RubyGems - mihari - Versions diffs - 4.8.0 → 4.10.0 - Mend

mihari 4.8.0 → 4.10.0

Files changed (18) hide show

checksums.yaml +4 -4
data/README.md +0 -1
data/lib/mihari/analyzers/base.rb +14 -2
data/lib/mihari/analyzers/rule.rb +0 -1
data/lib/mihari/commands/search.rb +9 -3
data/lib/mihari/emitters/misp.rb +23 -12
data/lib/mihari/emitters/the_hive.rb +35 -17
data/lib/mihari/schemas/analyzer.rb +0 -7
data/lib/mihari/schemas/emitter.rb +2 -0
data/lib/mihari/schemas/rule.rb +4 -4
data/lib/mihari/version.rb +1 -1
data/lib/mihari.rb +4 -3
data/mihari.gemspec +9 -10
data/sig/lib/mihari/emitters/misp.rbs +3 -3
data/sig/lib/mihari/emitters/the_hive.rbs +3 -3
data/sig/lib/mihari.rbs +2 -2
metadata +20 -35
data/lib/mihari/analyzers/spyse.rb +0 -93

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e827da38142045be9b680636eb69b61d18e465b83f33d3a2a435c251041c7fc
-  data.tar.gz: 91d0c1fa7e50512c9a2bb8aceb914f69bec149c3fd7dc16f136a4b391a086e56
+  metadata.gz: 54ef0421cb5da34c8174fe0fdc3b43d310770dca779dd51fac284a678b86fc0a
+  data.tar.gz: 6b24c7b37c00f7ebed9ee0fcfbfb66b95d7d60ea7c7792a40be32607bdda07fe
 SHA512:
-  metadata.gz: c6c06c7d217091158d3fc354ccf3e0640494cfcd26b38cf5927d4d2a43f961ce8d2bf7d87bc965037554e745bf54b7dcf06e02b96d93962e6b0948bff11119d7
-  data.tar.gz: 5dd97d8c4a4d9ae9eac0e3823e8da97210de5dae87c448f48f6df565a12c99e7f0620d0477862762465aa77b0727912ccc935cd941e9a291a48a763fbf9ab8f3
+  metadata.gz: 941a6e47d53a2287d793fe28fab3e6e9295076ed39e50fcf8f55e6cdca102381ae425b3db603acdfea9b28e438a7f57627ed793be1efcb0093d83b17ac128535
+  data.tar.gz: 25055c04746f33620e0c762f1d79d6407d8a9156d47820c2129ed4b72e926e7cf2d3ea275ff546046bb5b9ce82fe069b222d56f5b69700eb44179f83d80c058c

data/README.md CHANGED Viewed

@@ -44,7 +44,6 @@ Mihari supports the following services by default.
 - [Pulsedive](https://pulsedive.com/)
 - [SecurityTrails](https://securitytrails.com/)
 - [Shodan](https://shodan.io)
-- [Spyse](https://spyse.com)
 - [urlscan.io](https://urlscan.io)
 - [VirusTotal](http://virustotal.com) & [VirusTotal Intelligence](https://www.virustotal.com/gui/intelligence-overview)
 - [ZoomEye](https://zoomeye.org)

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -72,10 +72,22 @@ module Mihari
       #
       # @param [Mihari::Emitters::Base] emitter
       #
-      # @return [nil]
+      # @return [Mihari::Alert, nil]
       #
       def run_emitter(emitter)
-        emitter.run(title: title, description: description, artifacts: enriched_artifacts, source: source, tags: tags)
+        return if enriched_artifacts.empty?
+        alert_or_something = emitter.run(
+          title: title,
+          description: description,
+          artifacts: enriched_artifacts,
+          source: source,
+          tags: tags
+        )
+        Mihari.logger.info "Emission by #{emitter.class} is succedded"
+        alert_or_something
       rescue StandardError => e
         Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}"
       end

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -18,7 +18,6 @@ module Mihari
       "pulsedive" => Pulsedive,
       "securitytrails" => SecurityTrails,
       "shodan" => Shodan,
-      "spyse" => Spyse,
       "st" => SecurityTrails,
       "urlscan" => Urlscan,
       "virustotal_intelligence" => VirusTotalIntelligence,

data/lib/mihari/commands/search.rb CHANGED Viewed

@@ -14,7 +14,11 @@ module Mihari
             rule = Structs::Rule.from_path_or_id path_or_id
             # validate
-            rule.validate!
+            begin
+              rule.validate!
+            rescue RuleValidationError
+              return
+            end
             # check update
             id = rule.id
@@ -23,7 +27,9 @@ module Mihari
               with_db_connection do
                 rule_ = Mihari::Rule.find(id)
                 next if rule.yaml == rule_.yaml
-                return unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+                unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+                  return
+                end
               rescue ActiveRecord::RecordNotFound
                 next
               end
@@ -38,7 +44,7 @@ module Mihari
                 data = Mihari::Entities::Alert.represent(alert)
                 puts JSON.pretty_generate(data.as_json)
               else
-                Mihari.logger.info "There is no new artifact"
+                Mihari.logger.info "No new alert created in the database"
               end
               # record a rule

data/lib/mihari/emitters/misp.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class MISP < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
       # @return [String, nil]
       attr_reader :api_key
@@ -14,18 +14,29 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.misp_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.misp_url
         @api_key = kwargs[:api_key] || Mihari.config.misp_api_key
         ::MISP.configure do |config|
-          config.api_endpoint = api_endpoint
+          config.api_endpoint = url
           config.api_key = api_key
         end
       end
       # @return [Boolean]
       def valid?
-        api_endpoint? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("MISP URL is not set") unless url?
+          Mihari.logger.info("MISP API key is not set") unless api_key?
+          return false
+        end
+        unless ping?
+          Mihari.logger.info("MISP URL (#{url}) is not reachable")
+          return false
+        end
+        true
       end
       def emit(title:, artifacts:, tags: [], **_options)
@@ -47,7 +58,7 @@ module Mihari
       private
       def configuration_keys
-        %w[misp_api_endpoint misp_api_key]
+        %w[misp_url misp_api_key]
       end
       #
@@ -103,12 +114,12 @@ module Mihari
       end
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpoint?
-        !api_endpoint.nil? && !api_endpoint.empty?
+      def url?
+        !url.nil? && !url.empty?
       end
       #
@@ -121,15 +132,15 @@ module Mihari
       end
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-        url = "#{base_url}/users/login"
+        base_url = url.end_with?("/") ? url[0..-2] : url
+        login_url = "#{base_url}/users/login"
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(login_url)
         http.ping?
       end
     end

data/lib/mihari/emitters/the_hive.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class TheHive < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
       # @return [String, nil]
       attr_reader :api_key
@@ -17,14 +17,25 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.thehive_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.thehive_url
         @api_key = kwargs[:api_key] || Mihari.config.thehive_api_key
         @api_version = kwargs[:api_version] || Mihari.config.thehive_api_version
       end
       # @return [Boolean]
       def valid?
-        api_endpont? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("TheHive URL is not set") unless url?
+          Mihari.logger.info("TheHive API key is not set") unless api_key?
+          return false
+        end
+        unless ping?
+          Mihari.logger.info("TheHive URL (#{url}) is not reachable")
+          return false
+        end
+        true
       end
       def emit(title:, description:, artifacts:, tags: [], **_options)
@@ -57,20 +68,20 @@ module Mihari
       private
       def configuration_keys
-        %w[thehive_api_endpoint thehive_api_key]
+        %w[thehive_url thehive_api_key]
       end
       def api
-        @api ||= Hachi::API.new(api_endpoint: api_endpoint, api_key: api_key, api_version: normalized_api_version)
+        @api ||= Hachi::API.new(api_endpoint: url, api_key: api_key, api_version: normalized_api_version)
       end
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpont?
-        !api_endpoint.nil?
+      def url?
+        !url.nil?
       end
       #
@@ -83,7 +94,10 @@ module Mihari
       end
       def payload(title:, description:, artifacts:, tags: [])
-        return v4_payload(title: title, description: description, artifacts: artifacts, tags: tags) if normalized_api_version.nil?
+        if normalized_api_version.nil?
+          return v4_payload(title: title, description: description, artifacts: artifacts,
+            tags: tags)
+        end
         v5_payload(title: title, description: description, artifacts: artifacts, tags: tags)
       end
@@ -92,7 +106,9 @@ module Mihari
         {
           title: title,
           description: description,
-          artifacts: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          artifacts: artifacts.map do |artifact|
+                       { data: artifact.data, data_type: artifact.data_type, message: description }
+                     end,
           tags: tags,
           type: "external",
           source: "mihari"
@@ -103,7 +119,9 @@ module Mihari
         {
           title: title,
           description: description,
-          observables: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          observables: artifacts.map do |artifact|
+                         { data: artifact.data, data_type: artifact.data_type, message: description }
+                       end,
           tags: tags,
           type: "external",
           source: "mihari",
@@ -112,23 +130,23 @@ module Mihari
       end
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
+        base_url = url.end_with?("/") ? url[0..-2] : url
         if normalized_api_version.nil?
           # for v4
-          base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-          url = "#{base_url}/index.html"
+          base_url = url.end_with?("/") ? url[0..-2] : url
+          public_url = "#{base_url}/index.html"
         else
           # for v5
-          url = "#{base_url}/api/v1/status/public"
+          public_url = "#{base_url}/api/v1/status/public"
         end
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(public_url)
         # use GET for v5
         http.get_request = true if normalized_api_version

data/lib/mihari/schemas/analyzer.rb CHANGED Viewed

@@ -58,13 +58,6 @@ module Mihari
       optional(:options).hash(AnalyzerOptions)
     end
-    Spyse = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("spyse"))
-      required(:query).value(:string)
-      required(:type).value(Types::String.enum("ip", "domain"))
-      optional(:options).hash(AnalyzerOptions)
-    end
     ZoomEye = Dry::Schema.Params do
       required(:analyzer).value(Types::String.enum("zoomeye"))
       required(:query).value(:string)

data/lib/mihari/schemas/emitter.rb CHANGED Viewed

@@ -9,12 +9,14 @@ module Mihari
     MISP = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("misp"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
     end
     TheHive = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("the_hive"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
       optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4")
     end

data/lib/mihari/schemas/rule.rb CHANGED Viewed

@@ -22,7 +22,9 @@ module Mihari
       optional(:created_on).value(:date)
       optional(:updated_on).value(:date)
-      required(:queries).value(:array).each { AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | Spyse | ZoomEye | Urlscan | Crtsh | Feed }
+      required(:queries).value(:array).each do
+        AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed
+      end
       optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
@@ -57,9 +59,7 @@ module Mihari
       rule(:disallowed_data_values) do
         value.each do |v|
-          unless valid_disallowed_data_value?(v)
-            key.failure("#{v} is not a valid format.")
-          end
+          key.failure("#{v} is not a valid format.") unless valid_disallowed_data_value?(v)
         end
       end
     end

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "4.8.0"
+  VERSION = "4.10.0"
 end

data/lib/mihari.rb CHANGED Viewed

@@ -84,7 +84,8 @@ module Mihari
   setting :ipinfo_api_key, default: ENV.fetch("IPINFO_API_KEY", nil)
-  setting :misp_api_endpoint, default: ENV.fetch("MISP_API_ENDPOINT", nil)
+  # TODO: deprecate MISP_API_ENDPOINT
+  setting :misp_url, default: ENV.fetch("MISP_URL", nil) || ENV.fetch("MISP_API_ENDPOINT", nil)
   setting :misp_api_key, default: ENV.fetch("MISP_API_KEY", nil)
   setting :onyphe_api_key, default: ENV.fetch("ONYPHE_API_KEY", nil)
@@ -105,7 +106,8 @@ module Mihari
   setting :spyse_api_key, default: ENV.fetch("SPYSE_API_KEY", nil)
-  setting :thehive_api_endpoint, default: ENV.fetch("THEHIVE_API_ENDPOINT", nil)
+  # TODO: deprecate THEHIVE_API_ENDPOINT
+  setting :thehive_url, default: ENV.fetch("THEHIVE_URL", nil) || ENV.fetch("THEHIVE_API_ENDPOINT", nil)
   setting :thehive_api_key, default: ENV.fetch("THEHIVE_API_KEY", nil)
   setting :thehive_api_version, default: ENV.fetch("THEHIVE_API_VERSION", nil)
@@ -235,7 +237,6 @@ require "mihari/analyzers/passivetotal"
 require "mihari/analyzers/pulsedive"
 require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"
-require "mihari/analyzers/spyse"
 require "mihari/analyzers/urlscan"
 require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"

data/mihari.gemspec CHANGED Viewed

@@ -40,12 +40,12 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.11"
   spec.add_development_dependency "simplecov-lcov", "~> 0.8.0"
   spec.add_development_dependency "standard", "~> 1.16"
-  spec.add_development_dependency "steep", "~> 1.1"
+  spec.add_development_dependency "steep", "~> 1.2"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.1"
   spec.add_development_dependency "webmock", "~> 3.18"
-  spec.add_dependency "activerecord", "7.0.3.1"
+  spec.add_dependency "activerecord", "7.0.4"
   spec.add_dependency "addressable", "2.8.1"
   spec.add_dependency "awrence", "2.0.1"
   spec.add_dependency "binaryedge", "0.1.0"
@@ -54,11 +54,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dnpedia", "0.1.0"
   spec.add_dependency "dnstwister", "0.1.0"
   spec.add_dependency "dotenv", "2.8.1"
-  spec.add_dependency "dry-configurable", "0.15.0"
-  spec.add_dependency "dry-container", "0.10.1"
-  spec.add_dependency "dry-files", "0.2.0"
+  spec.add_dependency "dry-configurable", "0.16.0"
+  spec.add_dependency "dry-container", "0.11.0"
+  spec.add_dependency "dry-files", "0.3.0"
   spec.add_dependency "dry-initializer", "3.1.1"
-  spec.add_dependency "dry-schema", "1.10.2"
+  spec.add_dependency "dry-schema", "1.10.6"
   spec.add_dependency "dry-struct", "1.4.0"
   spec.add_dependency "dry-validation", "1.8.1"
   spec.add_dependency "email_address", "0.2.4"
@@ -88,16 +88,15 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rack-cors", "1.1.1"
   spec.add_dependency "securitytrails", "1.0.0"
   spec.add_dependency "semantic_logger", "4.11.0"
-  spec.add_dependency "sentry-ruby", "5.4.2"
+  spec.add_dependency "sentry-ruby", "5.5.0"
   spec.add_dependency "shodanx", "0.2.1"
   spec.add_dependency "slack-notifier", "2.4.0"
-  spec.add_dependency "spysex", "0.2.0"
-  spec.add_dependency "sqlite3", "1.4.4"
+  spec.add_dependency "sqlite3", "1.5.0"
   spec.add_dependency "thor", "1.2.1"
   spec.add_dependency "urlscan", "0.8.0"
   spec.add_dependency "uuidtools", "2.2.0"
   spec.add_dependency "virustotalx", "1.2.0"
   spec.add_dependency "whois", "5.1.0"
-  spec.add_dependency "whois-parser", "1.2.0"
+  spec.add_dependency "whois-parser", "2.0.0"
   spec.add_dependency "zoomeye-rb", "0.2.0"
 end

data/sig/lib/mihari/emitters/misp.rbs CHANGED Viewed

@@ -2,7 +2,7 @@ module Mihari
   module Emitters
     class MISP < Base
-      attr_reader api_endpiont: String?
+      attr_reader url: String?
       attr_reader api_key: String?
@@ -16,7 +16,7 @@ module Mihari
       private
-      def configuration_keys: () -> ::Array["misp_api_endpoint" | "misp_api_key"]
+      def configuration_keys: () -> ::Array["misp_url" | "misp_api_key"]
       def build_attribute: (Mihari::Artifact artifact) -> untyped
@@ -24,7 +24,7 @@ module Mihari
       def to_misp_type: (type: String `type`, value: String value) -> String?
-      def api_endpoint?: () -> bool
+      def url?: () -> bool
       def api_key?: () -> bool

data/sig/lib/mihari/emitters/the_hive.rbs CHANGED Viewed

@@ -1,7 +1,7 @@
 module Mihari
   module Emitters
     class TheHive < Base
-      attr_reader api_endpiont: String?
+      attr_reader url: String?
       attr_reader api_key: String?
@@ -16,12 +16,12 @@ module Mihari
       private
-      def configuration_keys: () -> ::Array["thehive_api_endpoint" | "thehive_api_key"]
+      def configuration_keys: () -> ::Array["thehive_url" | "thehive_api_key"]
       def api: () -> untyped
       # @return [true, false]
-      def api_endpont?: () -> bool
+      def url?: () -> bool
       # @return [true, false]
       def api_key?: () -> bool

data/sig/lib/mihari.rbs CHANGED Viewed

@@ -5,7 +5,7 @@ class Configuration
   attr_accessor circl_passive_password (): String?
   attr_accessor circl_passive_username (): String?
   attr_accessor ipinfo_api_key (): String?
-  attr_accessor misp_api_endpoint (): String?
+  attr_accessor misp_url (): String?
   attr_accessor misp_api_key (): String?
   attr_accessor onyphe_api_key (): String?
   attr_accessor otx_api_key (): String?
@@ -17,7 +17,7 @@ class Configuration
   attr_accessor slack_channel (): String?
   attr_accessor slack_webhook_url (): String?
   attr_accessor spyse_api_key (): String?
-  attr_accessor thehive_api_endpoint (): String?
+  attr_accessor thehive_url (): String?
   attr_accessor thehive_api_key (): String?
   attr_accessor thehive_api_version (): String?
   attr_accessor urlscan_api_key (): String?

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.10.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-28 00:00:00.000000000 Z
+date: 2022-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -198,14 +198,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -254,14 +254,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -380,42 +380,42 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: 0.16.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: 0.16.0
 - !ruby/object:Gem::Dependency
   name: dry-container
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.10.1
+        version: 0.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.10.1
+        version: 0.11.0
 - !ruby/object:Gem::Dependency
   name: dry-files
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: dry-initializer
   requirement: !ruby/object:Gem::Requirement
@@ -436,14 +436,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: 1.10.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: 1.10.6
 - !ruby/object:Gem::Dependency
   name: dry-struct
   requirement: !ruby/object:Gem::Requirement
@@ -856,14 +856,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: 5.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: 5.5.0
 - !ruby/object:Gem::Dependency
   name: shodanx
   requirement: !ruby/object:Gem::Requirement
@@ -892,34 +892,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.4.0
-- !ruby/object:Gem::Dependency
-  name: spysex
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -996,14 +982,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: zoomeye-rb
   requirement: !ruby/object:Gem::Requirement
@@ -1074,7 +1060,6 @@ files:
 - lib/mihari/analyzers/rule.rb
 - lib/mihari/analyzers/securitytrails.rb
 - lib/mihari/analyzers/shodan.rb
-- lib/mihari/analyzers/spyse.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb
 - lib/mihari/analyzers/virustotal_intelligence.rb

data/lib/mihari/analyzers/spyse.rb DELETED Viewed

@@ -1,93 +0,0 @@
-# frozen_string_literal: true
-require "spyse"
-module Mihari
-  module Analyzers
-    class Spyse < Base
-      param :query
-      option :type, default: proc { "domain" }
-      # @return [String, nil]
-      attr_reader :api_key
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
-        @api_key = kwargs[:api_key] || Mihari.config.spyse_api_key
-      end
-      def artifacts
-        search || []
-      end
-      private
-      def search_params
-        @search_params ||= JSON.parse(query)
-      end
-      def configuration_keys
-        %w[spyse_api_key]
-      end
-      def api
-        @api ||= ::Spyse::API.new(api_key)
-      end
-      #
-      # Check whether a type is valid or not
-      #
-      # @return [Boolean]
-      #
-      def valid_type?
-        %w[ip domain cert].include? type
-      end
-      #
-      # Domain search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def domain_search
-        res = api.domain.search(search_params, limit: 100)
-        items = res.dig("data", "items") || []
-        items.map do |item|
-          data = item["name"]
-          Artifact.new(data: data, source: source, metadata: item)
-        end
-      end
-      #
-      # IP search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def ip_search
-        res = api.ip.search(search_params, limit: 100)
-        items = res.dig("data", "items") || []
-        items.map do |item|
-          data = item["ip"]
-          Artifact.new(data: data, source: source, metadata: item)
-        end
-      end
-      #
-      # IP/domain search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def search
-        case type
-        when "domain"
-          domain_search
-        when "ip"
-          ip_search
-        else
-          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        end
-      end
-    end
-  end
-end