RubyGems - mihari - Versions diffs - 5.2.1 → 5.2.3 - Mend

mihari 5.2.1 → 5.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

checksums.yaml +4 -4
data/.rubocop.yml +2 -0
data/lib/mihari/analyzers/base.rb +20 -115
data/lib/mihari/analyzers/binaryedge.rb +0 -1
data/lib/mihari/analyzers/censys.rb +26 -3
data/lib/mihari/analyzers/circl.rb +1 -1
data/lib/mihari/analyzers/onyphe.rb +1 -1
data/lib/mihari/analyzers/passivetotal.rb +1 -1
data/lib/mihari/analyzers/rule.rb +122 -75
data/lib/mihari/analyzers/shodan.rb +1 -1
data/lib/mihari/analyzers/urlscan.rb +6 -9
data/lib/mihari/analyzers/virustotal_intelligence.rb +1 -6
data/lib/mihari/cli/main.rb +2 -2
data/lib/mihari/clients/base.rb +1 -1
data/lib/mihari/commands/database.rb +12 -11
data/lib/mihari/commands/rule.rb +47 -45
data/lib/mihari/commands/search.rb +88 -0
data/lib/mihari/commands/version.rb +8 -6
data/lib/mihari/commands/web.rb +26 -23
data/lib/mihari/emitters/base.rb +14 -1
data/lib/mihari/emitters/database.rb +3 -10
data/lib/mihari/emitters/misp.rb +16 -5
data/lib/mihari/emitters/slack.rb +13 -15
data/lib/mihari/emitters/the_hive.rb +17 -19
data/lib/mihari/emitters/webhook.rb +23 -23
data/lib/mihari/enrichers/whois.rb +1 -0
data/lib/mihari/feed/parser.rb +1 -0
data/lib/mihari/feed/reader.rb +29 -14
data/lib/mihari/mixins/configurable.rb +13 -4
data/lib/mihari/mixins/error_notification.rb +0 -2
data/lib/mihari/models/artifact.rb +1 -1
data/lib/mihari/schemas/rule.rb +2 -17
data/lib/mihari/structs/censys.rb +226 -56
data/lib/mihari/structs/config.rb +48 -18
data/lib/mihari/structs/google_public_dns.rb +56 -14
data/lib/mihari/structs/greynoise.rb +122 -29
data/lib/mihari/structs/ipinfo.rb +40 -0
data/lib/mihari/structs/onyphe.rb +112 -26
data/lib/mihari/structs/rule.rb +4 -2
data/lib/mihari/structs/shodan.rb +189 -47
data/lib/mihari/structs/urlscan.rb +123 -20
data/lib/mihari/structs/virustotal_intelligence.rb +129 -26
data/lib/mihari/type_checker.rb +10 -8
data/lib/mihari/version.rb +1 -1
data/lib/mihari.rb +1 -0
data/mihari.gemspec +11 -10
metadata +35 -36
data/.github/ISSUE_TEMPLATE/bug_report.md +0 -43
data/.github/ISSUE_TEMPLATE/feature_request.md +0 -15
data/.github/workflows/test.yml +0 -90
data/config/pre_commit.yml +0 -3
data/docker/Dockerfile +0 -14
data/examples/ipinfo_hosted_domains.rb +0 -45
data/images/Tines-Full_Logo-Tines_Black.png +0 -0
data/images/alert.png +0 -0
data/images/logo.png +0 -0
data/images/misp.png +0 -0
data/images/overview.jpg +0 -0
data/images/slack.png +0 -0
data/images/tines.png +0 -0
data/images/web_alerts.png +0 -0
data/images/web_config.png +0 -0
data/lib/mihari/commands/searcher.rb +0 -61

data/lib/mihari/structs/shodan.rb CHANGED Viewed

@@ -7,6 +7,20 @@ module Mihari
         attribute :country_code, Types::String.optional
         attribute :country_name, Types::String.optional
+        #
+        # @return [String, nil]
+        #
+        def country_code
+          attributes[:country_code]
+        end
+        #
+        # @return [String, nil]
+        #
+        def country_name
+          attributes[:country_name]
+        end
         #
         # @return [Mihari::Geolocation, nil]
         #
@@ -19,12 +33,19 @@ module Mihari
           )
         end
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            country_code: d["country_code"],
-            country_name: d["country_name"]
-          )
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Location]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              country_code: d["country_code"],
+              country_name: d["country_name"]
+            )
+          end
         end
       end
@@ -39,6 +60,48 @@ module Mihari
         attribute :port, Types::Integer
         attribute :metadata, Types::Hash
+        #
+        # @return [String, nil]
+        #
+        def asn
+          attributes[:asn]
+        end
+        #
+        # @return [Array<String>]
+        #
+        def hostnames
+          attributes[:hostnames]
+        end
+        #
+        # @return [Location]
+        #
+        def location
+          attributes[:location]
+        end
+        #
+        # @return [String]
+        #
+        def ip_str
+          attributes[:ip_str]
+        end
+        #
+        # @return [Integer]
+        #
+        def port
+          attributes[:port]
+        end
+        #
+        # @return [Hash]
+        #
+        def metadata
+          attributes[:metadata]
+        end
         #
         # @return [Mihari::AutonomousSystem, nil]
         #
@@ -48,25 +111,32 @@ module Mihari
           Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
         end
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          # hostnames should be an array of string but sometimes Shodan returns a string
-          # e.g. "hostnames": "set(['149.28.146.131.vultr.com', 'rebs.ga'])",
-          # https://github.com/ninoseki/mihari/issues/424
-          # so use an empty array if hostnames is a string
-          hostnames = d.fetch("hostnames")
-          hostnames = [] if hostnames.is_a?(String)
-          new(
-            asn: d["asn"],
-            hostnames: hostnames,
-            location: Location.from_dynamic!(d.fetch("location")),
-            domains: d.fetch("domains"),
-            ip_str: d.fetch("ip_str"),
-            port: d.fetch("port"),
-            metadata: d
-          )
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Match]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            # hostnames should be an array of string but sometimes Shodan returns a string
+            # e.g. "hostnames": "set(['149.28.146.131.vultr.com', 'rebs.ga'])",
+            # https://github.com/ninoseki/mihari/issues/424
+            # so use an empty array if hostnames is a string
+            hostnames = d.fetch("hostnames")
+            hostnames = [] if hostnames.is_a?(String)
+            new(
+              asn: d["asn"],
+              hostnames: hostnames,
+              location: Location.from_dynamic!(d.fetch("location")),
+              domains: d.fetch("domains"),
+              ip_str: d.fetch("ip_str"),
+              port: d.fetch("port"),
+              metadata: d
+            )
+          end
         end
       end
@@ -74,6 +144,20 @@ module Mihari
         attribute :matches, Types.Array(Match)
         attribute :total, Types::Int
+        #
+        # @return [Array<Match>]
+        #
+        def matches
+          attributes[:matches]
+        end
+        #
+        # @return [Integer]
+        #
+        def total
+          attributes[:total]
+        end
         #
         # Collect metadata from matches
         #
@@ -107,12 +191,10 @@ module Mihari
           matches.select { |match| match.ip_str == ip }.map(&:hostnames).flatten.uniq
         end
-        #
-        # @param [Source] source
         #
         # @return [Array<Mihari::Artifact>]
         #
-        def to_artifacts(source = "Shodan")
+        def to_artifacts
           matches.map do |match|
             metadata = collect_metadata_by_ip(match.ip_str)
             ports = collect_ports_by_ip(match.ip_str).map do |port|
@@ -124,7 +206,6 @@ module Mihari
             Mihari::Artifact.new(
               data: match.ip_str,
-              source: source,
               metadata: metadata,
               autonomous_system: match.to_asn,
               geolocation: match.location.to_geolocation,
@@ -134,12 +215,19 @@ module Mihari
           end
         end
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            matches: d.fetch("matches", []).map { |x| Match.from_dynamic!(x) },
-            total: d.fetch("total")
-          )
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Result]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              matches: d.fetch("matches", []).map { |x| Match.from_dynamic!(x) },
+              total: d.fetch("total")
+            )
+          end
         end
       end
@@ -151,20 +239,74 @@ module Mihari
         attribute :tags, Types.Array(Types::String)
         attribute :vulns, Types.Array(Types::String)
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            ip: d.fetch("ip"),
-            ports: d.fetch("ports"),
-            cpes: d.fetch("cpes"),
-            hostnames: d.fetch("hostnames"),
-            tags: d.fetch("tags"),
-            vulns: d.fetch("vulns")
-          )
+        #
+        # @return [String]
+        #
+        def ip
+          attributes[:ip]
+        end
+        #
+        # @return [Array<Integer>]
+        #
+        def ports
+          attributes[:ports]
+        end
+        #
+        # @return [Array<String>]
+        #
+        def cpes
+          attributes[:cpes]
         end
-        def self.from_json!(json)
-          from_dynamic!(JSON.parse(json))
+        #
+        # @return [Array<String>]
+        #
+        def hostnames
+          attributes[:hostnames]
+        end
+        #
+        # @return [Array<String>]
+        #
+        def tags
+          attributes[:tags]
+        end
+        #
+        # @return [Array<String>]
+        #
+        def vulns
+          attributes[:vulns]
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [InternetDBResponse]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              ip: d.fetch("ip"),
+              ports: d.fetch("ports"),
+              cpes: d.fetch("cpes"),
+              hostnames: d.fetch("hostnames"),
+              tags: d.fetch("tags"),
+              vulns: d.fetch("vulns")
+            )
+          end
+          #
+          # @param [String] json
+          #
+          # @return [InternetDBResponse]
+          #
+          def from_json!(json)
+            from_dynamic!(JSON.parse(json))
+          end
         end
       end
     end

data/lib/mihari/structs/urlscan.rb CHANGED Viewed

@@ -8,13 +8,41 @@ module Mihari
         attribute :ip, Types::String.optional
         attribute :url, Types::String
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            domain: d["domain"],
-            ip: d["ip"],
-            url: d.fetch("url")
-          )
+        #
+        # @return [String, nil]
+        #
+        def domain
+          attributes[:domain]
+        end
+        #
+        # @return [String, nil]
+        #
+        def ip
+          attributes[:ip]
+        end
+        #
+        # @return [String]
+        #
+        def url
+          attributes[:url]
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Page]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              domain: d["domain"],
+              ip: d["ip"],
+              url: d.fetch("url")
+            )
+          end
         end
       end
@@ -22,14 +50,61 @@ module Mihari
         attribute :page, Page
         attribute :id, Types::String
         attribute :sort, Types.Array(Types::String | Types::Integer)
+        attribute :metadata, Types::Hash
+        #
+        # @return [Page]
+        #
+        def page
+          attributes[:page]
+        end
+        #
+        # @return [String]
+        #
+        def id
+          attributes[:id]
+        end
+        #
+        # @return [Array<String, Integer>]
+        #
+        def sort
+          attributes[:sort]
+        end
+        #
+        # @return [Array<String, Integer>]
+        #
+        def metadata
+          attributes[:metadata]
+        end
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            page: Page.from_dynamic!(d.fetch("page")),
-            id: d.fetch("_id"),
-            sort: d.fetch("sort")
-          )
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts
+          values = [page.url, page.domain, page.ip].compact
+          values.map do |value|
+            Mihari::Artifact.new(data: value, metadata: metadata)
+          end
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Result]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              page: Page.from_dynamic!(d.fetch("page")),
+              id: d.fetch("_id"),
+              sort: d.fetch("sort"),
+              metadata: d
+            )
+          end
         end
       end
@@ -37,12 +112,40 @@ module Mihari
         attribute :results, Types.Array(Result)
         attribute :has_more, Types::Bool
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            results: d.fetch("results").map { |x| Result.from_dynamic!(x) },
-            has_more: d.fetch("has_more")
-          )
+        #
+        # @return [Array<Result>]
+        #
+        def results
+          attributes[:results]
+        end
+        #
+        # @return [Boolean]
+        #
+        def has_more
+          attributes[:has_more]
+        end
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts
+          results.map(&:to_artifacts).flatten
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Response]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              results: d.fetch("results").map { |x| Result.from_dynamic!(x) },
+              has_more: d.fetch("has_more")
+            )
+          end
         end
       end
     end

data/lib/mihari/structs/virustotal_intelligence.rb CHANGED Viewed

@@ -6,11 +6,25 @@ module Mihari
       class ContextAttributes < Dry::Struct
         attribute :url, Types::String.optional
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            url: d["url"]
-          )
+        #
+        # @return [String, nil]
+        #
+        def url
+          attributes[:url]
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [ContextAttributes]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              url: d["url"]
+            )
+          end
         end
       end
@@ -20,6 +34,37 @@ module Mihari
         attribute :context_attributes, ContextAttributes.optional
         attribute :metadata, Types::Hash
+        #
+        # @return [String]
+        #
+        def type
+          attributes[:type]
+        end
+        #
+        # @return [String]
+        #
+        def id
+          attributes[:id]
+        end
+        #
+        # @return [ContextAttributes, nil]
+        #
+        def context_attributes
+          attributes[:context_attributes]
+        end
+        #
+        # @return [Hash, nil]
+        #
+        def metadata
+          attributes[:metadata]
+        end
+        #
+        # @return [String, nil]
+        #
         def value
           case type
           when "file"
@@ -33,29 +78,59 @@ module Mihari
           end
         end
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
+        #
+        # @return [Mihari::Artifact]
+        #
+        def to_artifact
+          Artifact.new(data: value, metadata: metadata)
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Datum]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
-          context_attributes = nil
-          context_attributes = ContextAttributes.from_dynamic!(d.fetch("context_attributes")) if d.key?("context_attributes")
+            context_attributes = nil
+            if d.key?("context_attributes")
+              context_attributes = ContextAttributes.from_dynamic!(d.fetch("context_attributes"))
+            end
-          new(
-            type: d.fetch("type"),
-            id: d.fetch("id"),
-            context_attributes: context_attributes,
-            metadata: d
-          )
+            new(
+              type: d.fetch("type"),
+              id: d.fetch("id"),
+              context_attributes: context_attributes,
+              metadata: d
+            )
+          end
         end
       end
       class Meta < Dry::Struct
         attribute :cursor, Types::String.optional
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            cursor: d["cursor"]
-          )
+        #
+        # @return [String, nil]
+        #
+        def cursor
+          attributes[:cursor]
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Meta]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              cursor: d["cursor"]
+            )
+          end
         end
       end
@@ -63,12 +138,40 @@ module Mihari
         attribute :meta, Meta
         attribute :data, Types.Array(Datum)
-        def self.from_dynamic!(d)
-          d = Types::Hash[d]
-          new(
-            meta: Meta.from_dynamic!(d.fetch("meta")),
-            data: d.fetch("data").map { |x| Datum.from_dynamic!(x) }
-          )
+        #
+        # @return [Meta]
+        #
+        def meta
+          attributes[:meta]
+        end
+        #
+        # @return [Array<Datum>]
+        #
+        def data
+          attributes[:data]
+        end
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts
+          data.map(&:to_artifact)
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Response]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              meta: Meta.from_dynamic!(d.fetch("meta")),
+              data: d.fetch("data").map { |x| Datum.from_dynamic!(x) }
+            )
+          end
         end
       end
     end

data/lib/mihari/type_checker.rb CHANGED Viewed

@@ -67,14 +67,16 @@ module Mihari
       type
     end
-    # @return [String, nil]
-    def self.type(data)
-      new(data).type
-    end
-    # @return [String, nil]
-    def self.detailed_type(data)
-      new(data).detailed_type
+    class << self
+      # @return [String, nil]
+      def type(data)
+        new(data).type
+      end
+      # @return [String, nil]
+      def detailed_type(data)
+        new(data).detailed_type
+      end
     end
     private

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "5.2.1"
+  VERSION = "5.2.3"
 end

data/lib/mihari.rb CHANGED Viewed

@@ -254,6 +254,7 @@ require "mihari/analyzers/urlscan"
 require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"
 require "mihari/analyzers/zoomeye"
 require "mihari/analyzers/rule"
 # Entities