RubyGems - mihari - Versions diffs - 5.1.1 → 5.1.3 - Mend

mihari 5.1.1 → 5.1.3

Files changed (57) hide show

checksums.yaml +4 -4
data/.gitmodules +0 -3
data/.rubocop.yml +6 -0
data/README.md +0 -1
data/lib/mihari/analyzers/base.rb +32 -27
data/lib/mihari/analyzers/binaryedge.rb +8 -2
data/lib/mihari/analyzers/censys.rb +10 -61
data/lib/mihari/analyzers/circl.rb +13 -19
data/lib/mihari/analyzers/crtsh.rb +6 -0
data/lib/mihari/analyzers/dnstwister.rb +12 -19
data/lib/mihari/analyzers/feed.rb +21 -0
data/lib/mihari/analyzers/greynoise.rb +5 -28
data/lib/mihari/analyzers/onyphe.rb +8 -33
data/lib/mihari/analyzers/otx.rb +11 -17
data/lib/mihari/analyzers/passivetotal.rb +13 -19
data/lib/mihari/analyzers/pulsedive.rb +3 -1
data/lib/mihari/analyzers/rule.rb +0 -1
data/lib/mihari/analyzers/securitytrails.rb +18 -29
data/lib/mihari/analyzers/shodan.rb +13 -92
data/lib/mihari/analyzers/urlscan.rb +12 -4
data/lib/mihari/analyzers/virustotal.rb +4 -0
data/lib/mihari/analyzers/virustotal_intelligence.rb +9 -6
data/lib/mihari/analyzers/zoomeye.rb +9 -0
data/lib/mihari/clients/binaryedge.rb +5 -0
data/lib/mihari/clients/censys.rb +4 -4
data/lib/mihari/clients/circl.rb +3 -3
data/lib/mihari/clients/greynoise.rb +6 -1
data/lib/mihari/clients/misp.rb +8 -1
data/lib/mihari/clients/onyphe.rb +13 -1
data/lib/mihari/clients/otx.rb +20 -0
data/lib/mihari/clients/passivetotal.rb +6 -2
data/lib/mihari/clients/publsedive.rb +18 -1
data/lib/mihari/clients/securitytrails.rb +94 -0
data/lib/mihari/clients/shodan.rb +14 -3
data/lib/mihari/clients/the_hive.rb +6 -1
data/lib/mihari/clients/urlscan.rb +3 -1
data/lib/mihari/clients/virustotal.rb +9 -3
data/lib/mihari/clients/zoomeye.rb +7 -1
data/lib/mihari/commands/database.rb +1 -6
data/lib/mihari/commands/searcher.rb +1 -2
data/lib/mihari/database.rb +9 -0
data/lib/mihari/http.rb +14 -18
data/lib/mihari/structs/censys.rb +62 -0
data/lib/mihari/structs/greynoise.rb +43 -0
data/lib/mihari/structs/onyphe.rb +45 -0
data/lib/mihari/structs/shodan.rb +83 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/middleware/connection_adapter.rb +1 -3
data/lib/mihari/web/public/assets/{index-63900d73.js → index-7d0fb8c4.js} +2 -2
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +2 -2
data/lib/mihari.rb +1 -3
data/mihari.gemspec +2 -3
metadata +8 -24
data/lib/mihari/analyzers/dnpedia.rb +0 -33
data/lib/mihari/clients/dnpedia.rb +0 -64
data/lib/mihari/mixins/database.rb +0 -16

data/lib/mihari/structs/shodan.rb CHANGED Viewed

@@ -7,6 +7,18 @@ module Mihari
         attribute :country_code, Types::String.optional
         attribute :country_name, Types::String.optional
+        #
+        # @return [Mihari::Geolocation, nil]
+        #
+        def to_geolocation
+          return nil if country_name.nil? && country_code.nil?
+          Mihari::Geolocation.new(
+            country: country_name,
+            country_code: country_code
+          )
+        end
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -17,6 +29,8 @@ module Mihari
       end
       class Match < Dry::Struct
+        include Mixins::AutonomousSystem
         attribute :asn, Types::String.optional
         attribute :hostnames, Types.Array(Types::String)
         attribute :location, Location
@@ -25,6 +39,15 @@ module Mihari
         attribute :port, Types::Integer
         attribute :metadata, Types::Hash
+        #
+        # @return [Mihari::AutonomousSystem, nil]
+        #
+        def to_asn
+          return nil if asn.nil?
+          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+        end
         def self.from_dynamic!(d)
           d = Types::Hash[d]
@@ -51,6 +74,66 @@ module Mihari
         attribute :matches, Types.Array(Match)
         attribute :total, Types::Int
+        #
+        # Collect metadata from matches
+        #
+        # @param [String] ip
+        #
+        # @return [Array<Hash>]
+        #
+        def collect_metadata_by_ip(ip)
+          matches.select { |match| match.ip_str == ip }.map(&:metadata)
+        end
+        #
+        # Collect ports from matches
+        #
+        # @param [String] ip
+        #
+        # @return [Array<String>]
+        #
+        def collect_ports_by_ip(ip)
+          matches.select { |match| match.ip_str == ip }.map(&:port)
+        end
+        #
+        # Collect hostnames from matches
+        #
+        # @param [String] ip
+        #
+        # @return [Array<String>]
+        #
+        def collect_hostnames_by_ip(ip)
+          matches.select { |match| match.ip_str == ip }.map(&:hostnames).flatten.uniq
+        end
+        #
+        # @param [Source] source
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts(source = "Shodan")
+          matches.map do |match|
+            metadata = collect_metadata_by_ip(match.ip_str)
+            ports = collect_ports_by_ip(match.ip_str).map do |port|
+              Mihari::Port.new(port: port)
+            end
+            reverse_dns_names = collect_hostnames_by_ip(match.ip_str).map do |name|
+              Mihari::ReverseDnsName.new(name: name)
+            end
+            Mihari::Artifact.new(
+              data: match.ip_str,
+              source: source,
+              metadata: metadata,
+              autonomous_system: match.to_asn,
+              geolocation: match.location.to_geolocation,
+              ports: ports,
+              reverse_dns_names: reverse_dns_names
+            )
+          end
+        end
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "5.1.1"
+  VERSION = "5.1.3"
 end

data/lib/mihari/web/middleware/connection_adapter.rb CHANGED Viewed

@@ -1,14 +1,12 @@
 module Mihari
   module Middleware
     class ConnectionAdapter
-      include Mixins::Database
       def initialize(app)
         @app = app
       end
       def call(env)
-        with_db_connection do
+        Mihari::Database.with_db_connection do
           status, headers, body = @app.call(env)
           [status, headers, body]