mihari 5.2.1 → 5.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/lib/mihari/analyzers/base.rb +20 -115
- data/lib/mihari/analyzers/censys.rb +20 -2
- data/lib/mihari/analyzers/onyphe.rb +1 -1
- data/lib/mihari/analyzers/rule.rb +116 -60
- data/lib/mihari/analyzers/shodan.rb +1 -1
- data/lib/mihari/analyzers/urlscan.rb +6 -9
- data/lib/mihari/analyzers/virustotal_intelligence.rb +1 -5
- data/lib/mihari/cli/main.rb +2 -2
- data/lib/mihari/commands/search.rb +69 -0
- data/lib/mihari/mixins/error_notification.rb +0 -2
- data/lib/mihari/models/artifact.rb +1 -1
- data/lib/mihari/schemas/rule.rb +2 -17
- data/lib/mihari/structs/censys.rb +167 -11
- data/lib/mihari/structs/config.rb +28 -0
- data/lib/mihari/structs/google_public_dns.rb +39 -1
- data/lib/mihari/structs/greynoise.rb +93 -6
- data/lib/mihari/structs/ipinfo.rb +40 -0
- data/lib/mihari/structs/onyphe.rb +88 -6
- data/lib/mihari/structs/rule.rb +4 -2
- data/lib/mihari/structs/shodan.rb +138 -4
- data/lib/mihari/structs/urlscan.rb +98 -1
- data/lib/mihari/structs/virustotal_intelligence.rb +96 -1
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari.rb +1 -0
- data/mihari.gemspec +8 -7
- metadata +29 -30
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -43
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -15
- data/.github/workflows/test.yml +0 -90
- data/config/pre_commit.yml +0 -3
- data/docker/Dockerfile +0 -14
- data/examples/ipinfo_hosted_domains.rb +0 -45
- data/images/Tines-Full_Logo-Tines_Black.png +0 -0
- data/images/alert.png +0 -0
- data/images/logo.png +0 -0
- data/images/misp.png +0 -0
- data/images/overview.jpg +0 -0
- data/images/slack.png +0 -0
- data/images/tines.png +0 -0
- data/images/web_alerts.png +0 -0
- data/images/web_config.png +0 -0
- data/lib/mihari/commands/searcher.rb +0 -61
@@ -1,43 +0,0 @@
|
|
1
|
-
---
|
2
|
-
name: Bug report
|
3
|
-
about: Create a bug report to help us improve
|
4
|
-
title: "[BUG]"
|
5
|
-
labels: bug
|
6
|
-
assignees: ''
|
7
|
-
|
8
|
-
---
|
9
|
-
|
10
|
-
<!--
|
11
|
-
Thank you for taking the time to report a bug.
|
12
|
-
Please make sure there is no existing issue about this kind of bug.
|
13
|
-
-->
|
14
|
-
|
15
|
-
### **Describe the bug**
|
16
|
-
|
17
|
-
A clear and concise description of what the bug is.
|
18
|
-
|
19
|
-
### **Steps to reproduce**
|
20
|
-
|
21
|
-
- ...
|
22
|
-
|
23
|
-
### **Expected behavior**
|
24
|
-
|
25
|
-
A clear and concise description of what you expected to happen.
|
26
|
-
|
27
|
-
### **Actual behavior**
|
28
|
-
|
29
|
-
A clear and concise description of what actually happened.
|
30
|
-
|
31
|
-
### **Screenshots**
|
32
|
-
|
33
|
-
Add screenshots to help explain your problem.
|
34
|
-
|
35
|
-
### **System Information:**
|
36
|
-
|
37
|
-
- OS: [e.g. Windows10]
|
38
|
-
- Ruby version: [e.g. 3.0]
|
39
|
-
- Mihari version: [e.g. 2.0.0]
|
40
|
-
|
41
|
-
### **Additional context**
|
42
|
-
|
43
|
-
Add any other context about the problem here.
|
@@ -1,15 +0,0 @@
|
|
1
|
-
---
|
2
|
-
name: Feature request
|
3
|
-
about: Suggest a new Feature for Mihari
|
4
|
-
title: "[Feature Request]"
|
5
|
-
labels: enhancement
|
6
|
-
assignees: ''
|
7
|
-
|
8
|
-
---
|
9
|
-
<!--
|
10
|
-
|
11
|
-
1. Make sure your requested feature makes sense for Mihari.
|
12
|
-
|
13
|
-
2. If you want to suggest a new integration of a service, please provide detailed information of it. (e.g. API docs)
|
14
|
-
|
15
|
-
-->
|
data/.github/workflows/test.yml
DELETED
@@ -1,90 +0,0 @@
|
|
1
|
-
name: Ruby CI
|
2
|
-
|
3
|
-
on:
|
4
|
-
push:
|
5
|
-
branches: [master]
|
6
|
-
pull_request:
|
7
|
-
branches: [master]
|
8
|
-
|
9
|
-
jobs:
|
10
|
-
test:
|
11
|
-
runs-on: ubuntu-latest
|
12
|
-
|
13
|
-
services:
|
14
|
-
postgres:
|
15
|
-
image: postgres:12
|
16
|
-
env:
|
17
|
-
POSTGRES_USER: postgres
|
18
|
-
POSTGRES_PASSWORD: postgres
|
19
|
-
POSTGRES_DB: test
|
20
|
-
options: >-
|
21
|
-
--health-cmd pg_isready
|
22
|
-
--health-interval 10s
|
23
|
-
--health-timeout 5s
|
24
|
-
--health-retries 5
|
25
|
-
ports:
|
26
|
-
- 5432:5432
|
27
|
-
|
28
|
-
mysql:
|
29
|
-
image: mysql:8.0
|
30
|
-
env:
|
31
|
-
MYSQL_USER: mysql
|
32
|
-
MYSQL_PASSWORD: mysql
|
33
|
-
MYSQL_DATABASE: test
|
34
|
-
MYSQL_ROOT_PASSWORD: rootpassword
|
35
|
-
ports:
|
36
|
-
- 3306:3306
|
37
|
-
options: >-
|
38
|
-
--health-cmd="mysqladmin ping"
|
39
|
-
--health-interval=10s
|
40
|
-
--health-timeout=5s
|
41
|
-
--health-retries=3
|
42
|
-
|
43
|
-
strategy:
|
44
|
-
fail-fast: false
|
45
|
-
matrix:
|
46
|
-
ruby: [2.7, "3.0", 3.1, 3.2]
|
47
|
-
|
48
|
-
steps:
|
49
|
-
- uses: actions/checkout@v3
|
50
|
-
|
51
|
-
- name: Install dependencies
|
52
|
-
run: |
|
53
|
-
sudo apt-get -yqq install libpq-dev libmysqlclient-dev
|
54
|
-
|
55
|
-
- name: Set up Ruby
|
56
|
-
uses: ruby/setup-ruby@v1
|
57
|
-
with:
|
58
|
-
ruby-version: ${{ matrix.ruby }}
|
59
|
-
bundler: latest
|
60
|
-
bundler-cache: true
|
61
|
-
|
62
|
-
- name: Test with PostgreSQL
|
63
|
-
env:
|
64
|
-
DATABASE: postgresql://postgres:postgres@localhost:5432/test
|
65
|
-
run: |
|
66
|
-
bundle exec rake
|
67
|
-
|
68
|
-
- name: Test with MySQL
|
69
|
-
env:
|
70
|
-
DATABASE: mysql2://mysql:mysql@127.0.0.1:3306/test
|
71
|
-
run: |
|
72
|
-
bundle exec rake
|
73
|
-
|
74
|
-
- name: Coveralls Parallel
|
75
|
-
uses: coverallsapp/github-action@master
|
76
|
-
with:
|
77
|
-
github-token: ${{ secrets.github_token }}
|
78
|
-
flag-name: run-${{ matrix.ruby-version }}
|
79
|
-
parallel: true
|
80
|
-
|
81
|
-
coverage:
|
82
|
-
name: Coverage
|
83
|
-
needs: test
|
84
|
-
runs-on: ubuntu-latest
|
85
|
-
steps:
|
86
|
-
- name: Coveralls Finished
|
87
|
-
uses: coverallsapp/github-action@master
|
88
|
-
with:
|
89
|
-
github-token: ${{ secrets.github_token }}
|
90
|
-
parallel-finished: true
|
data/config/pre_commit.yml
DELETED
data/docker/Dockerfile
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
FROM ruby:3.1.3-alpine3.17
|
2
|
-
|
3
|
-
RUN apk --no-cache add git build-base ruby-dev sqlite-dev postgresql-dev mysql-client mysql-dev && \
|
4
|
-
gem install pg mysql2
|
5
|
-
|
6
|
-
ARG MIHARI_VERSION=5.1.0
|
7
|
-
|
8
|
-
RUN gem install mihari -v ${MIHARI_VERSION}
|
9
|
-
|
10
|
-
RUN apk del --purge git build-base ruby-dev
|
11
|
-
|
12
|
-
ENTRYPOINT ["mihari"]
|
13
|
-
|
14
|
-
CMD ["--help"]
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
4
|
-
|
5
|
-
require "json"
|
6
|
-
require "mihari"
|
7
|
-
require "open-uri"
|
8
|
-
|
9
|
-
module Mihari
|
10
|
-
module Analyzers
|
11
|
-
class HostedDomains < Base
|
12
|
-
attr_reader :ip
|
13
|
-
|
14
|
-
IPINFO_API_ENDPOINT = "https://ipinfo.io"
|
15
|
-
|
16
|
-
def initialize(ip, token: nil)
|
17
|
-
@ip = ip
|
18
|
-
@token = token
|
19
|
-
end
|
20
|
-
|
21
|
-
def title
|
22
|
-
"IPinfo hosted domains"
|
23
|
-
end
|
24
|
-
|
25
|
-
def description
|
26
|
-
"IP info hosted domains: #{ip}"
|
27
|
-
end
|
28
|
-
|
29
|
-
def token
|
30
|
-
ENV["IPINFO_TOKEN"] || @token
|
31
|
-
end
|
32
|
-
|
33
|
-
def artifacts
|
34
|
-
uri = URI("#{IPINFO_API_ENDPOINT}/domains/#{ip}?token=#{token}")
|
35
|
-
res = uri.read
|
36
|
-
json = JSON.parse(res)
|
37
|
-
json["domains"] || []
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
ip = "TARGET_IP"
|
44
|
-
analyzer = Mihari::Analyzers::HostedDomains.new(ip)
|
45
|
-
analyzer.run
|
Binary file
|
data/images/alert.png
DELETED
Binary file
|
data/images/logo.png
DELETED
Binary file
|
data/images/misp.png
DELETED
Binary file
|
data/images/overview.jpg
DELETED
Binary file
|
data/images/slack.png
DELETED
Binary file
|
data/images/tines.png
DELETED
Binary file
|
data/images/web_alerts.png
DELETED
Binary file
|
data/images/web_config.png
DELETED
Binary file
|
@@ -1,61 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Mihari
|
4
|
-
module Commands
|
5
|
-
module Searcher
|
6
|
-
include Mixins::ErrorNotification
|
7
|
-
|
8
|
-
def self.included(thor)
|
9
|
-
thor.class_eval do
|
10
|
-
desc "search [PATH]", "Search by a rule"
|
11
|
-
method_option :force_overwrite, type: :boolean, aliases: "-f", desc: "Force an overwrite the rule"
|
12
|
-
#
|
13
|
-
# Search by a rule
|
14
|
-
#
|
15
|
-
# @param [String] path_or_id
|
16
|
-
#
|
17
|
-
def search(path_or_id)
|
18
|
-
Mihari::Database.with_db_connection do
|
19
|
-
rule = Structs::Rule.from_path_or_id path_or_id
|
20
|
-
|
21
|
-
# validate
|
22
|
-
begin
|
23
|
-
rule.validate!
|
24
|
-
rescue RuleValidationError
|
25
|
-
return
|
26
|
-
end
|
27
|
-
|
28
|
-
force_overwrite = options["force_overwrite"] || false
|
29
|
-
|
30
|
-
begin
|
31
|
-
rule_model = Mihari::Rule.find(rule.id)
|
32
|
-
has_change = rule_model.data != rule.data.deep_stringify_keys
|
33
|
-
has_change_and_not_force_overwrite = has_change & !force_overwrite
|
34
|
-
|
35
|
-
if has_change_and_not_force_overwrite && !yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
|
36
|
-
return
|
37
|
-
end
|
38
|
-
|
39
|
-
# update the rule
|
40
|
-
rule.model.save
|
41
|
-
rescue ActiveRecord::RecordNotFound
|
42
|
-
# create a new rule
|
43
|
-
rule.model.save
|
44
|
-
end
|
45
|
-
|
46
|
-
with_error_notification do
|
47
|
-
alert = rule.analyzer.run
|
48
|
-
if alert
|
49
|
-
data = Mihari::Entities::Alert.represent(alert)
|
50
|
-
puts JSON.pretty_generate(data.as_json)
|
51
|
-
else
|
52
|
-
Mihari.logger.info "There is no new alert created in the database"
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|