RubyGems - mihari - Versions diffs - 5.1.0 → 5.1.2 - Mend

mihari 5.1.0 → 5.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

checksums.yaml +4 -4
data/.gitmodules +0 -3
data/.rubocop.yml +6 -0
data/README.md +0 -1
data/lib/mihari/analyzers/base.rb +32 -27
data/lib/mihari/analyzers/binaryedge.rb +17 -9
data/lib/mihari/analyzers/censys.rb +10 -54
data/lib/mihari/analyzers/circl.rb +7 -6
data/lib/mihari/analyzers/crtsh.rb +12 -7
data/lib/mihari/analyzers/dnstwister.rb +7 -7
data/lib/mihari/analyzers/feed.rb +33 -10
data/lib/mihari/analyzers/greynoise.rb +8 -33
data/lib/mihari/analyzers/onyphe.rb +10 -36
data/lib/mihari/analyzers/otx.rb +4 -3
data/lib/mihari/analyzers/passivetotal.rb +8 -7
data/lib/mihari/analyzers/pulsedive.rb +8 -7
data/lib/mihari/analyzers/rule.rb +0 -1
data/lib/mihari/analyzers/securitytrails.rb +8 -10
data/lib/mihari/analyzers/shodan.rb +16 -90
data/lib/mihari/analyzers/urlscan.rb +16 -6
data/lib/mihari/analyzers/virustotal.rb +8 -6
data/lib/mihari/analyzers/virustotal_intelligence.rb +12 -7
data/lib/mihari/analyzers/zoomeye.rb +13 -10
data/lib/mihari/clients/base.rb +53 -0
data/lib/mihari/clients/binaryedge.rb +38 -0
data/lib/mihari/clients/censys.rb +42 -0
data/lib/mihari/clients/circl.rb +59 -0
data/lib/mihari/clients/crtsh.rb +31 -0
data/lib/mihari/clients/dnstwister.rb +40 -0
data/lib/mihari/clients/greynoise.rb +34 -0
data/lib/mihari/clients/misp.rb +29 -0
data/lib/mihari/clients/onyphe.rb +35 -0
data/lib/mihari/clients/otx.rb +49 -0
data/lib/mihari/clients/passivetotal.rb +69 -0
data/lib/mihari/clients/publsedive.rb +56 -0
data/lib/mihari/clients/securitytrails.rb +94 -0
data/lib/mihari/clients/shodan.rb +41 -0
data/lib/mihari/clients/the_hive.rb +33 -0
data/lib/mihari/clients/urlscan.rb +33 -0
data/lib/mihari/clients/virustotal.rb +62 -0
data/lib/mihari/clients/zoomeye.rb +74 -0
data/lib/mihari/commands/database.rb +1 -6
data/lib/mihari/commands/searcher.rb +1 -2
data/lib/mihari/database.rb +9 -0
data/lib/mihari/emitters/misp.rb +13 -20
data/lib/mihari/emitters/the_hive.rb +3 -5
data/lib/mihari/emitters/webhook.rb +2 -2
data/lib/mihari/feed/reader.rb +14 -11
data/lib/mihari/http.rb +29 -21
data/lib/mihari/mixins/retriable.rb +3 -1
data/lib/mihari/schemas/analyzer.rb +5 -4
data/lib/mihari/structs/censys.rb +62 -0
data/lib/mihari/structs/greynoise.rb +43 -0
data/lib/mihari/structs/onyphe.rb +45 -0
data/lib/mihari/structs/shodan.rb +83 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/middleware/connection_adapter.rb +1 -3
data/lib/mihari/web/public/assets/{index-63900d73.js → index-7d0fb8c4.js} +2 -2
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +2 -2
data/lib/mihari.rb +21 -2
data/mihari.gemspec +15 -23
metadata +55 -264
data/lib/mihari/analyzers/clients/otx.rb +0 -36
data/lib/mihari/analyzers/dnpedia.rb +0 -37
data/lib/mihari/mixins/database.rb +0 -16

data/lib/mihari/clients/circl.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require "base64"
+module Mihari
+  module Clients
+    class CIRCL < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] username
+      # @param [String, nil] password
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://www.circl.lu", username:, password:, headers: {})
+        raise(ArgumentError, "'username' argument is required") if username.nil?
+        raise(ArgumentError, "'password' argument is required") if password.nil?
+        headers["authorization"] = "Basic #{Base64.strict_encode64("#{username}:#{password}")}"
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] query
+      #
+      # @return [Hash]
+      #
+      def dns_query(query)
+        _get("/pdns/query/#{query}")
+      end
+      #
+      # @param [String] query
+      #
+      # @return [Hash]
+      #
+      def ssl_cquery(query)
+        _get("/v2pssl/cquery/#{query}")
+      end
+      private
+      #
+      #
+      # @param [String] path
+      # @param [Hash] params
+      #
+      def _get(path, params: {})
+        res = get(path, params: params)
+        body = res.body.to_s
+        content_type = res["Content-Type"].to_s
+        return JSON.parse(body) if content_type.include?("application/json")
+        body.lines.map { |line| JSON.parse line }
+      end
+    end
+  end
+end

data/lib/mihari/clients/crtsh.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class Crtsh < Base
+      #
+      # @param [String] base_url
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://crt.sh", headers: {})
+        super(base_url, headers: headers)
+      end
+      #
+      # Search crt.sh by a given identity
+      #
+      # @param [String] identity
+      # @param [String, nil] match "=", "ILIKE", "LIKE", "single", "any" or nil
+      # @param [String, nil] exclude "expired" or nil
+      #
+      # @return [Array<Hash>]
+      #
+      def search(identity, match: nil, exclude: nil)
+        params = { identity: identity, match: match, exclude: exclude, output: "json" }.compact
+        res = get("/", params: params)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/dnstwister.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class DNSTwister < Base
+      #
+      # @param [String] base_url
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://dnstwister.report", headers: {})
+        super(base_url, headers: headers)
+      end
+      #
+      # Get fuzzy domains
+      #
+      # @param [String] domain
+      #
+      # @return [Hash]
+      #
+      def fuzz(domain)
+        res = get("/api/fuzz/#{to_hex(domain)}")
+        JSON.parse(res.body.to_s)
+      end
+      private
+      #
+      # Converts string to hex
+      #
+      # @param [String] str String
+      #
+      # @return [String] Hex
+      #
+      def to_hex(str)
+        str.each_byte.map { |b| b.to_s(16) }.join
+      end
+    end
+  end
+end

data/lib/mihari/clients/greynoise.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class GreyNoise < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://api.greynoise.io", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        headers["key"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # GNQL (GreyNoise Query Language) is a domain-specific query language that uses Lucene deep under the hood
+      #
+      # @param [String] query GNQL query string
+      # @param [Integer, nil] size Maximum amount of results to grab
+      # @param [Integer, nil] scroll Scroll token to paginate through results
+      #
+      # @return [Hash]
+      #
+      def gnql_search(query, size: nil, scroll: nil)
+        params = { query: query, size: size, scroll: scroll }.compact
+        res = get("/v2/experimental/gnql", params: params)
+        Structs::GreyNoise::Response.from_dynamic! JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/misp.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class MISP < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url, api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        headers["authorization"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [Hash] payload
+      #
+      # @return [Hash]
+      #
+      def create_event(payload)
+        res = post("/events/add", json: payload)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/onyphe.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class Onyphe < Base
+      # @return [String]
+      attr_reader :api_key
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://www.onyphe.io", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
+        super(base_url, headers: headers)
+        @api_key = api_key
+      end
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Hash]
+      #
+      def datascan(query, page: 1)
+        params = { page: page, apikey: api_key }
+        res = get("/api/v2/simple/datascan/#{query}", params: params)
+        Structs::Onyphe::Response.from_dynamic! JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/otx.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class OTX < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://otx.alienvault.com", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        headers["x-otx-api-key"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] ip
+      #
+      # @return [Hash]
+      #
+      def query_by_ip(ip)
+        _get "/api/v1/indicators/IPv4/#{ip}/passive_dns"
+      end
+      #
+      # @param [String] domain
+      #
+      # @return [Hash]
+      #
+      def query_by_domain(domain)
+        _get "/api/v1/indicators/domain/#{domain}/passive_dns"
+      end
+      private
+      #
+      # @param [String] path
+      #
+      # @return [Hash]
+      #
+      def _get(path)
+        res = get(path)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/passivetotal.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require "base64"
+module Mihari
+  module Clients
+    class PassiveTotal < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] username
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://api.passivetotal.org", username:, api_key:, headers: {})
+        raise(ArgumentError, "'username' argument is required") if username.nil?
+        raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
+        headers["authorization"] = "Basic #{Base64.strict_encode64("#{username}:#{api_key}")}"
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] query
+      #
+      def ssl_search(query)
+        params = { query: query }
+        _get("/v2/ssl-certificate/history", params: params)
+      end
+      #
+      # @param [String] query
+      #
+      # @return [Hash]
+      #
+      def passive_dns_search(query)
+        params = { query: query }
+        _get("/v2/dns/passive/unique", params: params)
+      end
+      #
+      # @param [String] query the domain being queried
+      # @param [String] field whether to return historical results
+      #
+      # @return [Hash]
+      #
+      def reverse_whois_search(query:, field:)
+        params = {
+          query: query,
+          field: field
+        }.compact
+        _get("/v2/whois/search", params: params)
+      end
+      private
+      #
+      # @param [String] path
+      # @param [Hash] params
+      #
+      # @return [Hash]
+      #
+      def _get(path, params: {})
+        res = get(path, params: params)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/publsedive.rb ADDED Viewed

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class PulseDive < Base
+      # @return [String]
+      attr_reader :api_key
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://pulsedive.com", api_key:, headers: {})
+        super(base_url, headers: headers)
+        @api_key = api_key
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+      end
+      #
+      # @param [String] indicator_id
+      #
+      # @return [Hash]
+      #
+      def get_indicator(ip_or_domain)
+        _get "/api/info.php", params: { indicator: ip_or_domain }
+      end
+      #
+      # @param [String] indicator_id
+      #
+      # @return [Hash]
+      #
+      def get_properties(indicator_id)
+        _get "/api/info.php", params: { iid: indicator_id, get: "properties" }
+      end
+      private
+      #
+      # @param [String] path
+      # @param [Hash] params
+      #
+      # @return [Hash]
+      #
+      def _get(path, params: {})
+        params["key"] = api_key
+        res = get(path, params: params)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/securitytrails.rb ADDED Viewed

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class SecurityTrails < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://api.securitytrails.com", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        headers["apikey"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] mail
+      #
+      # @return [Array<Hash>]
+      #
+      def search_by_mail(mail)
+        res = _post "/v1/domains/list", json: { filter: { whois_email: mail } }
+        res["records"] || []
+      end
+      #
+      # @param [String] ip
+      #
+      # @return [Array<Hash>]
+      #
+      def search_by_ip(ip)
+        res = _post "/v1/domains/list", json: { filter: { ipv4: ip } }
+        res["records"] || []
+      end
+      #
+      # @param [String] domain
+      # @param [String] type
+      #
+      # @return [Array<Hash>]
+      #
+      def get_all_dns_history(domain, type:)
+        first_page = get_dns_history(domain, type: type, page: 1)
+        pages = first_page["pages"].to_i
+        records = first_page["records"] || []
+        (2..pages).each do |page_idx|
+          next_page = get_dns_history(domain, type: type, page: page_idx)
+          records << next_page["records"]
+        end
+        records.flatten
+      end
+      private
+      #
+      # @param [String] domain
+      # @param [String] type
+      # @param [Integer] page
+      #
+      # @return [Array<Hash>]
+      #
+      def get_dns_history(domain, type:, page:)
+        _get "/v1/history/#{domain}/dns/#{type}", params: { page: page }
+      end
+      #
+      # @param [String] path
+      # @param [Hash, nil] params
+      #
+      # @return [Hash]
+      #
+      def _get(path, params:)
+        res = get(path, params: params)
+        JSON.parse(res.body.to_s)
+      end
+      #
+      # @param [String] path
+      # @param [Hash, nil] json
+      #
+      # @return [Hash]
+      #
+      def _post(path, json:)
+        res = post(path, json: json)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/shodan.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class Shodan < Base
+      # @return [String]
+      attr_reader :api_key
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://api.shodan.io", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        super(base_url, headers: headers)
+        @api_key = api_key
+      end
+      #
+      # @param [String] query
+      # @param [Integer] page
+      # @param [Boolean] minify
+      #
+      # @return [Structs::Shodan::Result]
+      #
+      def search(query, page: 1, minify: true)
+        params = {
+          query: query,
+          page: page,
+          minify: minify,
+          key: api_key
+        }
+        res = get("/shodan/host/search", params: params)
+        Structs::Shodan::Result.from_dynamic! JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/the_hive.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class TheHive < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [String, nil] api_version
+      # @param [Hash] headers
+      #
+      def initialize(base_url, api_key:, api_version:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        base_url += "/#{api_version}" unless api_version.nil?
+        headers["authorization"] = "Bearer #{api_key}"
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [Hash] json
+      #
+      # @return [Hash]
+      #
+      def alert(json)
+        json = json.to_camelback_keys.compact
+        res = post("/alert", json: json)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/urlscan.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class UrlScan < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://urlscan.io", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
+        headers["api-key"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] q
+      # @param [Integer] size
+      # @param [String, nil] search_after
+      #
+      # @return [Hash]
+      #
+      def search(q, size: 100, search_after: nil)
+        params = { q: q, size: size, search_after: search_after }.compact
+        res = get("/api/v1/search/", params: params)
+        JSON.parse res.body.to_s
+      end
+    end
+  end
+end

data/lib/mihari/clients/virustotal.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class VirusTotal < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://www.virustotal.com", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
+        headers["x-apikey"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] query
+      #
+      # @return [Hash]
+      #
+      def domain_search(query)
+        _get("/api/v3/domains/#{query}/resolutions")
+      end
+      #
+      # @param [String] query
+      #
+      # @return [Hash]
+      #
+      def ip_search(query)
+        _get("/api/v3/ip_addresses/#{query}/resolutions")
+      end
+      #
+      # @param [String] query
+      # @param [String, nil] cursor
+      #
+      # @return [Hash]
+      #
+      def intel_search(query, cursor: nil)
+        params = { query: query, cursor: cursor }.compact
+        _get("/api/v3/intelligence/search", params: params)
+      end
+      private
+      #
+      # @param [String] path
+      # @param [Hash] params
+      #
+      # @return [Hash]
+      #
+      def _get(path, params: {})
+        res = get(path, params: params)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end