mihari 4.7.0 → 4.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/mihari/analyzers/clients/otx.rb +36 -0
- data/lib/mihari/analyzers/otx.rb +19 -11
- data/lib/mihari/structs/rule.rb +6 -1
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/rules.rb +1 -2
- data/mihari.gemspec +1 -2
- metadata +5 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 38f68ec091b2469095f321f104c1e238599c56afa7f55763920cfeef0df03ca0
|
|
4
|
+
data.tar.gz: 625bbd99f92e4af768b76db15ab72cd53dba6a04150acc3ddfe7feb7d1a82bf7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fe847e37658ede26d1910e8c73ee1726e2b32335571e03c97c891b2d799380397ed1d32de7e4ed31ae57c861b4a6aa74433454d4871e38e2137100ce342894a1
|
|
7
|
+
data.tar.gz: 688c3adcf6ebb754d02b0fecde033602b47fe23ae11fffaff329ce53b93c268ab274319fdb630c819163856ce9708f2658bfe6fe7790e54ab1488e8d2af90245
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Analyzers
|
|
5
|
+
module Clients
|
|
6
|
+
class OTX
|
|
7
|
+
attr_reader :api_key
|
|
8
|
+
|
|
9
|
+
def initialize(api_key)
|
|
10
|
+
@api_key = api_key
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def query_by_ip(ip)
|
|
14
|
+
get "https://otx.alienvault.com/api/v1/indicators/IPv4/#{ip}/passive_dns"
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def query_by_domain(domain)
|
|
18
|
+
get "https://otx.alienvault.com/api/v1/indicators/domain/#{domain}/passive_dns"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
private
|
|
22
|
+
|
|
23
|
+
def headers
|
|
24
|
+
{ "x-otx-api-key": api_key }
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def get(url)
|
|
28
|
+
res = HTTP.get(url, headers: headers)
|
|
29
|
+
JSON.parse(res.body.to_s)
|
|
30
|
+
rescue HTTPError
|
|
31
|
+
nil
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
data/lib/mihari/analyzers/otx.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "
|
|
3
|
+
require "mihari/analyzers/clients/otx"
|
|
4
4
|
|
|
5
5
|
module Mihari
|
|
6
6
|
module Analyzers
|
|
@@ -34,12 +34,8 @@ module Mihari
|
|
|
34
34
|
%w[otx_api_key]
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
def
|
|
38
|
-
@
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
def ip_client
|
|
42
|
-
@ip_client ||= ::OTX::IP.new(api_key)
|
|
37
|
+
def client
|
|
38
|
+
@client ||= Mihari::Analyzers::Clients::OTX.new(api_key)
|
|
43
39
|
end
|
|
44
40
|
|
|
45
41
|
#
|
|
@@ -73,9 +69,15 @@ module Mihari
|
|
|
73
69
|
# @return [Array<String>]
|
|
74
70
|
#
|
|
75
71
|
def domain_search
|
|
76
|
-
|
|
72
|
+
res = client.query_by_domain(query)
|
|
73
|
+
return [] if res.nil?
|
|
74
|
+
|
|
75
|
+
records = res["passive_dns"] || []
|
|
77
76
|
records.filter_map do |record|
|
|
78
|
-
|
|
77
|
+
record_type = record["record_type"]
|
|
78
|
+
address = record["address"]
|
|
79
|
+
|
|
80
|
+
address if record_type == "A"
|
|
79
81
|
end.uniq
|
|
80
82
|
end
|
|
81
83
|
|
|
@@ -85,9 +87,15 @@ module Mihari
|
|
|
85
87
|
# @return [Array<String>]
|
|
86
88
|
#
|
|
87
89
|
def ip_search
|
|
88
|
-
|
|
90
|
+
res = client.query_by_ip(query)
|
|
91
|
+
return [] if res.nil?
|
|
92
|
+
|
|
93
|
+
records = res["passive_dns"] || []
|
|
89
94
|
records.filter_map do |record|
|
|
90
|
-
|
|
95
|
+
record_type = record["record_type"]
|
|
96
|
+
hostname = record["hostname"]
|
|
97
|
+
|
|
98
|
+
hostname if record_type == "A"
|
|
91
99
|
end.uniq
|
|
92
100
|
end
|
|
93
101
|
end
|
data/lib/mihari/structs/rule.rb
CHANGED
|
@@ -169,6 +169,7 @@ module Mihari
|
|
|
169
169
|
#
|
|
170
170
|
def from_model(model)
|
|
171
171
|
data = model.data.deep_symbolize_keys
|
|
172
|
+
# set ID if YAML data do not have ID
|
|
172
173
|
data[:id] = model.id unless data.key?(:id)
|
|
173
174
|
|
|
174
175
|
Structs::Rule::Rule.new(data, model.yaml)
|
|
@@ -178,9 +179,13 @@ module Mihari
|
|
|
178
179
|
# @param [String] yaml
|
|
179
180
|
#
|
|
180
181
|
# @return [Mihari::Structs::Rule::Rule]
|
|
182
|
+
# @param [String, nil] id
|
|
181
183
|
#
|
|
182
|
-
def from_yaml(yaml)
|
|
184
|
+
def from_yaml(yaml, id: nil)
|
|
183
185
|
data = load_erb_yaml(yaml)
|
|
186
|
+
# set ID if id is given & YAML data do not have ID
|
|
187
|
+
data[:id] = id if !id.nil? && !data.key?(:id)
|
|
188
|
+
|
|
184
189
|
Structs::Rule::Rule.new(data, yaml)
|
|
185
190
|
end
|
|
186
191
|
end
|
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
|
@@ -76,7 +76,6 @@ Gem::Specification.new do |spec|
|
|
|
76
76
|
spec.add_dependency "net-ping", "2.0.8"
|
|
77
77
|
spec.add_dependency "normalize_country", "0.3.2"
|
|
78
78
|
spec.add_dependency "onyphe", "2.0.0"
|
|
79
|
-
spec.add_dependency "otx_ruby", "0.9.9"
|
|
80
79
|
spec.add_dependency "parallel", "1.22.1"
|
|
81
80
|
spec.add_dependency "passive_circl", "0.1.0"
|
|
82
81
|
spec.add_dependency "passivetotalx", "0.1.1"
|
|
@@ -93,7 +92,7 @@ Gem::Specification.new do |spec|
|
|
|
93
92
|
spec.add_dependency "shodanx", "0.2.1"
|
|
94
93
|
spec.add_dependency "slack-notifier", "2.4.0"
|
|
95
94
|
spec.add_dependency "spysex", "0.2.0"
|
|
96
|
-
spec.add_dependency "sqlite3", "1.4.
|
|
95
|
+
spec.add_dependency "sqlite3", "1.4.4"
|
|
97
96
|
spec.add_dependency "thor", "1.2.1"
|
|
98
97
|
spec.add_dependency "urlscan", "0.8.0"
|
|
99
98
|
spec.add_dependency "uuidtools", "2.2.0"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.7.
|
|
4
|
+
version: 4.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-06-
|
|
11
|
+
date: 2022-06-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -682,20 +682,6 @@ dependencies:
|
|
|
682
682
|
- - '='
|
|
683
683
|
- !ruby/object:Gem::Version
|
|
684
684
|
version: 2.0.0
|
|
685
|
-
- !ruby/object:Gem::Dependency
|
|
686
|
-
name: otx_ruby
|
|
687
|
-
requirement: !ruby/object:Gem::Requirement
|
|
688
|
-
requirements:
|
|
689
|
-
- - '='
|
|
690
|
-
- !ruby/object:Gem::Version
|
|
691
|
-
version: 0.9.9
|
|
692
|
-
type: :runtime
|
|
693
|
-
prerelease: false
|
|
694
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
695
|
-
requirements:
|
|
696
|
-
- - '='
|
|
697
|
-
- !ruby/object:Gem::Version
|
|
698
|
-
version: 0.9.9
|
|
699
685
|
- !ruby/object:Gem::Dependency
|
|
700
686
|
name: parallel
|
|
701
687
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -926,14 +912,14 @@ dependencies:
|
|
|
926
912
|
requirements:
|
|
927
913
|
- - '='
|
|
928
914
|
- !ruby/object:Gem::Version
|
|
929
|
-
version: 1.4.
|
|
915
|
+
version: 1.4.4
|
|
930
916
|
type: :runtime
|
|
931
917
|
prerelease: false
|
|
932
918
|
version_requirements: !ruby/object:Gem::Requirement
|
|
933
919
|
requirements:
|
|
934
920
|
- - '='
|
|
935
921
|
- !ruby/object:Gem::Version
|
|
936
|
-
version: 1.4.
|
|
922
|
+
version: 1.4.4
|
|
937
923
|
- !ruby/object:Gem::Dependency
|
|
938
924
|
name: thor
|
|
939
925
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -1074,6 +1060,7 @@ files:
|
|
|
1074
1060
|
- lib/mihari/analyzers/binaryedge.rb
|
|
1075
1061
|
- lib/mihari/analyzers/censys.rb
|
|
1076
1062
|
- lib/mihari/analyzers/circl.rb
|
|
1063
|
+
- lib/mihari/analyzers/clients/otx.rb
|
|
1077
1064
|
- lib/mihari/analyzers/crtsh.rb
|
|
1078
1065
|
- lib/mihari/analyzers/dnpedia.rb
|
|
1079
1066
|
- lib/mihari/analyzers/dnstwister.rb
|