mihari 5.2.1 → 5.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +2 -0
  3. data/lib/mihari/analyzers/base.rb +20 -115
  4. data/lib/mihari/analyzers/censys.rb +20 -2
  5. data/lib/mihari/analyzers/onyphe.rb +1 -1
  6. data/lib/mihari/analyzers/rule.rb +116 -60
  7. data/lib/mihari/analyzers/shodan.rb +1 -1
  8. data/lib/mihari/analyzers/urlscan.rb +6 -9
  9. data/lib/mihari/analyzers/virustotal_intelligence.rb +1 -5
  10. data/lib/mihari/cli/main.rb +2 -2
  11. data/lib/mihari/commands/search.rb +69 -0
  12. data/lib/mihari/mixins/error_notification.rb +0 -2
  13. data/lib/mihari/models/artifact.rb +1 -1
  14. data/lib/mihari/schemas/rule.rb +2 -17
  15. data/lib/mihari/structs/censys.rb +167 -11
  16. data/lib/mihari/structs/config.rb +28 -0
  17. data/lib/mihari/structs/google_public_dns.rb +39 -1
  18. data/lib/mihari/structs/greynoise.rb +93 -6
  19. data/lib/mihari/structs/ipinfo.rb +40 -0
  20. data/lib/mihari/structs/onyphe.rb +88 -6
  21. data/lib/mihari/structs/rule.rb +4 -2
  22. data/lib/mihari/structs/shodan.rb +138 -4
  23. data/lib/mihari/structs/urlscan.rb +98 -1
  24. data/lib/mihari/structs/virustotal_intelligence.rb +96 -1
  25. data/lib/mihari/version.rb +1 -1
  26. data/lib/mihari.rb +1 -0
  27. data/mihari.gemspec +8 -7
  28. metadata +29 -30
  29. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -43
  30. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -15
  31. data/.github/workflows/test.yml +0 -90
  32. data/config/pre_commit.yml +0 -3
  33. data/docker/Dockerfile +0 -14
  34. data/examples/ipinfo_hosted_domains.rb +0 -45
  35. data/images/Tines-Full_Logo-Tines_Black.png +0 -0
  36. data/images/alert.png +0 -0
  37. data/images/logo.png +0 -0
  38. data/images/misp.png +0 -0
  39. data/images/overview.jpg +0 -0
  40. data/images/slack.png +0 -0
  41. data/images/tines.png +0 -0
  42. data/images/web_alerts.png +0 -0
  43. data/images/web_config.png +0 -0
  44. data/lib/mihari/commands/searcher.rb +0 -61
@@ -1,43 +0,0 @@
1
- ---
2
- name: Bug report
3
- about: Create a bug report to help us improve
4
- title: "[BUG]"
5
- labels: bug
6
- assignees: ''
7
-
8
- ---
9
-
10
- <!--
11
- Thank you for taking the time to report a bug.
12
- Please make sure there is no existing issue about this kind of bug.
13
- -->
14
-
15
- ### **Describe the bug**
16
-
17
- A clear and concise description of what the bug is.
18
-
19
- ### **Steps to reproduce**
20
-
21
- - ...
22
-
23
- ### **Expected behavior**
24
-
25
- A clear and concise description of what you expected to happen.
26
-
27
- ### **Actual behavior**
28
-
29
- A clear and concise description of what actually happened.
30
-
31
- ### **Screenshots**
32
-
33
- Add screenshots to help explain your problem.
34
-
35
- ### **System Information:**
36
-
37
- - OS: [e.g. Windows10]
38
- - Ruby version: [e.g. 3.0]
39
- - Mihari version: [e.g. 2.0.0]
40
-
41
- ### **Additional context**
42
-
43
- Add any other context about the problem here.
@@ -1,15 +0,0 @@
1
- ---
2
- name: Feature request
3
- about: Suggest a new Feature for Mihari
4
- title: "[Feature Request]"
5
- labels: enhancement
6
- assignees: ''
7
-
8
- ---
9
- <!--
10
-
11
- 1. Make sure your requested feature makes sense for Mihari.
12
-
13
- 2. If you want to suggest a new integration of a service, please provide detailed information of it. (e.g. API docs)
14
-
15
- -->
@@ -1,90 +0,0 @@
1
- name: Ruby CI
2
-
3
- on:
4
- push:
5
- branches: [master]
6
- pull_request:
7
- branches: [master]
8
-
9
- jobs:
10
- test:
11
- runs-on: ubuntu-latest
12
-
13
- services:
14
- postgres:
15
- image: postgres:12
16
- env:
17
- POSTGRES_USER: postgres
18
- POSTGRES_PASSWORD: postgres
19
- POSTGRES_DB: test
20
- options: >-
21
- --health-cmd pg_isready
22
- --health-interval 10s
23
- --health-timeout 5s
24
- --health-retries 5
25
- ports:
26
- - 5432:5432
27
-
28
- mysql:
29
- image: mysql:8.0
30
- env:
31
- MYSQL_USER: mysql
32
- MYSQL_PASSWORD: mysql
33
- MYSQL_DATABASE: test
34
- MYSQL_ROOT_PASSWORD: rootpassword
35
- ports:
36
- - 3306:3306
37
- options: >-
38
- --health-cmd="mysqladmin ping"
39
- --health-interval=10s
40
- --health-timeout=5s
41
- --health-retries=3
42
-
43
- strategy:
44
- fail-fast: false
45
- matrix:
46
- ruby: [2.7, "3.0", 3.1, 3.2]
47
-
48
- steps:
49
- - uses: actions/checkout@v3
50
-
51
- - name: Install dependencies
52
- run: |
53
- sudo apt-get -yqq install libpq-dev libmysqlclient-dev
54
-
55
- - name: Set up Ruby
56
- uses: ruby/setup-ruby@v1
57
- with:
58
- ruby-version: ${{ matrix.ruby }}
59
- bundler: latest
60
- bundler-cache: true
61
-
62
- - name: Test with PostgreSQL
63
- env:
64
- DATABASE: postgresql://postgres:postgres@localhost:5432/test
65
- run: |
66
- bundle exec rake
67
-
68
- - name: Test with MySQL
69
- env:
70
- DATABASE: mysql2://mysql:mysql@127.0.0.1:3306/test
71
- run: |
72
- bundle exec rake
73
-
74
- - name: Coveralls Parallel
75
- uses: coverallsapp/github-action@master
76
- with:
77
- github-token: ${{ secrets.github_token }}
78
- flag-name: run-${{ matrix.ruby-version }}
79
- parallel: true
80
-
81
- coverage:
82
- name: Coverage
83
- needs: test
84
- runs-on: ubuntu-latest
85
- steps:
86
- - name: Coveralls Finished
87
- uses: coverallsapp/github-action@master
88
- with:
89
- github-token: ${{ secrets.github_token }}
90
- parallel-finished: true
@@ -1,3 +0,0 @@
1
- ---
2
- :checks_add:
3
- - :rubocop
data/docker/Dockerfile DELETED
@@ -1,14 +0,0 @@
1
- FROM ruby:3.1.3-alpine3.17
2
-
3
- RUN apk --no-cache add git build-base ruby-dev sqlite-dev postgresql-dev mysql-client mysql-dev && \
4
- gem install pg mysql2
5
-
6
- ARG MIHARI_VERSION=5.1.0
7
-
8
- RUN gem install mihari -v ${MIHARI_VERSION}
9
-
10
- RUN apk del --purge git build-base ruby-dev
11
-
12
- ENTRYPOINT ["mihari"]
13
-
14
- CMD ["--help"]
@@ -1,45 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- $LOAD_PATH.unshift("#{__dir__}/../lib")
4
-
5
- require "json"
6
- require "mihari"
7
- require "open-uri"
8
-
9
- module Mihari
10
- module Analyzers
11
- class HostedDomains < Base
12
- attr_reader :ip
13
-
14
- IPINFO_API_ENDPOINT = "https://ipinfo.io"
15
-
16
- def initialize(ip, token: nil)
17
- @ip = ip
18
- @token = token
19
- end
20
-
21
- def title
22
- "IPinfo hosted domains"
23
- end
24
-
25
- def description
26
- "IP info hosted domains: #{ip}"
27
- end
28
-
29
- def token
30
- ENV["IPINFO_TOKEN"] || @token
31
- end
32
-
33
- def artifacts
34
- uri = URI("#{IPINFO_API_ENDPOINT}/domains/#{ip}?token=#{token}")
35
- res = uri.read
36
- json = JSON.parse(res)
37
- json["domains"] || []
38
- end
39
- end
40
- end
41
- end
42
-
43
- ip = "TARGET_IP"
44
- analyzer = Mihari::Analyzers::HostedDomains.new(ip)
45
- analyzer.run
Binary file
data/images/alert.png DELETED
Binary file
data/images/logo.png DELETED
Binary file
data/images/misp.png DELETED
Binary file
data/images/overview.jpg DELETED
Binary file
data/images/slack.png DELETED
Binary file
data/images/tines.png DELETED
Binary file
Binary file
Binary file
@@ -1,61 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Mihari
4
- module Commands
5
- module Searcher
6
- include Mixins::ErrorNotification
7
-
8
- def self.included(thor)
9
- thor.class_eval do
10
- desc "search [PATH]", "Search by a rule"
11
- method_option :force_overwrite, type: :boolean, aliases: "-f", desc: "Force an overwrite the rule"
12
- #
13
- # Search by a rule
14
- #
15
- # @param [String] path_or_id
16
- #
17
- def search(path_or_id)
18
- Mihari::Database.with_db_connection do
19
- rule = Structs::Rule.from_path_or_id path_or_id
20
-
21
- # validate
22
- begin
23
- rule.validate!
24
- rescue RuleValidationError
25
- return
26
- end
27
-
28
- force_overwrite = options["force_overwrite"] || false
29
-
30
- begin
31
- rule_model = Mihari::Rule.find(rule.id)
32
- has_change = rule_model.data != rule.data.deep_stringify_keys
33
- has_change_and_not_force_overwrite = has_change & !force_overwrite
34
-
35
- if has_change_and_not_force_overwrite && !yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
36
- return
37
- end
38
-
39
- # update the rule
40
- rule.model.save
41
- rescue ActiveRecord::RecordNotFound
42
- # create a new rule
43
- rule.model.save
44
- end
45
-
46
- with_error_notification do
47
- alert = rule.analyzer.run
48
- if alert
49
- data = Mihari::Entities::Alert.represent(alert)
50
- puts JSON.pretty_generate(data.as_json)
51
- else
52
- Mihari.logger.info "There is no new alert created in the database"
53
- end
54
- end
55
- end
56
- end
57
- end
58
- end
59
- end
60
- end
61
- end