
 
         def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::IPInfo::Response
 

data/sig/lib/mihari/structs/virustotal_intelligence.rbs

@@ -0,0 +1,33 @@
+module Mihari
+  module Structs
+    module VirusTotalIntelligence
+      class ContextAttributes
+        attr_reader url: Array[String]?
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::ContextAttributes
+      end
+
+      class Datum
+        attr_reader type: String
+        attr_reader context_attributes: Mihari::Structs::VirusTotalIntelligence::ContextAttributes?
+
+        def value: () -> String?
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Datum
+      end
+
+      class Meta
+        attr_reader cursor: String?
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Meta
+      end
+
+      class Response
+        attr_reader meta: Mihari::Structs::VirusTotalIntelligence::Meta
+        attr_reader data: Array[Mihari::Structs::VirusTotalIntelligence::Datum]
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Response
+      end
+    end
+  end
+end

data/sig/lib/mihari.rbs

@@ -42,6 +42,8 @@ module Mihari
 
   def self.analyzers: () -> ::Array[singleton(Mihari::Analyzers::Base)]
 
+  def self.enrichers: () -> ::Array[singleton(Mihari::Enrichers::Base)]
+
   #
   # Load configuration from YAML file
   #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 3.7.0
+  version: 3.8.1
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-03 00:00:00.000000000 Z
+date: 2021-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.22'
+        version: '0.23'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.22'
+        version: '0.23'
 - !ruby/object:Gem::Dependency
   name: fakefs
   requirement: !ruby/object:Gem::Requirement
@@ -402,20 +402,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: dry-configurable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.13'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.13'
 - !ruby/object:Gem::Dependency
   name: dry-files
   requirement: !ruby/object:Gem::Requirement
@@ -464,14 +478,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: email_address
   requirement: !ruby/object:Gem::Requirement
@@ -926,14 +940,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: whois
   requirement: !ruby/object:Gem::Requirement
@@ -1032,6 +1046,7 @@ files:
 - lib/mihari/analyzers/spyse.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb
+- lib/mihari/analyzers/virustotal_intelligence.rb
 - lib/mihari/analyzers/zoomeye.rb
 - lib/mihari/cli/analyzer.rb
 - lib/mihari/cli/base.rb
@@ -1058,6 +1073,7 @@ files:
 - lib/mihari/commands/urlscan.rb
 - lib/mihari/commands/validator.rb
 - lib/mihari/commands/virustotal.rb
+- lib/mihari/commands/virustotal_intelligence.rb
 - lib/mihari/commands/web.rb
 - lib/mihari/commands/zoomeye.rb
 - lib/mihari/constants.rb
@@ -1069,6 +1085,7 @@ files:
 - lib/mihari/emitters/stdout.rb
 - lib/mihari/emitters/the_hive.rb
 - lib/mihari/emitters/webhook.rb
+- lib/mihari/enrichers/base.rb
 - lib/mihari/enrichers/ipinfo.rb
 - lib/mihari/errors.rb
 - lib/mihari/mixins/autonomous_system.rb
@@ -1108,6 +1125,7 @@ files:
 - lib/mihari/structs/ipinfo.rb
 - lib/mihari/structs/onyphe.rb
 - lib/mihari/structs/shodan.rb
+- lib/mihari/structs/virustotal_intelligence.rb
 - lib/mihari/templates/rule.yml.erb
 - lib/mihari/type_checker.rb
 - lib/mihari/types.rb
@@ -1162,6 +1180,8 @@ files:
 - lib/mihari/web/public/static/js/app.365f1907.js.map
 - lib/mihari/web/public/static/js/app.8e3e5150.js
 - lib/mihari/web/public/static/js/app.8e3e5150.js.map
+- lib/mihari/web/public/static/js/app.a862ebca.js
+- lib/mihari/web/public/static/js/app.a862ebca.js.map
 - lib/mihari/web/public/static/js/app.ab213f7c.js
 - lib/mihari/web/public/static/js/app.ab213f7c.js.map
 - lib/mihari/web/public/static/js/app.b5914c39.js
@@ -1189,6 +1209,7 @@ files:
 - sig/lib/mihari/analyzers/spyse.rbs
 - sig/lib/mihari/analyzers/urlscan.rbs
 - sig/lib/mihari/analyzers/virustotal.rbs
+- sig/lib/mihari/analyzers/virustotal_intelligence.rbs
 - sig/lib/mihari/analyzers/zoomeye.rbs
 - sig/lib/mihari/cli/analyzer.rbs
 - sig/lib/mihari/cli/base.rbs
@@ -1226,6 +1247,7 @@ files:
 - sig/lib/mihari/emitters/stdout.rbs
 - sig/lib/mihari/emitters/the_hive.rbs
 - sig/lib/mihari/emitters/webhook.rbs
+- sig/lib/mihari/enrichers/base.rbs
 - sig/lib/mihari/enrichers/ipinfo.rbs
 - sig/lib/mihari/errors.rbs
 - sig/lib/mihari/mixins/autonomous_system.rbs
@@ -1253,6 +1275,7 @@ files:
 - sig/lib/mihari/structs/ipinfo.rbs
 - sig/lib/mihari/structs/onyphe.rbs
 - sig/lib/mihari/structs/shodan.rbs
+- sig/lib/mihari/structs/virustotal_intelligence.rbs
 - sig/lib/mihari/type_checker.rbs
 - sig/lib/mihari/types.rbs
 - sig/lib/mihari/version.rbs