RubyGems - mihari - Versions diffs - 5.3.2 → 5.4.1 - Mend

mihari 5.3.2 → 5.4.1

Files changed (33) hide show

checksums.yaml +4 -4
data/README.md +1 -0
data/frontend/package-lock.json +298 -235
data/frontend/package.json +7 -7
data/lib/mihari/analyzers/base.rb +10 -3
data/lib/mihari/analyzers/binaryedge.rb +5 -5
data/lib/mihari/analyzers/censys.rb +3 -3
data/lib/mihari/analyzers/circl.rb +2 -2
data/lib/mihari/analyzers/greynoise.rb +2 -2
data/lib/mihari/analyzers/hunterhow.rb +68 -0
data/lib/mihari/analyzers/onyphe.rb +5 -5
data/lib/mihari/analyzers/otx.rb +2 -2
data/lib/mihari/analyzers/passivetotal.rb +2 -2
data/lib/mihari/analyzers/pulsedive.rb +2 -2
data/lib/mihari/analyzers/rule.rb +14 -12
data/lib/mihari/analyzers/securitytrails.rb +2 -2
data/lib/mihari/analyzers/shodan.rb +5 -5
data/lib/mihari/analyzers/urlscan.rb +3 -3
data/lib/mihari/analyzers/virustotal.rb +2 -2
data/lib/mihari/analyzers/virustotal_intelligence.rb +3 -3
data/lib/mihari/analyzers/zoomeye.rb +6 -6
data/lib/mihari/clients/hunterhow.rb +47 -0
data/lib/mihari/config.rb +45 -26
data/lib/mihari/constants.rb +0 -3
data/lib/mihari/schemas/analyzer.rb +12 -2
data/lib/mihari/schemas/rule.rb +1 -1
data/lib/mihari/structs/hunterhow.rb +104 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/public/assets/{index-116033d0.js → index-61dc587c.js} +34 -33
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari.rb +3 -0
data/mihari.gemspec +1 -1
metadata +8 -5

data/lib/mihari/config.rb CHANGED Viewed

@@ -1,86 +1,98 @@
 module Mihari
   class Config
     # @return [String, nil]
-    attr_accessor :binaryedge_api_key
+    attr_reader :binaryedge_api_key
     # @return [String, nil]
-    attr_accessor :censys_id
+    attr_reader :censys_id
     # @return [String, nil]
-    attr_accessor :censys_secret
+    attr_reader :censys_secret
     # @return [String, nil]
-    attr_accessor :circl_passive_password
+    attr_reader :circl_passive_password
     # @return [String, nil]
-    attr_accessor :circl_passive_username
+    attr_reader :circl_passive_username
     # @return [URI]
-    attr_accessor :database_url
+    attr_reader :database_url
     # @return [String, nil]
-    attr_accessor :greynoise_api_key
+    attr_reader :greynoise_api_key
     # @return [String, nil]
-    attr_accessor :ipinfo_api_key
+    attr_reader :hunterhow_api_key
     # @return [String, nil]
-    attr_accessor :misp_url
+    attr_reader :ipinfo_api_key
     # @return [String, nil]
-    attr_accessor :misp_api_key
+    attr_reader :misp_url
     # @return [String, nil]
-    attr_accessor :onyphe_api_key
+    attr_reader :misp_api_key
     # @return [String, nil]
-    attr_accessor :otx_api_key
+    attr_reader :onyphe_api_key
     # @return [String, nil]
-    attr_accessor :passivetotal_api_key
+    attr_reader :otx_api_key
     # @return [String, nil]
-    attr_accessor :passivetotal_username
+    attr_reader :passivetotal_api_key
     # @return [String, nil]
-    attr_accessor :pulsedive_api_key
+    attr_reader :passivetotal_username
     # @return [String, nil]
-    attr_accessor :securitytrails_api_key
+    attr_reader :pulsedive_api_key
     # @return [String, nil]
-    attr_accessor :shodan_api_key
+    attr_reader :securitytrails_api_key
     # @return [String, nil]
-    attr_accessor :slack_channel
+    attr_reader :shodan_api_key
     # @return [String, nil]
-    attr_accessor :slack_webhook_url
+    attr_reader :slack_channel
     # @return [String, nil]
-    attr_accessor :thehive_url
+    attr_reader :slack_webhook_url
     # @return [String, nil]
-    attr_accessor :thehive_api_key
+    attr_reader :thehive_url
     # @return [String, nil]
-    attr_accessor :thehive_api_version
+    attr_reader :thehive_api_key
     # @return [String, nil]
-    attr_accessor :urlscan_api_key
+    attr_reader :thehive_api_version
     # @return [String, nil]
-    attr_accessor :virustotal_api_key
+    attr_reader :urlscan_api_key
     # @return [String, nil]
-    attr_accessor :zoomeye_api_key
+    attr_reader :virustotal_api_key
     # @return [String, nil]
-    attr_accessor :sentry_dsn
+    attr_reader :zoomeye_api_key
     # @return [String, nil]
+    attr_reader :sentry_dsn
+    # @return [Boolean]
     attr_accessor :hide_config_values
+    # @return [Integer]
+    attr_reader :retry_interval
+    # @return [Integer]
+    attr_reader :retry_times
+    # @return [Integer]
+    attr_reader :pagination_limit
     def initialize
       @binaryedge_api_key = ENV.fetch("BINARYEDGE_API_KEY", nil)
@@ -96,6 +108,8 @@ module Mihari
       @ipinfo_api_key = ENV.fetch("IPINFO_API_KEY", nil)
+      @hunterhow_api_key = ENV.fetch("HUNTERHOW_API_KEY", nil)
       @misp_url = ENV.fetch("MISP_URL", nil)
       @misp_api_key = ENV.fetch("MISP_API_KEY", nil)
@@ -128,6 +142,11 @@ module Mihari
       @sentry_dsn = ENV.fetch("SENTRY_DSN", nil)
       @hide_config_values = ENV.fetch("HIDE_CONFIG_VALUES", false)
+      @retry_times = ENV.fetch("RETRY_TIMES", 3).to_i
+      @retry_interval = ENV.fetch("RETRY_INTERVAL", 5).to_i
+      @pagination_limit = ENV.fetch("PAGINATION_LIMIT", 1000).to_i
     end
   end
 end

data/lib/mihari/constants.rb CHANGED Viewed

@@ -9,7 +9,4 @@ module Mihari
   # @return [Array<Hash>]
   DEFAULT_ENRICHERS = %w[whois ipinfo shodan google_public_dns].map { |name| { enricher: name } }.freeze
-  DEFAULT_RETRY_TIMES = 3
-  DEFAULT_RETRY_INTERVAL = 5
 end

data/lib/mihari/schemas/analyzer.rb CHANGED Viewed

@@ -4,8 +4,9 @@ module Mihari
   module Schemas
     AnalyzerOptions = Dry::Schema.Params do
       optional(:interval).value(:integer)
-      optional(:retry_times).value(:integer).default(DEFAULT_RETRY_TIMES)
-      optional(:retry_interval).value(:integer).default(DEFAULT_RETRY_INTERVAL)
+      optional(:pagination_limit).value(:integer).default(Mihari.config.pagination_limit)
+      optional(:retry_times).value(:integer).default(Mihari.config.retry_times)
+      optional(:retry_interval).value(:integer).default(Mihari.config.retry_interval)
     end
     AnalyzerWithoutAPIKey = Dry::Schema.Params do
@@ -75,6 +76,15 @@ module Mihari
       optional(:options).hash(AnalyzerOptions)
     end
+    HunterHow = Dry::Schema.Params do
+      required(:analyzer).value(Types::String.enum("hunterhow"))
+      required(:query).value(:string)
+      required(:start_time).value(:date)
+      required(:end_time).value(:date)
+      optional(:api_key).value(:string)
+      optional(:options).hash(AnalyzerOptions)
+    end
     Feed = Dry::Schema.Params do
       required(:analyzer).value(Types::String.enum("feed"))
       required(:query).value(:string)

data/lib/mihari/schemas/rule.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Mihari
       optional(:updated_on).value(:date)
       required(:queries).value(:array).each do
-        AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Crtsh | Feed
+        AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Crtsh | Feed | HunterHow
       end
       optional(:emitters).value(:array).each { Database | MISP | TheHive | Slack | Webhook }.default(DEFAULT_EMITTERS)

data/lib/mihari/structs/hunterhow.rb ADDED Viewed

@@ -0,0 +1,104 @@
+module Mihari
+  module Structs
+    module HunterHow
+      class ListItem < Dry::Struct
+        attribute :domain, Types::String
+        attribute :ip, Types::String
+        attribute :port, Types::Integer
+        #
+        # @return [String]
+        #
+        def ip
+          attributes[:ip]
+        end
+        #
+        # @return [Mihari::Artifact]
+        #
+        def artifact
+          Artifact.new(data: ip)
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [ListItem]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              domain: d.fetch("domain"),
+              ip: d.fetch("ip"),
+              port: d.fetch("port")
+            )
+          end
+        end
+      end
+      class DataClass < Dry::Struct
+        attribute :list, Types.Array(ListItem)
+        attribute :total, Types::Integer
+        #
+        # @return [Array<ListItem>]
+        #
+        def list
+          attributes[:list]
+        end
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def artifacts
+          list.map(&:artifact)
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [DataClass]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              list: d.fetch("list").map { |x| ListItem.from_dynamic!(x) },
+              total: d.fetch("total")
+            )
+          end
+        end
+      end
+      class Response < Dry::Struct
+        attribute :code, Types::Integer
+        attribute :data, DataClass
+        attribute :message, Types::String
+        #
+        # @return [DataClass]
+        #
+        def data
+          attributes[:data]
+        end
+        class << self
+          #
+          # @param [Hash] d
+          #
+          # @return [Response]
+          #
+          def from_dynamic!(d)
+            d = Types::Hash[d]
+            new(
+              code: d.fetch("code"),
+              data: DataClass.from_dynamic!(d.fetch("data")),
+              message: d.fetch("message")
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "5.3.2"
+  VERSION = "5.4.1"
 end