mihari 3.9.1 → 3.11.0

data/lib/mihari.rb

@@ -37,6 +37,8 @@ module Mihari
   setting :censys_secret, default: ENV["CENSYS_SECRET"]
   setting :circl_passive_password, default: ENV["CIRCL_PASSIVE_PASSWORD"]
   setting :circl_passive_username, default: ENV["CIRCL_PASSIVE_USERNAME"]
+  setting :database, default: ENV["DATABASE"] || "mihari.db"
+  setting :greynoise_api_key, default: ENV["GREYNOISE_API_KEY"]
   setting :ipinfo_api_key, default: ENV["IPINFO_API_KEY"]
   setting :misp_api_endpoint, default: ENV["MISP_API_ENDPOINT"]
   setting :misp_api_key, default: ENV["MISP_API_KEY"]
@@ -54,10 +56,9 @@ module Mihari
   setting :thehive_api_key, default: ENV["THEHIVE_API_KEY"]
   setting :urlscan_api_key, default: ENV["URLSCAN_API_KEY"]
   setting :virustotal_api_key, default: ENV["VIRUSTOTAL_API_KEY"]
-  setting :zoomeye_api_key, default: ENV["ZOOMEYE_API_KEY"]
   setting :webhook_url, default: ENV["WEBHOOK_URL"]
   setting :webhook_use_json_body, constructor: ->(value = ENV["WEBHOOK_USE_JSON_BODY"]) { truthy?(value) }
-  setting :database, default: ENV["DATABASE"] || "mihari.db"
+  setting :zoomeye_api_key, default: ENV["ZOOMEYE_API_KEY"]
 
   class << self
     include Mem
@@ -112,9 +113,11 @@ require "mihari/types"
 # Structs
 require "mihari/structs/alert"
 require "mihari/structs/censys"
+require "mihari/structs/greynoise"
 require "mihari/structs/ipinfo"
 require "mihari/structs/onyphe"
 require "mihari/structs/shodan"
+require "mihari/structs/urlscan"
 require "mihari/structs/virustotal_intelligence"
 
 # Schemas
@@ -147,6 +150,7 @@ require "mihari/analyzers/circl"
 require "mihari/analyzers/crtsh"
 require "mihari/analyzers/dnpedia"
 require "mihari/analyzers/dnstwister"
+require "mihari/analyzers/greynoise"
 require "mihari/analyzers/onyphe"
 require "mihari/analyzers/otx"
 require "mihari/analyzers/passivetotal"

data/mihari.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 2.2"
   spec.add_development_dependency "coveralls_reborn", "~> 0.23"
-  spec.add_development_dependency "fakefs", "~> 1.3"
+  spec.add_development_dependency "fakefs", "~> 1.4"
   spec.add_development_dependency "mysql2", "~> 0.5"
   spec.add_development_dependency "overcommit", "~> 0.58"
   spec.add_development_dependency "pg", "~> 1.2"
@@ -36,8 +36,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rb-fsevent", "~> 0.11"
   spec.add_development_dependency "rerun", "~> 0.13"
   spec.add_development_dependency "rspec", "~> 3.10"
-  spec.add_development_dependency "standard", "~> 1.3"
-  spec.add_development_dependency "steep", "~> 0.46"
+  spec.add_development_dependency "standard", "~> 1.5"
+  spec.add_development_dependency "steep", "~> 0.47"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.0"
   spec.add_development_dependency "webmock", "~> 3.14"
@@ -55,15 +55,17 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dnstwister", "~> 0.1"
   spec.add_dependency "dotenv", "~> 2.7"
   spec.add_dependency "dry-configurable", "~> 0.13"
+  spec.add_dependency "dry-container", "~> 0.9"
   spec.add_dependency "dry-files", "~> 0.1"
   spec.add_dependency "dry-initializer", "~> 3.0"
   spec.add_dependency "dry-struct", "~> 1.4"
   spec.add_dependency "dry-validation", "~> 1.7"
   spec.add_dependency "email_address", "~> 0.2"
-  spec.add_dependency "grape", "~> 1.5"
+  spec.add_dependency "grape", "~> 1.6"
   spec.add_dependency "grape-entity", "~> 0.10"
   spec.add_dependency "grape-swagger", "~> 1.4"
   spec.add_dependency "grape-swagger-entity", "~> 0.5"
+  spec.add_dependency "greynoise", "~> 0.1"
   spec.add_dependency "hachi", "~> 1.0"
   spec.add_dependency "http", "~> 5.0"
   spec.add_dependency "launchy", "~> 2.5"
@@ -92,7 +94,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "sqlite3", "~> 1.4"
   spec.add_dependency "thor", "~> 1.1"
   spec.add_dependency "thread_safe", "~> 0.3"
-  spec.add_dependency "urlscan", "~> 0.7"
+  spec.add_dependency "urlscan", "~> 0.8"
   spec.add_dependency "uuidtools", "~> 2.2"
   spec.add_dependency "virustotalx", "~> 1.2"
   spec.add_dependency "whois", "~> 5.0"

data/sig/lib/mihari/analyzers/binaryedge.rbs

@@ -7,6 +7,8 @@ module Mihari
       attr_reader description: String
       attr_reader tags: Array[String]
 
+      attr_reader interval: ::Integer
+
       def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
 
       private

data/sig/lib/mihari/analyzers/censys.rbs

@@ -6,6 +6,8 @@ module Mihari
       attr_reader description: String
       attr_reader tags: Array[String]
 
+      attr_reader interval: ::Integer
+
       def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
 
       private

data/sig/lib/mihari/analyzers/onyphe.rbs

@@ -6,6 +6,8 @@ module Mihari
       attr_reader description: String
       attr_reader tags: Array[String]
 
+      attr_reader interval: ::Integer
+
       def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
 
       private

data/sig/lib/mihari/analyzers/shodan.rbs

@@ -6,6 +6,8 @@ module Mihari
       attr_reader description: String
       attr_reader tags: Array[String]
 
+      attr_reader interval: ::Integer
+
       def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
 
       private

data/sig/lib/mihari/analyzers/urlscan.rbs

@@ -8,7 +8,8 @@ module Mihari
       attr_reader description: String
       attr_reader tags: Array[String]
       attr_reader allowed_data_types: Array[String]
-      attr_reader use_similarity: bool
+
+      attr_reader interval: ::Integer
 
       def initialize: (*untyped args, **untyped kwargs) -> void
 
@@ -20,7 +21,9 @@ module Mihari
 
       def api: () -> untyped
 
-      def search: () -> Array[Hash[(String | Symbol), untyped]]
+      def search_with_search_after: (search_after: String?) -> Array[Hash[(String | Symbol), untyped]]
+
+      def search: () -> Array[Mihari::Structs::Urlscan::Response]
 
       def valid_alllowed_data_types?: () -> bool
     end

data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs

@@ -6,6 +6,8 @@ module Mihari
       attr_reader description: String
       attr_reader tags: Array[String]
 
+      attr_reader interval: ::Integer
+
       def initialize: (*untyped args, **untyped kwargs) -> void
 
       def artifacts: () -> (Array[String] | Array[Mihari::Artifact])

data/sig/lib/mihari/analyzers/zoomeye.rbs

@@ -7,6 +7,8 @@ module Mihari
       attr_reader tags: Array[String]
       attr_reader type: String
 
+      attr_reader interval: ::Integer
+
       def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
 
       private

data/sig/lib/mihari/structs/greynoise.rbs

@@ -0,0 +1,30 @@
+module Mihari
+  module Structs
+    module GreyNoise
+      class Metadata < Dry::Struct
+        attr_reader country: String
+        attr_reader country_code: String
+        attr_reader asn: String
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) ->  Mihari::Structs::GreyNoise::Metadata
+      end
+
+      class Datum < Dry::Struct
+        attr_reader ip: String
+        attr_reader metadata: Mihari::Structs::GreyNoise::Metadata
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::GreyNoise::Datum
+      end
+
+      class Response < Dry::Struct
+        attr_reader complete: Boolean
+        attr_reader count: Integer
+        attr_reader data: Array[Mihari::Structs::GreyNoise::Danum]
+        attr_reader message: String
+        attr_reader query: String
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::GreyNoise::Response
+      end
+    end
+  end
+end

data/sig/lib/mihari/structs/shodan.rbs

@@ -2,14 +2,14 @@ module Mihari
   module Structs
     module Shodan
       class Location
-        attr_reader country_code: String
-        attr_reader country_name: String
+        attr_reader country_code: String?
+        attr_reader country_name: String?
 
         def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Shodan::Location
       end
 
       class Match
-        attr_reader asn: String
+        attr_reader asn: String?
         attr_reader hostnames: Array[String]
         attr_reader location: Mihari::Structs::Shodan::Location
         attr_reader domains: Array[String]

data/sig/lib/mihari/structs/urlscan.rbs

@@ -0,0 +1,28 @@
+module Mihari
+  module Structs
+    module Urlscan
+      class Page < Dry::Struct
+        attr_reader domain: String?
+        attr_reader ip: String?
+        attr_reader url: String
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Urlscan::Page
+      end
+
+      class Result < Dry::Struct
+        attr_reader page: Mihari::Structs::Urlscan::Page
+        attr_reader id: String
+        attr_reader sort: Array[Integer | String]
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Urlscan::Result
+      end
+
+      class Response < Dry::Struct
+        attr_reader results: Array[Mihari::Structs::Urlscan::Result]
+        attr_reader has_more: Boolean
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::Urlscan::Response
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 3.9.1
+  version: 3.11.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-28 00:00:00.000000000 Z
+date: 2021-12-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: mysql2
   requirement: !ruby/object:Gem::Requirement
@@ -170,28 +170,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: steep
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.46'
+        version: '0.47'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.46'
+        version: '0.47'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -416,6 +416,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: dry-container
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
 - !ruby/object:Gem::Dependency
   name: dry-files
   requirement: !ruby/object:Gem::Requirement
@@ -492,14 +506,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: grape-entity
   requirement: !ruby/object:Gem::Requirement
@@ -542,6 +556,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: greynoise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: hachi
   requirement: !ruby/object:Gem::Requirement
@@ -940,14 +968,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: uuidtools
   requirement: !ruby/object:Gem::Requirement
@@ -1064,6 +1092,7 @@ files:
 - lib/mihari/analyzers/crtsh.rb
 - lib/mihari/analyzers/dnpedia.rb
 - lib/mihari/analyzers/dnstwister.rb
+- lib/mihari/analyzers/greynoise.rb
 - lib/mihari/analyzers/onyphe.rb
 - lib/mihari/analyzers/otx.rb
 - lib/mihari/analyzers/passivetotal.rb
@@ -1088,6 +1117,7 @@ files:
 - lib/mihari/commands/crtsh.rb
 - lib/mihari/commands/dnpedia.rb
 - lib/mihari/commands/dnstwister.rb
+- lib/mihari/commands/greynoise.rb
 - lib/mihari/commands/init.rb
 - lib/mihari/commands/json.rb
 - lib/mihari/commands/onyphe.rb
@@ -1143,9 +1173,11 @@ files:
 - lib/mihari/status.rb
 - lib/mihari/structs/alert.rb
 - lib/mihari/structs/censys.rb
+- lib/mihari/structs/greynoise.rb
 - lib/mihari/structs/ipinfo.rb
 - lib/mihari/structs/onyphe.rb
 - lib/mihari/structs/shodan.rb
+- lib/mihari/structs/urlscan.rb
 - lib/mihari/structs/virustotal_intelligence.rb
 - lib/mihari/templates/rule.yml.erb
 - lib/mihari/type_checker.rb
@@ -1209,6 +1241,10 @@ files:
 - lib/mihari/web/public/static/img/fa-solid-900.37bc7099.svg
 - lib/mihari/web/public/static/js/app.06d5cf1c.js
 - lib/mihari/web/public/static/js/app.06d5cf1c.js.map
+- lib/mihari/web/public/static/js/app.0a0cc502.js
+- lib/mihari/web/public/static/js/app.0a0cc502.js.map
+- lib/mihari/web/public/static/js/app.14008741.js
+- lib/mihari/web/public/static/js/app.14008741.js.map
 - lib/mihari/web/public/static/js/app.365f1907.js
 - lib/mihari/web/public/static/js/app.365f1907.js.map
 - lib/mihari/web/public/static/js/app.378da3dc.js
@@ -1225,6 +1261,8 @@ files:
 - lib/mihari/web/public/static/js/app.b5914c39.js.map
 - lib/mihari/web/public/static/js/app.cccddb2b.js
 - lib/mihari/web/public/static/js/app.cccddb2b.js.map
+- lib/mihari/web/public/static/js/app.fbc19869.js
+- lib/mihari/web/public/static/js/app.fbc19869.js.map
 - mihari.gemspec
 - renovate.json
 - sig/lib/mihari.rbs
@@ -1310,9 +1348,11 @@ files:
 - sig/lib/mihari/status.rbs
 - sig/lib/mihari/structs/alert.rbs
 - sig/lib/mihari/structs/censys.rbs
+- sig/lib/mihari/structs/greynoise.rbs
 - sig/lib/mihari/structs/ipinfo.rbs
 - sig/lib/mihari/structs/onyphe.rbs
 - sig/lib/mihari/structs/shodan.rbs
+- sig/lib/mihari/structs/urlscan.rbs
 - sig/lib/mihari/structs/virustotal_intelligence.rbs
 - sig/lib/mihari/type_checker.rbs
 - sig/lib/mihari/types.rbs