mihari 5.1.2 → 5.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5415ee0f5bb820e8073383e4771589bbbaa39fc313af3aa434c5754f34bb9056
-  data.tar.gz: a4da4ce859fa718c900572b865518110f92649698a76ca64c55e38ebad2f9856
+  metadata.gz: dd278975834369b3274b38b590f12d4f2fed97d7626363ff3cfbc9845195b386
+  data.tar.gz: 864ee1deae0bdb0390d9e330eb76c993860c37189dce0d23c9793b012f338275
 SHA512:
-  metadata.gz: c0b95e672f17d5ba0035624b035da278c863dc0b1a0860e3393cd8f001125964270233da7bf5ffb08c9057889b4a51698829de059089ed4d31a0f4fd7d0aa3e8
-  data.tar.gz: 30cbba0170104212e9244dfeac820a1a223468bae940719c242778d5bffd95b147f482548aebcc2386713fe43cc0c1b97bf2d71d08d318ad62a4b1a707f3e605
+  metadata.gz: 258731713400cb40f6da8f24e6ce0213b883eeff98a22a16a88c84568633ad02ad3e18f4e70e6faea428a29bdcdc257b6ec3c86ebea7979065ec2e42ab445c47
+  data.tar.gz: 6c8beea0c3f4aa42f8fb8217a05c6256a6a8ea10daceb05d05ed2884d8b53c86195c765fa70cf35ea19c41d959fd6df114fa2b609893e828def028f5b16b5fc4

data/lib/mihari/analyzers/censys.rb

@@ -27,21 +27,6 @@ module Mihari
       end
 
       def artifacts
-        search
-      end
-
-      def configured?
-        configuration_keys.all? { |key| Mihari.config.send(key) } || (id? && secret?)
-      end
-
-      private
-
-      #
-      # Search
-      #
-      # @return [Array<String>]
-      #
-      def search
         artifacts = []
 
         cursor = nil
@@ -58,6 +43,12 @@ module Mihari
         artifacts.flatten.uniq(&:data)
       end
 
+      def configured?
+        configuration_keys.all? { |key| Mihari.config.send(key) } || (id? && secret?)
+      end
+
+      private
+
       def configuration_keys
         %w[censys_id censys_secret]
       end

data/lib/mihari/analyzers/circl.rb

@@ -30,7 +30,14 @@ module Mihari
       end
 
       def artifacts
-        search || []
+        case type
+        when "domain"
+          passive_dns_search
+        when "hash"
+          passive_ssl_search
+        else
+          raise InvalidInputError, "#{@query}(type: #{@type || "unknown"}) is not supported."
+        end
       end
 
       def configured?
@@ -47,22 +54,6 @@ module Mihari
         @client ||= Clients::CIRCL.new(username: username, password: password)
       end
 
-      #
-      # Passive DNS/SSL search
-      #
-      # @return [Array<String>]
-      #
-      def search
-        case @type
-        when "domain"
-          passive_dns_search
-        when "hash"
-          passive_ssl_search
-        else
-          raise InvalidInputError, "#{@query}(type: #{@type || "unknown"}) is not supported."
-        end
-      end
-
       #
       # Passive DNS search
       #

data/lib/mihari/analyzers/dnstwister.rb

@@ -21,7 +21,14 @@ module Mihari
       end
 
       def artifacts
-        search || []
+        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+
+        res = client.fuzz(query)
+        fuzzy_domains = res["fuzzy_domains"] || []
+        domains = fuzzy_domains.map { |domain| domain["domain"] }
+        Parallel.map(domains) do |domain|
+          resolvable?(domain) ? domain : nil
+        end.compact
       end
 
       private
@@ -52,22 +59,6 @@ module Mihari
       rescue Resolv::ResolvError => _e
         false
       end
-
-      #
-      # Search
-      #
-      # @return [Array<String>]
-      #
-      def search
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-
-        res = client.fuzz(query)
-        fuzzy_domains = res["fuzzy_domains"] || []
-        domains = fuzzy_domains.map { |domain| domain["domain"] }
-        Parallel.map(domains) do |domain|
-          resolvable?(domain) ? domain : nil
-        end.compact
-      end
     end
   end
 end

data/lib/mihari/analyzers/otx.rb

@@ -26,7 +26,14 @@ module Mihari
       end
 
       def artifacts
-        search || []
+        case type
+        when "domain"
+          domain_search
+        when "ip"
+          ip_search
+        else
+          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+        end
       end
 
       private
@@ -48,22 +55,6 @@ module Mihari
         %w[ip domain].include? type
       end
 
-      #
-      # IP/domain search
-      #
-      # @return [Array<String>]
-      #
-      def search
-        case type
-        when "domain"
-          domain_search
-        when "ip"
-          ip_search
-        else
-          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        end
-      end
-
       #
       # Domain search
       #

data/lib/mihari/analyzers/passivetotal.rb

@@ -30,7 +30,16 @@ module Mihari
       end
 
       def artifacts
-        search || []
+        case type
+        when "domain", "ip"
+          passive_dns_search
+        when "mail"
+          reverse_whois_search
+        when "hash"
+          ssl_search
+        else
+          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+        end
       end
 
       def configured?
@@ -56,24 +65,6 @@ module Mihari
         %w[ip domain mail hash].include? type
       end
 
-      #
-      # Passive DNS/SSL, reverse whois search
-      #
-      # @return [Array<String>]
-      #
-      def search
-        case type
-        when "domain", "ip"
-          passive_dns_search
-        when "mail"
-          reverse_whois_search
-        when "hash"
-          ssl_search
-        else
-          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        end
-      end
-
       #
       # Passive DNS search
       #

data/lib/mihari/analyzers/pulsedive.rb

@@ -58,7 +58,6 @@ module Mihari
 
         indicator = client.get_indicator(query)
         iid = indicator["iid"]
-
         properties = client.get_properties(iid)
         (properties["dns"] || []).filter_map do |property|
           if %w[A PTR].include?(property["name"])

data/lib/mihari/analyzers/securitytrails.rb

@@ -26,7 +26,16 @@ module Mihari
       end
 
       def artifacts
-        search || []
+        case type
+        when "domain"
+          domain_search
+        when "ip"
+          ip_search
+        when "mail"
+          mail_search
+        else
+          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+        end
       end
 
       private
@@ -48,24 +57,6 @@ module Mihari
         %w[ip domain mail].include? type
       end
 
-      #
-      # IP/domain/mail search
-      #
-      # @return [Array<String>, Array<Mihari::Artifact>]
-      #
-      def search
-        case type
-        when "domain"
-          domain_search
-        when "ip"
-          ip_search
-        when "mail"
-          mail_search
-        else
-          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        end
-      end
-
       #
       # Domain search
       #

data/lib/mihari/analyzers/shodan.rb

@@ -73,17 +73,6 @@ module Mihari
         end
         responses
       end
-
-      #
-      # Build an artifact from a Shodan search API response
-      #
-      # @param [Structs::Shodan::Match] match
-      # @param [Array<Structs::Shodan::Match>] matches
-      #
-      # @return [Artifact]
-      #
-      def build_artifact(match, matches)
-      end
     end
   end
 end

data/lib/mihari/analyzers/urlscan.rb

@@ -27,9 +27,8 @@ module Mihari
       def initialize(*args, **kwargs)
         super
 
-        unless valid_alllowed_data_types?
-          raise InvalidInputError,
-            "allowed_data_types should be any of url, domain and ip."
+        unless valid_allowed_data_types?
+          raise InvalidInputError, "allowed_data_types should be any of url, domain and ip."
         end
 
         @api_key = kwargs[:api_key] || Mihari.config.urlscan_api_key
@@ -97,7 +96,7 @@ module Mihari
       #
       # @return [Boolean]
       #
-      def valid_alllowed_data_types?
+      def valid_allowed_data_types?
         allowed_data_types.all? { |type| SUPPORTED_DATA_TYPES.include? type }
       end
     end

data/lib/mihari/analyzers/virustotal_intelligence.rb

@@ -58,14 +58,11 @@ module Mihari
         responses = []
 
         loop do
-          response = Structs::VirusTotalIntelligence::Response.from_dynamic!(client.intel_search(query,
-            cursor: cursor))
+          response = Structs::VirusTotalIntelligence::Response.from_dynamic!(client.intel_search(query, cursor: cursor))
           responses << response
-
           break if response.meta.cursor.nil?
 
           cursor = response.meta.cursor
-
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
           sleep interval
         end

data/lib/mihari/clients/misp.rb

@@ -12,6 +12,8 @@ module Mihari
         raise(ArgumentError, "'api_key' argument is required") unless api_key
 
         headers["authorization"] = api_key
+        headers["accept"] = "application/json"
+
         super(base_url, headers: headers)
       end
 

data/lib/mihari/http.rb

@@ -4,7 +4,7 @@ require "insensitive_hash"
 
 module Mihari
   class HTTP
-    # @return [String]
+    # @return [URI]
     attr_reader :url
 
     # @return [Hash]
@@ -26,12 +26,12 @@ module Mihari
       new_url = url.deep_dup
       new_url.query = Addressable::URI.form_encode(params) unless (params || {}).empty?
 
-      get = Net::HTTP::Get.new(new_url)
+      get = Net::HTTP::Get.new(new_url, headers)
       request get
     end
 
     #
-    # Make a POST requesti
+    # Make a POST request
     #
     # @param [Hash, nil] params
     # @param [Hash, nil] json
@@ -43,10 +43,17 @@ module Mihari
       new_url = url.deep_dup
       new_url.query = Addressable::URI.form_encode(params) unless (params || {}).empty?
 
-      post = Net::HTTP::Post.new(new_url)
+      post = Net::HTTP::Post.new(new_url, headers)
 
-      post.body = JSON.generate(json) if json
-      post.set_form_data(data) if data
+      if json
+        post.body = JSON.generate(json) if json
+        post.content_type = "application/json"
+      end
+
+      if data
+        post.set_form_data(data) if data
+        post.content_type = "application/x-www-form-urlencoded"
+      end
 
       request post
     end
@@ -65,10 +72,6 @@ module Mihari
 
     private
 
-    def content_type
-      headers["content-type"] || "application/json"
-    end
-
     #
     # Get options for HTTP request
     #
@@ -89,16 +92,9 @@ module Mihari
     #
     def request(req)
       Net::HTTP.start(url.host, url.port, https_options) do |http|
-        # set headers
-        headers.each do |k, v|
-          req[k] = v
-        end
-
         res = http.request(req)
-
         unless res.is_a?(Net::HTTPSuccess)
-          code = res.code.to_i
-          raise UnsuccessfulStatusCodeError, "Unsuccessful response code returned: #{code}"
+          raise UnsuccessfulStatusCodeError, "Unsuccessful response code returned: #{res.code}"
         end
 
         res

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "5.1.2"
+  VERSION = "5.1.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 5.1.2
+  version: 5.1.3
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-03-18 00:00:00.000000000 Z
+date: 2023-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -994,7 +994,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: A framework for continuous OSINT based threat hunting