RubyGems - mihari - Versions diffs - 4.8.0 → 4.10.0 - Mend

mihari 4.8.0 → 4.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/README.md +0 -1
data/lib/mihari/analyzers/base.rb +14 -2
data/lib/mihari/analyzers/rule.rb +0 -1
data/lib/mihari/commands/search.rb +9 -3
data/lib/mihari/emitters/misp.rb +23 -12
data/lib/mihari/emitters/the_hive.rb +35 -17
data/lib/mihari/schemas/analyzer.rb +0 -7
data/lib/mihari/schemas/emitter.rb +2 -0
data/lib/mihari/schemas/rule.rb +4 -4
data/lib/mihari/version.rb +1 -1
data/lib/mihari.rb +4 -3
data/mihari.gemspec +9 -10
data/sig/lib/mihari/emitters/misp.rbs +3 -3
data/sig/lib/mihari/emitters/the_hive.rbs +3 -3
data/sig/lib/mihari.rbs +2 -2
metadata +20 -35
data/lib/mihari/analyzers/spyse.rb +0 -93

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e827da38142045be9b680636eb69b61d18e465b83f33d3a2a435c251041c7fc
-  data.tar.gz: 91d0c1fa7e50512c9a2bb8aceb914f69bec149c3fd7dc16f136a4b391a086e56
+  metadata.gz: 54ef0421cb5da34c8174fe0fdc3b43d310770dca779dd51fac284a678b86fc0a
+  data.tar.gz: 6b24c7b37c00f7ebed9ee0fcfbfb66b95d7d60ea7c7792a40be32607bdda07fe
 SHA512:
-  metadata.gz: c6c06c7d217091158d3fc354ccf3e0640494cfcd26b38cf5927d4d2a43f961ce8d2bf7d87bc965037554e745bf54b7dcf06e02b96d93962e6b0948bff11119d7
-  data.tar.gz: 5dd97d8c4a4d9ae9eac0e3823e8da97210de5dae87c448f48f6df565a12c99e7f0620d0477862762465aa77b0727912ccc935cd941e9a291a48a763fbf9ab8f3
+  metadata.gz: 941a6e47d53a2287d793fe28fab3e6e9295076ed39e50fcf8f55e6cdca102381ae425b3db603acdfea9b28e438a7f57627ed793be1efcb0093d83b17ac128535
+  data.tar.gz: 25055c04746f33620e0c762f1d79d6407d8a9156d47820c2129ed4b72e926e7cf2d3ea275ff546046bb5b9ce82fe069b222d56f5b69700eb44179f83d80c058c

data/README.md CHANGED Viewed

@@ -44,7 +44,6 @@ Mihari supports the following services by default.
 - [Pulsedive](https://pulsedive.com/)
 - [SecurityTrails](https://securitytrails.com/)
 - [Shodan](https://shodan.io)
-- [Spyse](https://spyse.com)
 - [urlscan.io](https://urlscan.io)
 - [VirusTotal](http://virustotal.com) & [VirusTotal Intelligence](https://www.virustotal.com/gui/intelligence-overview)
 - [ZoomEye](https://zoomeye.org)

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -72,10 +72,22 @@ module Mihari
       #
       # @param [Mihari::Emitters::Base] emitter
       #
-      # @return [nil]
+      # @return [Mihari::Alert, nil]
       #
       def run_emitter(emitter)
-        emitter.run(title: title, description: description, artifacts: enriched_artifacts, source: source, tags: tags)
+        return if enriched_artifacts.empty?
+        alert_or_something = emitter.run(
+          title: title,
+          description: description,
+          artifacts: enriched_artifacts,
+          source: source,
+          tags: tags
+        )
+        Mihari.logger.info "Emission by #{emitter.class} is succedded"
+        alert_or_something
       rescue StandardError => e
         Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}"
       end

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -18,7 +18,6 @@ module Mihari
       "pulsedive" => Pulsedive,
       "securitytrails" => SecurityTrails,
       "shodan" => Shodan,
-      "spyse" => Spyse,
       "st" => SecurityTrails,
       "urlscan" => Urlscan,
       "virustotal_intelligence" => VirusTotalIntelligence,

data/lib/mihari/commands/search.rb CHANGED Viewed

@@ -14,7 +14,11 @@ module Mihari
             rule = Structs::Rule.from_path_or_id path_or_id
             # validate
-            rule.validate!
+            begin
+              rule.validate!
+            rescue RuleValidationError
+              return
+            end
             # check update
             id = rule.id
@@ -23,7 +27,9 @@ module Mihari
               with_db_connection do
                 rule_ = Mihari::Rule.find(id)
                 next if rule.yaml == rule_.yaml
-                return unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+                unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+                  return
+                end
               rescue ActiveRecord::RecordNotFound
                 next
               end
@@ -38,7 +44,7 @@ module Mihari
                 data = Mihari::Entities::Alert.represent(alert)
                 puts JSON.pretty_generate(data.as_json)
               else
-                Mihari.logger.info "There is no new artifact"
+                Mihari.logger.info "No new alert created in the database"
               end
               # record a rule

data/lib/mihari/emitters/misp.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class MISP < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
       # @return [String, nil]
       attr_reader :api_key
@@ -14,18 +14,29 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.misp_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.misp_url
         @api_key = kwargs[:api_key] || Mihari.config.misp_api_key
         ::MISP.configure do |config|
-          config.api_endpoint = api_endpoint
+          config.api_endpoint = url
           config.api_key = api_key
         end
       end
       # @return [Boolean]
       def valid?
-        api_endpoint? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("MISP URL is not set") unless url?
+          Mihari.logger.info("MISP API key is not set") unless api_key?
+          return false
+        end
+        unless ping?
+          Mihari.logger.info("MISP URL (#{url}) is not reachable")
+          return false
+        end
+        true
       end
       def emit(title:, artifacts:, tags: [], **_options)
@@ -47,7 +58,7 @@ module Mihari
       private
       def configuration_keys
-        %w[misp_api_endpoint misp_api_key]
+        %w[misp_url misp_api_key]
       end
       #
@@ -103,12 +114,12 @@ module Mihari
       end
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpoint?
-        !api_endpoint.nil? && !api_endpoint.empty?
+      def url?
+        !url.nil? && !url.empty?
       end
       #
@@ -121,15 +132,15 @@ module Mihari
       end
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-        url = "#{base_url}/users/login"
+        base_url = url.end_with?("/") ? url[0..-2] : url
+        login_url = "#{base_url}/users/login"
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(login_url)
         http.ping?
       end
     end

data/lib/mihari/emitters/the_hive.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class TheHive < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
       # @return [String, nil]
       attr_reader :api_key
@@ -17,14 +17,25 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.thehive_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.thehive_url
         @api_key = kwargs[:api_key] || Mihari.config.thehive_api_key
         @api_version = kwargs[:api_version] || Mihari.config.thehive_api_version
       end
       # @return [Boolean]
       def valid?
-        api_endpont? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("TheHive URL is not set") unless url?
+          Mihari.logger.info("TheHive API key is not set") unless api_key?
+          return false
+        end
+        unless ping?
+          Mihari.logger.info("TheHive URL (#{url}) is not reachable")
+          return false
+        end
+        true
       end
       def emit(title:, description:, artifacts:, tags: [], **_options)
@@ -57,20 +68,20 @@ module Mihari
       private
       def configuration_keys
-        %w[thehive_api_endpoint thehive_api_key]
+        %w[thehive_url thehive_api_key]
       end
       def api
-        @api ||= Hachi::API.new(api_endpoint: api_endpoint, api_key: api_key, api_version: normalized_api_version)
+        @api ||= Hachi::API.new(api_endpoint: url, api_key: api_key, api_version: normalized_api_version)
       end
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpont?
-        !api_endpoint.nil?
+      def url?
+        !url.nil?
       end
       #
@@ -83,7 +94,10 @@ module Mihari
       end
       def payload(title:, description:, artifacts:, tags: [])
-        return v4_payload(title: title, description: description, artifacts: artifacts, tags: tags) if normalized_api_version.nil?
+        if normalized_api_version.nil?
+          return v4_payload(title: title, description: description, artifacts: artifacts,
+            tags: tags)
+        end
         v5_payload(title: title, description: description, artifacts: artifacts, tags: tags)
       end
@@ -92,7 +106,9 @@ module Mihari
         {
           title: title,
           description: description,
-          artifacts: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          artifacts: artifacts.map do |artifact|
+                       { data: artifact.data, data_type: artifact.data_type, message: description }
+                     end,
           tags: tags,
           type: "external",
           source: "mihari"
@@ -103,7 +119,9 @@ module Mihari
         {
           title: title,
           description: description,
-          observables: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          observables: artifacts.map do |artifact|
+                         { data: artifact.data, data_type: artifact.data_type, message: description }
+                       end,
           tags: tags,
           type: "external",
           source: "mihari",
@@ -112,23 +130,23 @@ module Mihari
       end
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
+        base_url = url.end_with?("/") ? url[0..-2] : url
         if normalized_api_version.nil?
           # for v4
-          base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-          url = "#{base_url}/index.html"
+          base_url = url.end_with?("/") ? url[0..-2] : url
+          public_url = "#{base_url}/index.html"
         else
           # for v5
-          url = "#{base_url}/api/v1/status/public"
+          public_url = "#{base_url}/api/v1/status/public"
         end
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(public_url)
         # use GET for v5
         http.get_request = true if normalized_api_version

data/lib/mihari/schemas/analyzer.rb CHANGED Viewed

@@ -58,13 +58,6 @@ module Mihari
       optional(:options).hash(AnalyzerOptions)
     end
-    Spyse = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("spyse"))
-      required(:query).value(:string)
-      required(:type).value(Types::String.enum("ip", "domain"))
-      optional(:options).hash(AnalyzerOptions)
-    end
     ZoomEye = Dry::Schema.Params do
       required(:analyzer).value(Types::String.enum("zoomeye"))
       required(:query).value(:string)

data/lib/mihari/schemas/emitter.rb CHANGED Viewed

@@ -9,12 +9,14 @@ module Mihari
     MISP = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("misp"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
     end
     TheHive = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("the_hive"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
       optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4")
     end

data/lib/mihari/schemas/rule.rb CHANGED Viewed

@@ -22,7 +22,9 @@ module Mihari
       optional(:created_on).value(:date)
       optional(:updated_on).value(:date)
-      required(:queries).value(:array).each { AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | Spyse | ZoomEye | Urlscan | Crtsh | Feed }
+      required(:queries).value(:array).each do
+        AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed
+      end
       optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
@@ -57,9 +59,7 @@ module Mihari
       rule(:disallowed_data_values) do
         value.each do |v|
-          unless valid_disallowed_data_value?(v)
-            key.failure("#{v} is not a valid format.")
-          end
+          key.failure("#{v} is not a valid format.") unless valid_disallowed_data_value?(v)
         end
       end
     end

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "4.8.0"
+  VERSION = "4.10.0"
 end

data/lib/mihari.rb CHANGED Viewed

@@ -84,7 +84,8 @@ module Mihari
   setting :ipinfo_api_key, default: ENV.fetch("IPINFO_API_KEY", nil)
-  setting :misp_api_endpoint, default: ENV.fetch("MISP_API_ENDPOINT", nil)
+  # TODO: deprecate MISP_API_ENDPOINT
+  setting :misp_url, default: ENV.fetch("MISP_URL", nil) || ENV.fetch("MISP_API_ENDPOINT", nil)
   setting :misp_api_key, default: ENV.fetch("MISP_API_KEY", nil)
   setting :onyphe_api_key, default: ENV.fetch("ONYPHE_API_KEY", nil)
@@ -105,7 +106,8 @@ module Mihari
   setting :spyse_api_key, default: ENV.fetch("SPYSE_API_KEY", nil)
-  setting :thehive_api_endpoint, default: ENV.fetch("THEHIVE_API_ENDPOINT", nil)
+  # TODO: deprecate THEHIVE_API_ENDPOINT
+  setting :thehive_url, default: ENV.fetch("THEHIVE_URL", nil) || ENV.fetch("THEHIVE_API_ENDPOINT", nil)
   setting :thehive_api_key, default: ENV.fetch("THEHIVE_API_KEY", nil)
   setting :thehive_api_version, default: ENV.fetch("THEHIVE_API_VERSION", nil)
@@ -235,7 +237,6 @@ require "mihari/analyzers/passivetotal"
 require "mihari/analyzers/pulsedive"
 require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"
-require "mihari/analyzers/spyse"
 require "mihari/analyzers/urlscan"
 require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"

data/mihari.gemspec CHANGED Viewed

@@ -40,12 +40,12 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.11"
   spec.add_development_dependency "simplecov-lcov", "~> 0.8.0"
   spec.add_development_dependency "standard", "~> 1.16"
-  spec.add_development_dependency "steep", "~> 1.1"
+  spec.add_development_dependency "steep", "~> 1.2"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.1"
   spec.add_development_dependency "webmock", "~> 3.18"
-  spec.add_dependency "activerecord", "7.0.3.1"
+  spec.add_dependency "activerecord", "7.0.4"
   spec.add_dependency "addressable", "2.8.1"
   spec.add_dependency "awrence", "2.0.1"
   spec.add_dependency "binaryedge", "0.1.0"
@@ -54,11 +54,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dnpedia", "0.1.0"
   spec.add_dependency "dnstwister", "0.1.0"
   spec.add_dependency "dotenv", "2.8.1"
-  spec.add_dependency "dry-configurable", "0.15.0"
-  spec.add_dependency "dry-container", "0.10.1"
-  spec.add_dependency "dry-files", "0.2.0"
+  spec.add_dependency "dry-configurable", "0.16.0"
+  spec.add_dependency "dry-container", "0.11.0"
+  spec.add_dependency "dry-files", "0.3.0"
   spec.add_dependency "dry-initializer", "3.1.1"
-  spec.add_dependency "dry-schema", "1.10.2"
+  spec.add_dependency "dry-schema", "1.10.6"
   spec.add_dependency "dry-struct", "1.4.0"
   spec.add_dependency "dry-validation", "1.8.1"
   spec.add_dependency "email_address", "0.2.4"
@@ -88,16 +88,15 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rack-cors", "1.1.1"
   spec.add_dependency "securitytrails", "1.0.0"
   spec.add_dependency "semantic_logger", "4.11.0"
-  spec.add_dependency "sentry-ruby", "5.4.2"
+  spec.add_dependency "sentry-ruby", "5.5.0"
   spec.add_dependency "shodanx", "0.2.1"
   spec.add_dependency "slack-notifier", "2.4.0"
-  spec.add_dependency "spysex", "0.2.0"
-  spec.add_dependency "sqlite3", "1.4.4"
+  spec.add_dependency "sqlite3", "1.5.0"
   spec.add_dependency "thor", "1.2.1"
   spec.add_dependency "urlscan", "0.8.0"
   spec.add_dependency "uuidtools", "2.2.0"
   spec.add_dependency "virustotalx", "1.2.0"
   spec.add_dependency "whois", "5.1.0"
-  spec.add_dependency "whois-parser", "1.2.0"
+  spec.add_dependency "whois-parser", "2.0.0"
   spec.add_dependency "zoomeye-rb", "0.2.0"
 end

data/sig/lib/mihari/emitters/misp.rbs CHANGED Viewed

@@ -2,7 +2,7 @@ module Mihari
   module Emitters
     class MISP < Base
-      attr_reader api_endpiont: String?
+      attr_reader url: String?
       attr_reader api_key: String?
@@ -16,7 +16,7 @@ module Mihari
       private
-      def configuration_keys: () -> ::Array["misp_api_endpoint" | "misp_api_key"]
+      def configuration_keys: () -> ::Array["misp_url" | "misp_api_key"]
       def build_attribute: (Mihari::Artifact artifact) -> untyped
@@ -24,7 +24,7 @@ module Mihari
       def to_misp_type: (type: String `type`, value: String value) -> String?
-      def api_endpoint?: () -> bool
+      def url?: () -> bool
       def api_key?: () -> bool

data/sig/lib/mihari/emitters/the_hive.rbs CHANGED Viewed

@@ -1,7 +1,7 @@
 module Mihari
   module Emitters
     class TheHive < Base
-      attr_reader api_endpiont: String?
+      attr_reader url: String?
       attr_reader api_key: String?
@@ -16,12 +16,12 @@ module Mihari
       private
-      def configuration_keys: () -> ::Array["thehive_api_endpoint" | "thehive_api_key"]
+      def configuration_keys: () -> ::Array["thehive_url" | "thehive_api_key"]
       def api: () -> untyped
       # @return [true, false]
-      def api_endpont?: () -> bool
+      def url?: () -> bool
       # @return [true, false]
       def api_key?: () -> bool

data/sig/lib/mihari.rbs CHANGED Viewed

@@ -5,7 +5,7 @@ class Configuration
   attr_accessor circl_passive_password (): String?
   attr_accessor circl_passive_username (): String?
   attr_accessor ipinfo_api_key (): String?
-  attr_accessor misp_api_endpoint (): String?
+  attr_accessor misp_url (): String?
   attr_accessor misp_api_key (): String?
   attr_accessor onyphe_api_key (): String?
   attr_accessor otx_api_key (): String?
@@ -17,7 +17,7 @@ class Configuration
   attr_accessor slack_channel (): String?
   attr_accessor slack_webhook_url (): String?
   attr_accessor spyse_api_key (): String?
-  attr_accessor thehive_api_endpoint (): String?
+  attr_accessor thehive_url (): String?
   attr_accessor thehive_api_key (): String?
   attr_accessor thehive_api_version (): String?
   attr_accessor urlscan_api_key (): String?

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.10.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-28 00:00:00.000000000 Z
+date: 2022-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -198,14 +198,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -254,14 +254,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -380,42 +380,42 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: 0.16.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: 0.16.0
 - !ruby/object:Gem::Dependency
   name: dry-container
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.10.1
+        version: 0.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.10.1
+        version: 0.11.0
 - !ruby/object:Gem::Dependency
   name: dry-files
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: dry-initializer
   requirement: !ruby/object:Gem::Requirement
@@ -436,14 +436,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: 1.10.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: 1.10.6
 - !ruby/object:Gem::Dependency
   name: dry-struct
   requirement: !ruby/object:Gem::Requirement
@@ -856,14 +856,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: 5.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: 5.5.0
 - !ruby/object:Gem::Dependency
   name: shodanx
   requirement: !ruby/object:Gem::Requirement
@@ -892,34 +892,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.4.0
-- !ruby/object:Gem::Dependency
-  name: spysex
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -996,14 +982,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: zoomeye-rb
   requirement: !ruby/object:Gem::Requirement
@@ -1074,7 +1060,6 @@ files:
 - lib/mihari/analyzers/rule.rb
 - lib/mihari/analyzers/securitytrails.rb
 - lib/mihari/analyzers/shodan.rb
-- lib/mihari/analyzers/spyse.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb
 - lib/mihari/analyzers/virustotal_intelligence.rb

data/lib/mihari/analyzers/spyse.rb DELETED Viewed

@@ -1,93 +0,0 @@
-# frozen_string_literal: true
-require "spyse"
-module Mihari
-  module Analyzers
-    class Spyse < Base
-      param :query
-      option :type, default: proc { "domain" }
-      # @return [String, nil]
-      attr_reader :api_key
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
-        @api_key = kwargs[:api_key] || Mihari.config.spyse_api_key
-      end
-      def artifacts
-        search || []
-      end
-      private
-      def search_params
-        @search_params ||= JSON.parse(query)
-      end
-      def configuration_keys
-        %w[spyse_api_key]
-      end
-      def api
-        @api ||= ::Spyse::API.new(api_key)
-      end
-      #
-      # Check whether a type is valid or not
-      #
-      # @return [Boolean]
-      #
-      def valid_type?
-        %w[ip domain cert].include? type
-      end
-      #
-      # Domain search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def domain_search
-        res = api.domain.search(search_params, limit: 100)
-        items = res.dig("data", "items") || []
-        items.map do |item|
-          data = item["name"]
-          Artifact.new(data: data, source: source, metadata: item)
-        end
-      end
-      #
-      # IP search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def ip_search
-        res = api.ip.search(search_params, limit: 100)
-        items = res.dig("data", "items") || []
-        items.map do |item|
-          data = item["ip"]
-          Artifact.new(data: data, source: source, metadata: item)
-        end
-      end
-      #
-      # IP/domain search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def search
-        case type
-        when "domain"
-          domain_search
-        when "ip"
-          ip_search
-        else
-          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        end
-      end
-    end
-  end
-end