RubyGems - mihari - Versions diffs - 4.3.0 → 4.4.0 - Mend

mihari 4.3.0 → 4.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

checksums.yaml +4 -4
data/lib/mihari/analyzers/binaryedge.rb +10 -1
data/lib/mihari/analyzers/censys.rb +26 -1
data/lib/mihari/analyzers/circl.rb +23 -1
data/lib/mihari/analyzers/greynoise.rb +10 -1
data/lib/mihari/analyzers/onyphe.rb +10 -1
data/lib/mihari/analyzers/otx.rb +8 -2
data/lib/mihari/analyzers/passivetotal.rb +25 -3
data/lib/mihari/analyzers/pulsedive.rb +7 -1
data/lib/mihari/analyzers/securitytrails.rb +7 -1
data/lib/mihari/analyzers/shodan.rb +10 -1
data/lib/mihari/analyzers/spyse.rb +10 -1
data/lib/mihari/analyzers/urlscan.rb +6 -1
data/lib/mihari/analyzers/virustotal.rb +7 -2
data/lib/mihari/analyzers/virustotal_intelligence.rb +6 -1
data/lib/mihari/analyzers/zoomeye.rb +16 -2
data/lib/mihari/cli/main.rb +2 -0
data/lib/mihari/commands/search.rb +14 -0
data/lib/mihari/commands/version.rb +18 -0
data/lib/mihari/database.rb +10 -2
data/lib/mihari/emitters/misp.rb +14 -8
data/lib/mihari/emitters/slack.rb +20 -28
data/lib/mihari/emitters/the_hive.rb +18 -6
data/lib/mihari/entities/rule.rb +1 -12
data/lib/mihari/errors.rb +2 -0
data/lib/mihari/mixins/configurable.rb +12 -1
data/lib/mihari/mixins/rule.rb +16 -19
data/lib/mihari/models/artifact.rb +7 -2
data/lib/mihari/models/rule.rb +12 -3
data/lib/mihari/schemas/analyzer.rb +89 -10
data/lib/mihari/schemas/emitter.rb +35 -0
data/lib/mihari/schemas/rule.rb +5 -62
data/lib/mihari/structs/rule.rb +33 -5
data/lib/mihari/types.rb +0 -25
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/endpoints/rules.rb +20 -3
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +11 -11
data/lib/mihari/web/public/static/css/app.de5845d8.css +1 -0
data/lib/mihari/web/public/static/css/chunk-vendors.da2a7bfc.css +7 -0
data/lib/mihari/web/public/static/js/app-legacy.f550d6ae.js +2 -0
data/lib/mihari/web/public/static/js/app-legacy.f550d6ae.js.map +1 -0
data/lib/mihari/web/public/static/js/app.40749592.js +2 -0
data/lib/mihari/web/public/static/js/app.40749592.js.map +1 -0
data/lib/mihari/web/public/static/js/chunk-vendors-legacy.d6b76c57.js +25 -0
data/lib/mihari/web/public/static/js/chunk-vendors-legacy.d6b76c57.js.map +1 -0
data/lib/mihari/web/public/static/js/chunk-vendors.3bdbaffb.js +31 -0
data/lib/mihari/web/public/static/js/chunk-vendors.3bdbaffb.js.map +1 -0
data/mihari.gemspec +2 -2
data/sig/lib/mihari/analyzers/binaryedge.rbs +2 -0
data/sig/lib/mihari/analyzers/censys.rbs +4 -0
data/sig/lib/mihari/analyzers/circl.rbs +5 -1
data/sig/lib/mihari/analyzers/onyphe.rbs +2 -0
data/sig/lib/mihari/analyzers/otx.rbs +3 -1
data/sig/lib/mihari/analyzers/passivetotal.rbs +5 -1
data/sig/lib/mihari/analyzers/pulsedive.rbs +3 -1
data/sig/lib/mihari/analyzers/securitytrails.rbs +3 -1
data/sig/lib/mihari/analyzers/shodan.rbs +2 -0
data/sig/lib/mihari/analyzers/spyse.rbs +3 -1
data/sig/lib/mihari/analyzers/urlscan.rbs +2 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +3 -1
data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs +2 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +3 -1
data/sig/lib/mihari/emitters/misp.rbs +6 -0
data/sig/lib/mihari/emitters/slack.rbs +8 -20
data/sig/lib/mihari/emitters/the_hive.rbs +4 -0
data/sig/lib/mihari/mixins/configurable.rbs +4 -0
data/sig/lib/mihari/mixins/rule.rbs +2 -0
data/sig/lib/mihari/models/rule.rbs +3 -0
data/sig/lib/mihari/structs/rule.rbs +5 -1
metadata +18 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc5b6ab7daa3030a0ef0778df2753247bde10b978be709102ecf1be60b672a9c
-  data.tar.gz: 1c1c283cf1e2989e9e94e0aa582567dd71b7900f5c5faa40a0ce3f1b327982a3
+  metadata.gz: 44f680c0a24d2b66c8f13c8abe14994138231a4099b975d94a917f105561329c
+  data.tar.gz: b9da29828c04ad6151bb748f17c3518875b90208f728e4f1be9e0f716acd5368
 SHA512:
-  metadata.gz: 918ee19022035b5f5e3db9a00318253803b1cc430b45676225af94861fe6dc6fe51343545d224e6094f09ad37dc003713fbbcb1777904b01205903e22d05bf23
-  data.tar.gz: c5ce99eb3d8e01b1b2a8ac51916afa172c1fecb55611a3b8aa76e686c72801beb11135ed1c8aed31e11b693b7467dbe513902f55e229c834bbfcb09460ba4202
+  metadata.gz: ddccc9e9b10822bc93bb595f837a327c6459c51799ad95483014173c7d911405fd7fcd869f435a7404af585ccfa21ddfcd1ae922a94096a850eda52c4886627b
+  data.tar.gz: 8962eb94f57de019a7dd1040132d315482dbf3668a36ae4f61da46f31994c3bac0df47142fdbe998b80603cdcce86de0c7bb276eb2335e48d25820eebc94dee8

data/lib/mihari/analyzers/binaryedge.rb CHANGED Viewed

@@ -9,6 +9,15 @@ module Mihari
       option :interval, default: proc { 0 }
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_key = kwargs[:api_key] || Mihari.config.binaryedge_api_key
+      end
       def artifacts
         results = search
         return [] unless results || results.empty?
@@ -67,7 +76,7 @@ module Mihari
       end
       def api
-        @api ||= ::BinaryEdge::API.new(Mihari.config.binaryedge_api_key)
+        @api ||= ::BinaryEdge::API.new(api_key)
       end
     end
   end

data/lib/mihari/analyzers/censys.rb CHANGED Viewed

@@ -9,10 +9,27 @@ module Mihari
       option :interval, default: proc { 0 }
+      # @return [String, nil]
+      attr_reader :id
+      # @return [String, nil]
+      attr_reader :secret
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @id = kwargs[:id] || Mihari.config.censys_id
+        @secret = kwargs[:secret] || Mihari.config.censys_secret
+      end
       def artifacts
         search
       end
+      def configured?
+        configuration_keys.all? { |key| Mihari.config.send(key) } || (id? && secret?)
+      end
       private
       #
@@ -85,7 +102,15 @@ module Mihari
       end
       def api
-        @api ||= ::Censys::API.new(Mihari.config.censys_id, Mihari.config.censys_secret)
+        @api ||= ::Censys::API.new(id, secret)
+      end
+      def id?
+        !id.nil?
+      end
+      def secret?
+        !secret.nil?
       end
     end
   end

data/lib/mihari/analyzers/circl.rb CHANGED Viewed

@@ -9,19 +9,33 @@ module Mihari
       param :query
+      # @return [String, nil]
       attr_reader :type
+      # @return [String, nil]
+      attr_reader :username
+      # @return [String, nil]
+      attr_reader :password
       def initialize(*args, **kwargs)
         super
         @query = refang(query)
         @type = TypeChecker.type(query)
+        @username = kwargs[:username] || Mihari.config.circl_passive_username
+        @password = kwargs[:password] || Mihari.config.circl_passive_password
       end
       def artifacts
         search || []
       end
+      def configured?
+        configuration_keys.all? { |key| Mihari.config.send(key) } || (username? && password?)
+      end
       private
       def configuration_keys
@@ -29,7 +43,7 @@ module Mihari
       end
       def api
-        @api ||= ::PassiveCIRCL::API.new(username: Mihari.config.circl_passive_username, password: Mihari.config.circl_passive_password)
+        @api ||= ::PassiveCIRCL::API.new(username: username, password: password)
       end
       #
@@ -71,6 +85,14 @@ module Mihari
         seen = result["seen"] || []
         seen.uniq
       end
+      def username?
+        !username.nil?
+      end
+      def password?
+        !password.nil?
+      end
     end
   end
 end

data/lib/mihari/analyzers/greynoise.rb CHANGED Viewed

@@ -7,6 +7,15 @@ module Mihari
     class GreyNoise < Base
       param :query
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_key = kwargs[:api_key] || Mihari.config.greynoise_api_key
+      end
       def artifacts
         res = Structs::GreyNoise::Response.from_dynamic!(search)
         res.data.map do |datum|
@@ -23,7 +32,7 @@ module Mihari
       end
       def api
-        @api ||= ::GreyNoise::API.new(key: Mihari.config.greynoise_api_key)
+        @api ||= ::GreyNoise::API.new(key: api_key)
       end
       #

data/lib/mihari/analyzers/onyphe.rb CHANGED Viewed

@@ -10,6 +10,15 @@ module Mihari
       option :interval, default: proc { 0 }
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_key = kwargs[:api_key] || Mihari.config.onyphe_api_key
+      end
       def artifacts
         responses = search
         return [] unless responses
@@ -29,7 +38,7 @@ module Mihari
       end
       def api
-        @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
+        @api ||= ::Onyphe::API.new(api_key)
       end
       #

data/lib/mihari/analyzers/otx.rb CHANGED Viewed

@@ -9,13 +9,19 @@ module Mihari
       param :query
+      # @return [String, nil]
       attr_reader :type
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
         super
         @query = refang(query)
         @type = TypeChecker.type(query)
+        @api_key = kwargs[:api_key] || Mihari.config.otx_api_key
       end
       def artifacts
@@ -29,11 +35,11 @@ module Mihari
       end
       def domain_client
-        @domain_client ||= ::OTX::Domain.new(Mihari.config.otx_api_key)
+        @domain_client ||= ::OTX::Domain.new(api_key)
       end
       def ip_client
-        @ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
+        @ip_client ||= ::OTX::IP.new(api_key)
       end
       #

data/lib/mihari/analyzers/passivetotal.rb CHANGED Viewed

@@ -9,19 +9,33 @@ module Mihari
       param :query
+      # @return [String, nil]
       attr_reader :type
+      # @return [String, nil]
+      attr_reader :username
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
-        super
+        super(*args, **kwargs)
         @query = refang(query)
         @type = TypeChecker.type(query)
+        @username = kwargs[:username] || Mihari.config.passivetotal_username
+        @api_key = kwargs[:api_key] || Mihari.config.passivetotal_api_key
       end
       def artifacts
         search || []
       end
+      def configured?
+        configuration_keys.all? { |key| Mihari.config.send(key) } || (username? && api_key?)
+      end
       private
       def configuration_keys
@@ -29,7 +43,7 @@ module Mihari
       end
       def api
-        @api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key)
+        @api ||= ::PassiveTotal::API.new(username: username, api_key: api_key)
       end
       #
@@ -93,9 +107,17 @@ module Mihari
         results = res["results"] || []
         results.map do |result|
           data = result["ipAddresses"]
-          Artifact.new(data: data, source: source, metadata: result)
+          data.map { |d| Artifact.new(data: d, source: source, metadata: result) }
         end.flatten
       end
+      def username?
+        !username.nil?
+      end
+      def api_key?
+        !api_key.nil?
+      end
     end
   end
 end

data/lib/mihari/analyzers/pulsedive.rb CHANGED Viewed

@@ -9,13 +9,19 @@ module Mihari
       param :query
+      # @return [String, nil]
       attr_reader :type
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
         super
         @query = refang(query)
         @type = TypeChecker.type(query)
+        @api_key = kwargs[:api_key] || Mihari.config.pulsedive_api_key
       end
       def artifacts
@@ -29,7 +35,7 @@ module Mihari
       end
       def api
-        @api ||= ::Pulsedive::API.new(Mihari.config.pulsedive_api_key)
+        @api ||= ::Pulsedive::API.new(api_key)
       end
       #

data/lib/mihari/analyzers/securitytrails.rb CHANGED Viewed

@@ -9,13 +9,19 @@ module Mihari
       param :query
+      # @return [String, nil]
       attr_reader :type
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
         super
         @query = refang(query)
         @type = TypeChecker.type(query)
+        @api_key = kwargs[:api_key] || Mihari.config.securitytrails_api_key
       end
       def artifacts
@@ -29,7 +35,7 @@ module Mihari
       end
       def api
-        @api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key)
+        @api ||= ::SecurityTrails::API.new(api_key)
       end
       #

data/lib/mihari/analyzers/shodan.rb CHANGED Viewed

@@ -9,6 +9,15 @@ module Mihari
       option :interval, default: proc { 0 }
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_key = kwargs[:api_key] || Mihari.config.shodan_api_key
+      end
       def artifacts
         results = search
         return [] unless results || results.empty?
@@ -29,7 +38,7 @@ module Mihari
       end
       def api
-        @api ||= ::Shodan::API.new(key: Mihari.config.shodan_api_key)
+        @api ||= ::Shodan::API.new(key: api_key)
       end
       #

data/lib/mihari/analyzers/spyse.rb CHANGED Viewed

@@ -9,6 +9,15 @@ module Mihari
       option :type, default: proc { "domain" }
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_key = kwargs[:api_key] || Mihari.config.spyse_api_key
+      end
       def artifacts
         search || []
       end
@@ -24,7 +33,7 @@ module Mihari
       end
       def api
-        @api ||= ::Spyse::API.new(Mihari.config.spyse_api_key)
+        @api ||= ::Spyse::API.new(api_key)
       end
       #

data/lib/mihari/analyzers/urlscan.rb CHANGED Viewed

@@ -14,10 +14,15 @@ module Mihari
       SUPPORTED_DATA_TYPES = %w[url domain ip].freeze
       SIZE = 1000
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
         super
         raise InvalidInputError, "allowed_data_types should be any of url, domain and ip." unless valid_alllowed_data_types?
+        @api_key = kwargs[:api_key] || Mihari.config.urlscan_api_key
       end
       def artifacts
@@ -40,7 +45,7 @@ module Mihari
       end
       def api
-        @api ||= ::UrlScan::API.new(Mihari.config.urlscan_api_key)
+        @api ||= ::UrlScan::API.new(api_key)
       end
       #

data/lib/mihari/analyzers/virustotal.rb CHANGED Viewed

@@ -11,11 +11,16 @@ module Mihari
       attr_reader :type
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
-        super
+        super(*args, **kwargs)
         @query = refang(query)
         @type = TypeChecker.type(query)
+        @api_key = kwargs[:api_key] || Mihari.config.virustotal_api_key
       end
       def artifacts
@@ -29,7 +34,7 @@ module Mihari
       end
       def api
-        @api = ::VirusTotal::API.new(key: Mihari.config.virustotal_api_key)
+        @api = ::VirusTotal::API.new(key: api_key)
       end
       #

data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED Viewed

@@ -9,10 +9,15 @@ module Mihari
       option :interval, default: proc { 0 }
+      # @return [String, nil]
+      attr_reader :api_key
       def initialize(*args, **kwargs)
         super
         @query = query
+        @api_key = kwargs[:api_key] || Mihari.config.virustotal_api_key
       end
       def artifacts
@@ -36,7 +41,7 @@ module Mihari
       # @return [::VirusTotal::API]
       #
       def api
-        @api = ::VirusTotal::API.new(key: Mihari.config.virustotal_api_key)
+        @api = ::VirusTotal::API.new(key: api_key)
       end
       #

data/lib/mihari/analyzers/zoomeye.rb CHANGED Viewed

@@ -11,6 +11,15 @@ module Mihari
       option :interval, default: proc { 0 }
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_key = kwargs[:api_key] || Mihari.config.zoomeye_api_key
+      end
       def artifacts
         case type
         when "host"
@@ -40,7 +49,7 @@ module Mihari
       end
       def api
-        @api ||= ::ZoomEye::API.new(api_key: Mihari.config.zoomeye_api_key)
+        @api ||= ::ZoomEye::API.new(api_key: api_key)
       end
       #
@@ -55,7 +64,12 @@ module Mihari
           matches = res["matches"] || []
           matches.map do |match|
             data = match["ip"]
-            Artifact.new(data: data, source: source, metadata: match)
+            if data.is_a?(Array)
+              data.map { |d| Artifact.new(data: d, source: source, metadata: match) }
+            else
+              Artifact.new(data: data, source: source, metadata: match)
+            end
           end
         end.flatten.compact.uniq
       end

data/lib/mihari/cli/main.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require "thor"
 # Commands
 require "mihari/commands/search"
+require "mihari/commands/version"
 require "mihari/commands/web"
 # CLIs
@@ -16,6 +17,7 @@ module Mihari
   module CLI
     class Main < Base
       include Mihari::Commands::Search
+      include Mihari::Commands::Version
       include Mihari::Commands::Web
       desc "init", "Sub commands to initialize a rule"

data/lib/mihari/commands/search.rb CHANGED Viewed

@@ -10,6 +10,7 @@ module Mihari
       def self.included(thor)
         thor.class_eval do
           desc "search [RULE]", "Search by a rule"
+          method_option :yes, type: :boolean, aliases: "-y", desc: "yes to overwrite the rule in the database"
           def search_by_rule(path_or_id)
             rule = load_rule(path_or_id)
@@ -20,6 +21,19 @@ module Mihari
               raise e
             end
+            # check update
+            id = rule.id
+            yes = options["yes"] || false
+            unless yes
+              with_db_connection do
+                rule_ = Mihari::Rule.find(id)
+                next if rule.yaml == rule_.yaml
+                return unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+              rescue ActiveRecord::RecordNotFound
+                next
+              end
+            end
             analyzer = rule.to_analyzer
             with_error_notification do

data/lib/mihari/commands/version.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Mihari
+  module Commands
+    module Version
+      def self.included(thor)
+        thor.class_eval do
+          map %w[--version -v] => :__print_version
+          desc "--version, -v", "Print the version"
+          def __print_version
+            puts Mihari::VERSION
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/database.rb CHANGED Viewed

@@ -112,6 +112,12 @@ class AddeMetadataToArtifactSchema < ActiveRecord::Migration[7.0]
   end
 end
+class AddYAMLToRulesSchema < ActiveRecord::Migration[7.0]
+  def change
+    add_column :rules, :yaml, :text, if_not_exists: true
+  end
+end
 def adapter
   return "postgresql" if Mihari.config.database.start_with?("postgresql://", "postgres://")
   return "mysql2" if Mihari.config.database.start_with?("mysql2://")
@@ -137,9 +143,11 @@ module Mihari
           AddeSourceToArtifactSchema,
           EnrichmentsSchema,
           EnrichmentCreatedAtSchema,
-          # v4
+          # v4.0
           RuleSchema,
-          AddeMetadataToArtifactSchema
+          AddeMetadataToArtifactSchema,
+          # v4.4
+          AddYAMLToRulesSchema
         ].each { |schema| schema.migrate direction }
       end
       memoize :migrate unless test_env?

data/lib/mihari/emitters/misp.rb CHANGED Viewed

@@ -5,12 +5,21 @@ require "misp"
 module Mihari
   module Emitters
     class MISP < Base
-      def initialize
-        super()
+      # @return [String, nil]
+      attr_reader :api_endpoint
+      # @return [String, nil]
+      attr_reader :api_key
+      def initialize(*args, **kwargs)
+        super(*args, **kwargs)
+        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.misp_api_endpoint
+        @api_key = kwargs[:api_key] || Mihari.config.misp_api_key
         ::MISP.configure do |config|
-          config.api_endpoint = Mihari.config.misp_api_endpoint
-          config.api_key = Mihari.config.misp_api_key
+          config.api_endpoint = api_endpoint
+          config.api_key = api_key
         end
       end
@@ -99,7 +108,6 @@ module Mihari
       # @return [Boolean]
       #
       def api_endpoint?
-        api_endpoint = ::MISP.configuration.api_endpoint
         !api_endpoint.nil? && !api_endpoint.empty?
       end
@@ -109,7 +117,6 @@ module Mihari
       # @return [Boolean]
       #
       def api_key?
-        api_key = ::MISP.configuration.api_key
         !api_key.nil? && !api_key.empty?
       end
@@ -119,8 +126,7 @@ module Mihari
       # @return [Boolean]
       #
       def ping?
-        base_url = ::MISP.configuration.api_endpoint
-        base_url = base_url.end_with?("/") ? base_url[0..-2] : base_url
+        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
         url = "#{base_url}/users/login"
         http = Net::Ping::HTTP.new(url)