RubyGems - mihari - Versions diffs - 5.1.1 → 5.1.2 - Mend

mihari 5.1.1 → 5.1.2

Files changed (56) hide show

checksums.yaml +4 -4
data/.gitmodules +0 -3
data/.rubocop.yml +6 -0
data/README.md +0 -1
data/lib/mihari/analyzers/base.rb +32 -27
data/lib/mihari/analyzers/binaryedge.rb +8 -2
data/lib/mihari/analyzers/censys.rb +7 -49
data/lib/mihari/analyzers/circl.rb +5 -2
data/lib/mihari/analyzers/crtsh.rb +6 -0
data/lib/mihari/analyzers/dnstwister.rb +4 -2
data/lib/mihari/analyzers/feed.rb +21 -0
data/lib/mihari/analyzers/greynoise.rb +5 -28
data/lib/mihari/analyzers/onyphe.rb +8 -33
data/lib/mihari/analyzers/otx.rb +3 -0
data/lib/mihari/analyzers/passivetotal.rb +3 -0
data/lib/mihari/analyzers/pulsedive.rb +3 -0
data/lib/mihari/analyzers/rule.rb +0 -1
data/lib/mihari/analyzers/securitytrails.rb +8 -10
data/lib/mihari/analyzers/shodan.rb +13 -81
data/lib/mihari/analyzers/urlscan.rb +9 -0
data/lib/mihari/analyzers/virustotal.rb +4 -0
data/lib/mihari/analyzers/virustotal_intelligence.rb +8 -2
data/lib/mihari/analyzers/zoomeye.rb +9 -0
data/lib/mihari/clients/binaryedge.rb +5 -0
data/lib/mihari/clients/censys.rb +4 -4
data/lib/mihari/clients/circl.rb +3 -3
data/lib/mihari/clients/greynoise.rb +6 -1
data/lib/mihari/clients/misp.rb +6 -1
data/lib/mihari/clients/onyphe.rb +13 -1
data/lib/mihari/clients/otx.rb +20 -0
data/lib/mihari/clients/passivetotal.rb +6 -2
data/lib/mihari/clients/publsedive.rb +18 -1
data/lib/mihari/clients/securitytrails.rb +94 -0
data/lib/mihari/clients/shodan.rb +14 -3
data/lib/mihari/clients/the_hive.rb +6 -1
data/lib/mihari/clients/urlscan.rb +3 -1
data/lib/mihari/clients/virustotal.rb +9 -3
data/lib/mihari/clients/zoomeye.rb +7 -1
data/lib/mihari/commands/database.rb +1 -6
data/lib/mihari/commands/searcher.rb +1 -2
data/lib/mihari/database.rb +9 -0
data/lib/mihari/structs/censys.rb +62 -0
data/lib/mihari/structs/greynoise.rb +43 -0
data/lib/mihari/structs/onyphe.rb +45 -0
data/lib/mihari/structs/shodan.rb +83 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/middleware/connection_adapter.rb +1 -3
data/lib/mihari/web/public/assets/{index-63900d73.js → index-7d0fb8c4.js} +2 -2
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +2 -2
data/lib/mihari.rb +1 -3
data/mihari.gemspec +2 -3
metadata +9 -25
data/lib/mihari/analyzers/dnpedia.rb +0 -33
data/lib/mihari/clients/dnpedia.rb +0 -64
data/lib/mihari/mixins/database.rb +0 -16

data/lib/mihari/analyzers/shodan.rb CHANGED Viewed

@@ -10,6 +10,12 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
+      # @return [Integer]
+      attr_reader :interval
+      # @return [String]
+      attr_reader :query
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
@@ -18,13 +24,9 @@ module Mihari
       def artifacts
         results = search
-        return [] unless results || results.empty?
-        results = results.map { |result| Structs::Shodan::Result.from_dynamic!(result) }
-        matches = results.map { |result| result.matches || [] }.flatten
+        return [] if results.empty?
-        uniq_matches = matches.uniq(&:ip_str)
-        uniq_matches.map { |match| build_artifact(match, matches) }
+        results.map { |result| result.to_artifacts(source) }.flatten.uniq(&:data)
       end
       private
@@ -42,29 +44,25 @@ module Mihari
       #
       # Search with pagination
       #
-      # @param [String] query
       # @param [Integer] page
       #
-      # @return [Hash]
+      # @return [Structs::Shodan::Result]
       #
-      def search_with_page(query, page: 1)
+      def search_with_page(page: 1)
         client.search(query, page: page)
       end
       #
       # Search
       #
-      # @return [Array<Hash>]
+      # @return [Array<Structs::Shodan::Result>]
       #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|
-          res = search_with_page(query, page: page)
-          break unless res
+          res = search_with_page(page: page)
           responses << res
-          break if res["total"].to_i <= page * PAGE_SIZE
+          break if res.total <= page * PAGE_SIZE
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
           sleep interval
@@ -76,42 +74,6 @@ module Mihari
         responses
       end
-      #
-      # Collect metadata from matches
-      #
-      # @param [Array<Structs::Shodan::Match>] matches
-      # @param [String] ip
-      #
-      # @return [Array<Hash>]
-      #
-      def collect_metadata_by_ip(matches, ip)
-        matches.select { |match| match.ip_str == ip }.map(&:metadata)
-      end
-      #
-      # Collect ports from matches
-      #
-      # @param [Array<Structs::Shodan::Match>] matches
-      # @param [String] ip
-      #
-      # @return [Array<String>]
-      #
-      def collect_ports_by_ip(matches, ip)
-        matches.select { |match| match.ip_str == ip }.map(&:port)
-      end
-      #
-      # Collect hostnames from matches
-      #
-      # @param [Array<Structs::Shodan::Match>] matches
-      # @param [String] ip
-      #
-      # @return [Array<String>]
-      #
-      def collect_hostnames_by_ip(matches, ip)
-        matches.select { |match| match.ip_str == ip }.map(&:hostnames).flatten.uniq
-      end
       #
       # Build an artifact from a Shodan search API response
       #
@@ -121,36 +83,6 @@ module Mihari
       # @return [Artifact]
       #
       def build_artifact(match, matches)
-        as = nil
-        as = AutonomousSystem.new(asn: normalize_asn(match.asn)) unless match.asn.nil?
-        geolocation = nil
-        if !match.location.country_name.nil? && !match.location.country_code.nil?
-          geolocation = Geolocation.new(
-            country: match.location.country_name,
-            country_code: match.location.country_code
-          )
-        end
-        metadata = collect_metadata_by_ip(matches, match.ip_str)
-        ports = collect_ports_by_ip(matches, match.ip_str).map do |port|
-          Port.new(port: port)
-        end
-        reverse_dns_names = collect_hostnames_by_ip(matches, match.ip_str).map do |name|
-          ReverseDnsName.new(name: name)
-        end
-        Artifact.new(
-          data: match.ip_str,
-          source: source,
-          metadata: metadata,
-          autonomous_system: as,
-          geolocation: geolocation,
-          ports: ports,
-          reverse_dns_names: reverse_dns_names
-        )
       end
     end
   end

data/lib/mihari/analyzers/urlscan.rb CHANGED Viewed

@@ -15,6 +15,15 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
+      # @return [String]
+      attr_reader :query
+      # @return [Integer]
+      attr_reader :interval
+      # @return [String]
+      attr_reader :allowed_data_types
       def initialize(*args, **kwargs)
         super

data/lib/mihari/analyzers/virustotal.rb CHANGED Viewed

@@ -7,11 +7,15 @@ module Mihari
       param :query
+      # @return [String]
       attr_reader :type
       # @return [String, nil]
       attr_reader :api_key
+      # @return [String]
+      attr_reader :query
       def initialize(*args, **kwargs)
         super(*args, **kwargs)

data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED Viewed

@@ -10,6 +10,12 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
+      # @return [String]
+      attr_reader :query
+      # @return [Integer]
+      attr_reader :interval
       def initialize(*args, **kwargs)
         super
@@ -19,7 +25,7 @@ module Mihari
       end
       def artifacts
-        responses = search_witgh_cursor
+        responses = search_with_cursor
         responses.map do |response|
           response.data.map do |datum|
             Artifact.new(data: datum.value, source: source, metadata: datum.metadata)
@@ -47,7 +53,7 @@ module Mihari
       #
       # @return [Array<Structs::VirusTotalIntelligence::Response>]
       #
-      def search_witgh_cursor
+      def search_with_cursor
         cursor = nil
         responses = []

data/lib/mihari/analyzers/zoomeye.rb CHANGED Viewed

@@ -12,6 +12,15 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
+      # @return [String]
+      attr_reader :query
+      # @return [String]
+      attr_reader :type
+      # @return [Integer]
+      attr_reader :interval
       def initialize(*args, **kwargs)
         super(*args, **kwargs)

data/lib/mihari/clients/binaryedge.rb CHANGED Viewed

@@ -3,6 +3,11 @@
 module Mihari
   module Clients
     class BinaryEdge < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
       def initialize(base_url = "https://api.binaryedge.io/v2", api_key:, headers: {})
         raise(ArgumentError, "'api_key' argument is required") unless api_key

data/lib/mihari/clients/censys.rb CHANGED Viewed

@@ -7,8 +7,8 @@ module Mihari
     class Censys < Base
       #
       # @param [String] base_url
-      # @param [String] id
-      # @param [String] secret
+      # @param [String, nil] id
+      # @param [String, nil] secret
       # @param [Hash] headers
       #
       def initialize(base_url = "https://search.censys.io", id:, secret:, headers: {})
@@ -30,12 +30,12 @@ module Mihari
       # @params [Integer, nil] per_page the number of results to be returned for each page.
       # @params [Integer, nil] cursor the cursor of the desired result set.
       #
-      # @return [Hash]
+      # @return [Structs::Censys::Response]
       #
       def search(query, per_page: nil, cursor: nil)
         params = { q: query, per_page: per_page, cursor: cursor }.compact
         res = get("/api/v2/hosts/search", params: params)
-        JSON.parse(res.body.to_s)
+        Structs::Censys::Response.from_dynamic! JSON.parse(res.body.to_s)
       end
     end
   end

data/lib/mihari/clients/circl.rb CHANGED Viewed

@@ -7,8 +7,8 @@ module Mihari
     class CIRCL < Base
       #
       # @param [String] base_url
-      # @param [String] username
-      # @param [String] password
+      # @param [String, nil] username
+      # @param [String, nil] password
       # @param [Hash] headers
       #
       def initialize(base_url = "https://www.circl.lu", username:, password:, headers: {})
@@ -43,7 +43,7 @@ module Mihari
       #
       #
       # @param [String] path
-      # @param [Array<Hash>] params
+      # @param [Hash] params
       #
       def _get(path, params: {})
         res = get(path, params: params)

data/lib/mihari/clients/greynoise.rb CHANGED Viewed

@@ -3,6 +3,11 @@
 module Mihari
   module Clients
     class GreyNoise < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
       def initialize(base_url = "https://api.greynoise.io", api_key:, headers: {})
         raise(ArgumentError, "'api_key' argument is required") unless api_key
@@ -22,7 +27,7 @@ module Mihari
       def gnql_search(query, size: nil, scroll: nil)
         params = { query: query, size: size, scroll: scroll }.compact
         res = get("/v2/experimental/gnql", params: params)
-        JSON.parse res.body.to_s
+        Structs::GreyNoise::Response.from_dynamic! JSON.parse(res.body.to_s)
       end
     end
   end

data/lib/mihari/clients/misp.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Mihari
     class MISP < Base
       #
       # @param [String] base_url
-      # @param [String] api_key
+      # @param [String, nil] api_key
       # @param [Hash] headers
       #
       def initialize(base_url, api_key:, headers: {})
@@ -15,6 +15,11 @@ module Mihari
         super(base_url, headers: headers)
       end
+      #
+      # @param [Hash] payload
+      #
+      # @return [Hash]
+      #
       def create_event(payload)
         res = post("/events/add", json: payload)
         JSON.parse(res.body.to_s)

data/lib/mihari/clients/onyphe.rb CHANGED Viewed

@@ -3,8 +3,14 @@
 module Mihari
   module Clients
     class Onyphe < Base
+      # @return [String]
       attr_reader :api_key
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
       def initialize(base_url = "https://www.onyphe.io", api_key:, headers: {})
         raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
@@ -13,10 +19,16 @@ module Mihari
         @api_key = api_key
       end
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Hash]
+      #
       def datascan(query, page: 1)
         params = { page: page, apikey: api_key }
         res = get("/api/v2/simple/datascan/#{query}", params: params)
-        JSON.parse(res.body.to_s)
+        Structs::Onyphe::Response.from_dynamic! JSON.parse(res.body.to_s)
       end
     end
   end

data/lib/mihari/clients/otx.rb CHANGED Viewed

@@ -3,6 +3,11 @@
 module Mihari
   module Clients
     class OTX < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
       def initialize(base_url = "https://otx.alienvault.com", api_key:, headers: {})
         raise(ArgumentError, "'api_key' argument is required") unless api_key
@@ -10,16 +15,31 @@ module Mihari
         super(base_url, headers: headers)
       end
+      #
+      # @param [String] ip
+      #
+      # @return [Hash]
+      #
       def query_by_ip(ip)
         _get "/api/v1/indicators/IPv4/#{ip}/passive_dns"
       end
+      #
+      # @param [String] domain
+      #
+      # @return [Hash]
+      #
       def query_by_domain(domain)
         _get "/api/v1/indicators/domain/#{domain}/passive_dns"
       end
       private
+      #
+      # @param [String] path
+      #
+      # @return [Hash]
+      #
       def _get(path)
         res = get(path)
         JSON.parse(res.body.to_s)

data/lib/mihari/clients/passivetotal.rb CHANGED Viewed

@@ -7,8 +7,8 @@ module Mihari
     class PassiveTotal < Base
       #
       # @param [String] base_url
-      # @param [String] username
-      # @param [String] api_key
+      # @param [String, nil] username
+      # @param [String, nil] api_key
       # @param [Hash] headers
       #
       def initialize(base_url = "https://api.passivetotal.org", username:, api_key:, headers: {})
@@ -31,6 +31,8 @@ module Mihari
       #
       # @param [String] query
       #
+      # @return [Hash]
+      #
       def passive_dns_search(query)
         params = { query: query }
         _get("/v2/dns/passive/unique", params: params)
@@ -56,6 +58,8 @@ module Mihari
       # @param [String] path
       # @param [Hash] params
       #
+      # @return [Hash]
+      #
       def _get(path, params: {})
         res = get(path, params: params)
         JSON.parse(res.body.to_s)

data/lib/mihari/clients/publsedive.rb CHANGED Viewed

@@ -3,8 +3,14 @@
 module Mihari
   module Clients
     class PulseDive < Base
+      # @return [String]
       attr_reader :api_key
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
       def initialize(base_url = "https://pulsedive.com", api_key:, headers: {})
         super(base_url, headers: headers)
@@ -13,21 +19,32 @@ module Mihari
         raise(ArgumentError, "'api_key' argument is required") unless api_key
       end
+      #
+      # @param [String] indicator_id
+      #
+      # @return [Hash]
+      #
       def get_indicator(ip_or_domain)
         _get "/api/info.php", params: { indicator: ip_or_domain }
       end
+      #
+      # @param [String] indicator_id
+      #
+      # @return [Hash]
+      #
       def get_properties(indicator_id)
         _get "/api/info.php", params: { iid: indicator_id, get: "properties" }
       end
       private
-      #
       #
       # @param [String] path
       # @param [Hash] params
       #
+      # @return [Hash]
+      #
       def _get(path, params: {})
         params["key"] = api_key

data/lib/mihari/clients/securitytrails.rb ADDED Viewed

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    class SecurityTrails < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
+      def initialize(base_url = "https://api.securitytrails.com", api_key:, headers: {})
+        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        headers["apikey"] = api_key
+        super(base_url, headers: headers)
+      end
+      #
+      # @param [String] mail
+      #
+      # @return [Array<Hash>]
+      #
+      def search_by_mail(mail)
+        res = _post "/v1/domains/list", json: { filter: { whois_email: mail } }
+        res["records"] || []
+      end
+      #
+      # @param [String] ip
+      #
+      # @return [Array<Hash>]
+      #
+      def search_by_ip(ip)
+        res = _post "/v1/domains/list", json: { filter: { ipv4: ip } }
+        res["records"] || []
+      end
+      #
+      # @param [String] domain
+      # @param [String] type
+      #
+      # @return [Array<Hash>]
+      #
+      def get_all_dns_history(domain, type:)
+        first_page = get_dns_history(domain, type: type, page: 1)
+        pages = first_page["pages"].to_i
+        records = first_page["records"] || []
+        (2..pages).each do |page_idx|
+          next_page = get_dns_history(domain, type: type, page: page_idx)
+          records << next_page["records"]
+        end
+        records.flatten
+      end
+      private
+      #
+      # @param [String] domain
+      # @param [String] type
+      # @param [Integer] page
+      #
+      # @return [Array<Hash>]
+      #
+      def get_dns_history(domain, type:, page:)
+        _get "/v1/history/#{domain}/dns/#{type}", params: { page: page }
+      end
+      #
+      # @param [String] path
+      # @param [Hash, nil] params
+      #
+      # @return [Hash]
+      #
+      def _get(path, params:)
+        res = get(path, params: params)
+        JSON.parse(res.body.to_s)
+      end
+      #
+      # @param [String] path
+      # @param [Hash, nil] json
+      #
+      # @return [Hash]
+      #
+      def _post(path, json:)
+        res = post(path, json: json)
+        JSON.parse(res.body.to_s)
+      end
+    end
+  end
+end

data/lib/mihari/clients/shodan.rb CHANGED Viewed

@@ -3,8 +3,14 @@
 module Mihari
   module Clients
     class Shodan < Base
+      # @return [String]
       attr_reader :api_key
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      #
       def initialize(base_url = "https://api.shodan.io", api_key:, headers: {})
         raise(ArgumentError, "'api_key' argument is required") unless api_key
@@ -13,8 +19,13 @@ module Mihari
         @api_key = api_key
       end
-      # Search Shodan using the same query syntax as the website and use facets
-      # to get summary information for different properties.
+      #
+      # @param [String] query
+      # @param [Integer] page
+      # @param [Boolean] minify
+      #
+      # @return [Structs::Shodan::Result]
+      #
       def search(query, page: 1, minify: true)
         params = {
           query: query,
@@ -23,7 +34,7 @@ module Mihari
           key: api_key
         }
         res = get("/shodan/host/search", params: params)
-        JSON.parse(res.body.to_s)
+        Structs::Shodan::Result.from_dynamic! JSON.parse(res.body.to_s)
       end
     end
   end

data/lib/mihari/clients/the_hive.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Mihari
     class TheHive < Base
       #
       # @param [String] base_url
-      # @param [String] api_key
+      # @param [String, nil] api_key
       # @param [String, nil] api_version
       # @param [Hash] headers
       #
@@ -18,6 +18,11 @@ module Mihari
         super(base_url, headers: headers)
       end
+      #
+      # @param [Hash] json
+      #
+      # @return [Hash]
+      #
       def alert(json)
         json = json.to_camelback_keys.compact
         res = post("/alert", json: json)

data/lib/mihari/clients/urlscan.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Mihari
     class UrlScan < Base
       #
       # @param [String] base_url
-      # @param [String] api_key
+      # @param [String, nil] api_key
       # @param [Hash] headers
       #
       def initialize(base_url = "https://urlscan.io", api_key:, headers: {})
@@ -21,6 +21,8 @@ module Mihari
       # @param [Integer] size
       # @param [String, nil] search_after
       #
+      # @return [Hash]
+      #
       def search(q, size: 100, search_after: nil)
         params = { q: q, size: size, search_after: search_after }.compact
         res = get("/api/v1/search/", params: params)