RubyGems - mihari - Versions diffs - 5.4.2 → 5.4.4 - Mend

mihari 5.4.2 → 5.4.4

Files changed (90) hide show

checksums.yaml +4 -4
data/frontend/package-lock.json +2399 -1504
data/frontend/package.json +22 -22
data/lib/mihari/analyzers/base.rb +25 -14
data/lib/mihari/analyzers/binaryedge.rb +2 -48
data/lib/mihari/analyzers/censys.rb +4 -20
data/lib/mihari/analyzers/circl.rb +3 -27
data/lib/mihari/analyzers/crtsh.rb +2 -17
data/lib/mihari/analyzers/dnstwister.rb +2 -4
data/lib/mihari/analyzers/greynoise.rb +5 -4
data/lib/mihari/analyzers/hunterhow.rb +8 -23
data/lib/mihari/analyzers/onyphe.rb +5 -39
data/lib/mihari/analyzers/otx.rb +3 -39
data/lib/mihari/analyzers/passivetotal.rb +4 -42
data/lib/mihari/analyzers/pulsedive.rb +1 -1
data/lib/mihari/analyzers/rule.rb +18 -13
data/lib/mihari/analyzers/securitytrails.rb +4 -42
data/lib/mihari/analyzers/shodan.rb +7 -39
data/lib/mihari/analyzers/urlscan.rb +3 -39
data/lib/mihari/analyzers/virustotal.rb +1 -1
data/lib/mihari/analyzers/virustotal_intelligence.rb +2 -25
data/lib/mihari/analyzers/zoomeye.rb +18 -84
data/lib/mihari/clients/base.rb +9 -1
data/lib/mihari/clients/binaryedge.rb +26 -4
data/lib/mihari/clients/censys.rb +32 -2
data/lib/mihari/clients/circl.rb +28 -1
data/lib/mihari/clients/crtsh.rb +7 -2
data/lib/mihari/clients/dnstwister.rb +4 -2
data/lib/mihari/clients/greynoise.rb +31 -4
data/lib/mihari/clients/hunterhow.rb +41 -3
data/lib/mihari/clients/onyphe.rb +25 -3
data/lib/mihari/clients/otx.rb +40 -0
data/lib/mihari/clients/passivetotal.rb +33 -15
data/lib/mihari/clients/publsedive.rb +1 -1
data/lib/mihari/clients/securitytrails.rb +44 -0
data/lib/mihari/clients/shodan.rb +31 -3
data/lib/mihari/clients/urlscan.rb +32 -6
data/lib/mihari/clients/virustotal.rb +29 -4
data/lib/mihari/clients/zoomeye.rb +53 -2
data/lib/mihari/commands/alert.rb +42 -13
data/lib/mihari/commands/rule.rb +11 -7
data/lib/mihari/commands/search.rb +54 -22
data/lib/mihari/commands/web.rb +1 -1
data/lib/mihari/config.rb +6 -1
data/lib/mihari/emitters/base.rb +9 -3
data/lib/mihari/emitters/slack.rb +1 -1
data/lib/mihari/enrichers/base.rb +13 -0
data/lib/mihari/enrichers/google_public_dns.rb +16 -1
data/lib/mihari/enrichers/ipinfo.rb +9 -13
data/lib/mihari/enrichers/shodan.rb +1 -2
data/lib/mihari/enrichers/whois.rb +2 -2
data/lib/mihari/errors.rb +16 -10
data/lib/mihari/feed/parser.rb +2 -2
data/lib/mihari/models/artifact.rb +1 -1
data/lib/mihari/models/autonomous_system.rb +11 -5
data/lib/mihari/models/cpe.rb +10 -4
data/lib/mihari/models/dns.rb +11 -16
data/lib/mihari/models/geolocation.rb +11 -5
data/lib/mihari/models/port.rb +10 -4
data/lib/mihari/models/reverse_dns.rb +10 -4
data/lib/mihari/models/whois.rb +4 -1
data/lib/mihari/schemas/analyzer.rb +1 -0
data/lib/mihari/services/alert_builder.rb +43 -0
data/lib/mihari/services/alert_proxy.rb +7 -25
data/lib/mihari/services/alert_runner.rb +9 -0
data/lib/mihari/services/rule_builder.rb +47 -0
data/lib/mihari/services/rule_proxy.rb +5 -61
data/lib/mihari/services/rule_runner.rb +9 -4
data/lib/mihari/structs/binaryedge.rb +89 -0
data/lib/mihari/structs/censys.rb +11 -11
data/lib/mihari/structs/greynoise.rb +17 -8
data/lib/mihari/structs/onyphe.rb +7 -7
data/lib/mihari/structs/shodan.rb +7 -6
data/lib/mihari/structs/urlscan.rb +4 -6
data/lib/mihari/structs/virustotal_intelligence.rb +4 -6
data/lib/mihari/type_checker.rb +1 -1
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/endpoints/alerts.rb +33 -15
data/lib/mihari/web/endpoints/artifacts.rb +53 -25
data/lib/mihari/web/endpoints/configs.rb +2 -2
data/lib/mihari/web/endpoints/ip_addresses.rb +3 -5
data/lib/mihari/web/endpoints/rules.rb +97 -71
data/lib/mihari/web/endpoints/tags.rb +15 -5
data/lib/mihari/web/public/assets/index-ef33a6cd.js +1738 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +419 -382
data/lib/mihari.rb +4 -0
data/mihari.gemspec +10 -9
metadata +38 -21
data/lib/mihari/web/public/assets/index-4d7eda9f.js +0 -1738

data/lib/mihari/commands/alert.rb CHANGED Viewed

@@ -6,32 +6,61 @@ module Mihari
       class << self
         def included(thor)
           thor.class_eval do
+            include Dry::Monads[:result, :try]
             desc "add [PATH]", "Add an alert"
             #
             # @param [String] path
             #
             def add(path)
               Mihari::Database.with_db_connection do
-                proxy = Mihari::Services::AlertProxy.from_path(path)
-                proxy.validate!
+                builder = Mihari::Services::AlertBuilder.new(path)
+                run_proxy_l = ->(proxy) { run_proxy proxy }
+                check_nil_l = ->(alert_or_nil) { check_nil alert_or_nil }
-                runner = Mihari::Services::AlertRunner.new(proxy)
+                result = builder.result.bind(run_proxy_l).bind(check_nil_l)
-                begin
-                  alert = runner.run
-                rescue ActiveRecord::RecordNotFound => e
-                  # if there is a ActiveRecord::RecordNotFound, output that error without the stack trace
-                  Mihari.logger.error e.to_s
+                if result.success?
+                  alert = result.value!
+                  data = Mihari::Entities::Alert.represent(alert)
+                  puts JSON.pretty_generate(data.as_json)
                   return
                 end
-                if alert.nil?
-                  Mihari.logger.info "There is no new artifact found"
-                  return
+                failure = result.failure
+                case failure
+                when ValidationError
+                  Mihari.logger.error "Failed to parse the input as an alert:"
+                  Mihari.logger.error JSON.pretty_generate(failure.errors.to_h)
+                when StandardError
+                  raise failure
+                else
+                  Mihari.logger.info failure
                 end
+              end
+            end
+            no_commands do
+              #
+              # @param [Mihari::Services::AlertProxy] proxy
+              #
+              def run_proxy(proxy)
+                Dry::Monads::Try[StandardError] do
+                  runner = Mihari::Services::AlertRunner.new(proxy)
+                  runner.run
+                end.to_result
+              end
-                data = Mihari::Entities::Alert.represent(alert)
-                puts JSON.pretty_generate(data.as_json)
+              #
+              # @param [Mihari::Alert, nil] alert_or_nil
+              #
+              def check_nil(alert_or_nil)
+                if alert_or_nil.nil?
+                  Failure "There is no new artifact found"
+                else
+                  Success alert_or_nil
+                end
               end
             end
           end

data/lib/mihari/commands/rule.rb CHANGED Viewed

@@ -8,6 +8,8 @@ module Mihari
       class << self
         def included(thor)
           thor.class_eval do
+            include Dry::Monads[:result, :try]
             desc "validate [PATH]", "Validate a rule file"
             #
             # Validate format of a rule
@@ -15,15 +17,17 @@ module Mihari
             # @param [String] path
             #
             def validate(path)
-              rule = Services::RuleProxy.from_path_or_id(path)
-              begin
-                rule.validate!
+              res = Dry::Monads::Try[ValidationError] do
+                Services::RuleProxy.from_yaml(File.read(path))
+              end.fmap do |rule|
                 Mihari.logger.info "Valid format. The input is parsed as the following:"
                 Mihari.logger.info rule.data.to_yaml
-              rescue RuleValidationError
-                nil
               end
+              return unless res.error?
+              Mihari.logger.error "Failed to parse the input as a rule:"
+              Mihari.logger.error JSON.pretty_generate(res.exception.errors.to_h)
             end
             desc "init [PATH]", "Initialize a new rule file"
@@ -47,7 +51,7 @@ module Mihari
               # @return [Mihari::Services::Rule]
               #
               def rule_template
-                Services::RuleProxy.from_path File.expand_path("../templates/rule.yml.erb", __dir__)
+                Services::RuleProxy.from_yaml File.read(File.expand_path("../templates/rule.yml.erb", __dir__))
               end
               #

data/lib/mihari/commands/search.rb CHANGED Viewed

@@ -6,7 +6,9 @@ module Mihari
       class << self
         def included(thor)
           thor.class_eval do
-            desc "search [PATH]", "Search by a rule"
+            include Dry::Monads[:result, :try]
+            desc "search [PATH_OR_ID]", "Search by a rule"
             method_option :force_overwrite, type: :boolean, aliases: "-f", desc: "Force an overwrite the rule"
             #
             # Search by a rule
@@ -15,39 +17,69 @@ module Mihari
             #
             def search(path_or_id)
               Mihari::Database.with_db_connection do
-                rule = Services::RuleProxy.from_path_or_id path_or_id
+                builder = Services::RuleBuilder.new(path_or_id)
+                check_diff_l = ->(rule) { check_diff rule }
+                update_and_run_l = ->(runner) { update_and_run runner }
+                check_nil_l = ->(alert_or_nil) { check_nil alert_or_nil }
-                begin
-                  rule.validate!
-                rescue RuleValidationError
+                result = builder.result.bind(check_diff_l).bind(update_and_run_l).bind(check_nil_l)
+                if result.success?
+                  alert = result.value!
+                  data = Mihari::Entities::Alert.represent(alert)
+                  puts JSON.pretty_generate(data.as_json)
                   return
                 end
+                failure = result.failure
+                case failure
+                when ValidationError
+                  Mihari.logger.error "Failed to parse the input as a rule:"
+                  Mihari.logger.error JSON.pretty_generate(failure.errors.to_h)
+                when StandardError
+                  raise failure
+                else
+                  Mihari.logger.info failure
+                end
+              end
+            end
+            no_commands do
+              #
+              # @param [Mihari::Services::RuleProxy] rule
+              #
+              def check_diff(rule)
                 force_overwrite = options["force_overwrite"] || false
                 runner = Services::RuleRunner.new(rule, force_overwrite: force_overwrite)
+                message = "There is a diff in the rule (#{rule.id}). Are you sure you want to overwrite the rule? (y/n)"
-                if runner.diff? && !force_overwrite
-                  message = "There is diff in the rule (#{rule.id}). Are you sure you want to overwrite the rule? (y/n)"
-                  return unless yes?(message)
+                if runner.diff? && !force_overwrite && !yes?(message)
+                  return Failure("Stop overwriting the rule (#{rule.id})")
                 end
-                runner.update_or_create
-                begin
-                  alert = runner.run
-                rescue ConfigurationError => e
-                  # if there is a configuration error, output that error without the stack trace
-                  Mihari.logger.error e.to_s
-                  return
-                end
+                Success runner
+              end
-                if alert.nil?
-                  Mihari.logger.info "There is no new artifact found"
-                  return
+              #
+              # @param [Mihari::Alert, nil] alert_or_nil
+              #
+              def check_nil(alert_or_nil)
+                if alert_or_nil.nil?
+                  Failure "There is no new artifact found"
+                else
+                  Success alert_or_nil
                 end
+              end
-                data = Mihari::Entities::Alert.represent(alert)
-                puts JSON.pretty_generate(data.as_json)
+              #
+              # @param [Mihari::Services::RuleRunner] runner
+              #
+              def update_and_run(runner)
+                Dry::Monads::Try[StandardError] do
+                  runner.update_or_create
+                  runner.run
+                end.to_result
               end
             end
           end

data/lib/mihari/commands/web.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Mihari
             method_option :threads, type: :string, default: "0:5", desc: "min:max threads to use"
             method_option :verbose, type: :boolean, default: true, desc: "Report each request"
             method_option :worker_timeout, type: :numeric, default: 60, desc: "Worker timeout value (in seconds)"
-            method_option :hide_config_values, type: :boolean, default: false,
+            method_option :hide_config_values, type: :boolean, default: true,
               desc: "Whether to hide config values or not"
             method_option :open, type: :boolean, default: true, desc: "Whether to open the app in browser or not"
             method_option :rack_env, type: :string, default: "production", desc: "Rack environment"

data/lib/mihari/config.rb CHANGED Viewed

@@ -93,6 +93,9 @@ module Mihari
     # @return [Integer]
     attr_reader :pagination_limit
+    # @return [Boolean]
+    attr_reader :ignore_error
     def initialize
       @binaryedge_api_key = ENV.fetch("BINARYEDGE_API_KEY", nil)
@@ -141,12 +144,14 @@ module Mihari
       @sentry_dsn = ENV.fetch("SENTRY_DSN", nil)
-      @hide_config_values = ENV.fetch("HIDE_CONFIG_VALUES", false)
+      @hide_config_values = ENV.fetch("HIDE_CONFIG_VALUES", true)
       @retry_times = ENV.fetch("RETRY_TIMES", 3).to_i
       @retry_interval = ENV.fetch("RETRY_INTERVAL", 5).to_i
       @pagination_limit = ENV.fetch("PAGINATION_LIMIT", 100).to_i
+      @ignore_error = ENV.fetch("IGNORE_ERROR", false)
     end
   end
 end

data/lib/mihari/emitters/base.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 module Mihari
   module Emitters
     class Base
+      include Dry::Monads[:result, :try]
       include Mixins::Configurable
       include Mixins::Retriable
@@ -34,11 +36,15 @@ module Mihari
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
-      def run(**params)
-        retry_on_error { emit(**params) }
+      def run
+        retry_on_error { emit }
+      end
+      def result
+        Try[StandardError] { run }.to_result
       end
-      def emit(*)
+      def emit
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
     end

data/lib/mihari/emitters/slack.rb CHANGED Viewed

@@ -114,7 +114,7 @@ module Mihari
       # @return [String]
       def defanged_data
-        @defanged_data ||= data.to_s.gsub(/\./, "[.]")
+        @defanged_data ||= data.to_s.gsub(".", "[.]")
       end
     end

data/lib/mihari/enrichers/base.rb CHANGED Viewed

@@ -6,10 +6,23 @@ module Mihari
       include Mixins::Configurable
       class << self
+        include Dry::Monads[:result, :try]
         def inherited(child)
           super
           Mihari.enrichers << child
         end
+        def query_result(value)
+          Try[StandardError] { query(value) }.to_result
+        end
+        #
+        # @param [String] value
+        #
+        def query(value)
+          raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+        end
       end
       # @return [Boolean]

data/lib/mihari/enrichers/google_public_dns.rb CHANGED Viewed

@@ -11,15 +11,30 @@ module Mihari
       end
       class << self
+        include Dry::Monads[:result]
         #
         # Query Google Public DNS
         #
         # @param [String] name
+        #
+        # @return [Array<Mihari::Structs::Shodan::GooglePublicDNS::Response>]
+        #
+        def query(name)
+          %w[A AAAA CNAME TXT NS].filter_map do |resource_type|
+            query_by_type(name, resource_type)
+          end
+        end
+        #
+        # Query Google Public DNS by resource type
+        #
+        # @param [String] name
         # @param [String] resource_type
         #
         # @return [Mihari::Structs::Shodan::GooglePublicDNS::Response, nil]
         #
-        def query(name, resource_type)
+        def query_by_type(name, resource_type)
           url = "https://dns.google/resolve"
           params = { name: name, type: resource_type }
           res = HTTP.get(url, params: params)

data/lib/mihari/enrichers/ipinfo.rb CHANGED Viewed

@@ -17,6 +17,7 @@ module Mihari
       end
       class << self
+        include Dry::Monads[:result]
         include Memist::Memoizable
         #
@@ -28,20 +29,15 @@ module Mihari
         #
         def query(ip)
           headers = {}
           token = Mihari.config.ipinfo_api_key
-          unless token.nil?
-            headers[:authorization] = "Bearer #{token}"
-          end
-          begin
-            url = "https://ipinfo.io/#{ip}/json"
-            res = HTTP.get(url, headers: headers)
-            data = JSON.parse(res.body.to_s)
-            Structs::IPInfo::Response.from_dynamic! data
-          rescue HTTPError
-            nil
-          end
+          headers[:authorization] = "Bearer #{token}" unless token.nil?
+          url = "https://ipinfo.io/#{ip}/json"
+          res = HTTP.get(url, headers: headers)
+          data = JSON.parse(res.body.to_s)
+          Structs::IPInfo::Response.from_dynamic! data
         end
         memoize :query
       end

data/lib/mihari/enrichers/shodan.rb CHANGED Viewed

@@ -11,6 +11,7 @@ module Mihari
       end
       class << self
+        include Dry::Monads[:result]
         include Memist::Memoizable
         #
@@ -26,8 +27,6 @@ module Mihari
           data = JSON.parse(res.body.to_s)
           Structs::Shodan::InternetDBResponse.from_dynamic! data
-        rescue HTTPError
-          nil
         end
         memoize :query
       end

data/lib/mihari/enrichers/whois.rb CHANGED Viewed

@@ -14,6 +14,8 @@ module Mihari
       end
       class << self
+        include Dry::Monads[:result]
         #
         # Query IAIA Whois API
         #
@@ -47,8 +49,6 @@ module Mihari
           # set memo
           @memo[domain] = whois_record
           whois_record
-        rescue ::Whois::Error, ::Whois::ParserError, Timeout::Error
-          nil
         end
         def reset_cache

data/lib/mihari/errors.rb CHANGED Viewed

@@ -3,22 +3,14 @@
 module Mihari
   class Error < StandardError; end
-  class InvalidInputError < Error; end
+  class ValueError < Error; end
-  class InvalidArtifactFormatError < Error; end
+  class TypeError < Error; end
   class RetryableError < Error; end
   class FileNotFoundError < Error; end
-  class FeedParseError < Error; end
-  class RuleValidationError < Error; end
-  class AlertValidationError < Error; end
-  class YAMLSyntaxError < Error; end
   class ConfigurationError < Error; end
   # errors for HTTP interactions
@@ -49,4 +41,18 @@ module Mihari
       @body = body
     end
   end
+  class ValidationError < Error
+    attr_reader :errors
+    #
+    # @param [String] msg
+    # @param [Dry::Schema::MessageSet] errors
+    #
+    def initialize(msg, errors)
+      super(msg)
+      @errors = errors
+    end
+  end
 end

data/lib/mihari/feed/parser.rb CHANGED Viewed

@@ -25,8 +25,8 @@ module Mihari
       def parse(selector)
         parsed = data.instance_eval(selector)
-        raise FeedParseError unless parsed.is_a?(Array) || parsed.is_a?(Enumerator)
-        raise FeedParseError unless parsed.all?(String)
+        raise TypeError unless parsed.is_a?(Array) || parsed.is_a?(Enumerator)
+        raise TypeError unless parsed.all?(String)
         parsed.to_a
       end

data/lib/mihari/models/artifact.rb CHANGED Viewed

@@ -35,7 +35,7 @@ module Mihari
       attrs = args.first || kwargs
       data_ = attrs[:data]
-      raise InvalidArtifactFormatError if data_.is_a?(Array) || data_.is_a?(Hash)
+      raise TypeError if data_.is_a?(Array) || data_.is_a?(Hash)
       super(*args, **kwargs)

data/lib/mihari/models/autonomous_system.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
     class << self
+      include Dry::Monads[:result]
       #
       # Build AS
       #
@@ -13,11 +15,15 @@ module Mihari
       # @return [Mihari::AutonomousSystem, nil]
       #
       def build_by_ip(ip)
-        res = Enrichers::IPInfo.query(ip)
-        return nil if res.nil? || res.asn.nil?
-        new(asn: res.asn)
+        result = Enrichers::IPInfo.query_result(ip).bind do |res|
+          value = res&.asn
+          if value.nil?
+            Success nil
+          else
+            Success new(asn: value)
+          end
+        end
+        result.value_or nil
       end
     end
   end

data/lib/mihari/models/cpe.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
     class << self
+      include Dry::Monads[:result]
       #
       # Build CPEs
       #
@@ -13,10 +15,14 @@ module Mihari
       # @return [Array<Mihari::CPE>]
       #
       def build_by_ip(ip)
-        res = Enrichers::Shodan.query(ip)
-        return [] if res.nil?
-        res.cpes.map { |cpe| new(cpe: cpe) }
+        result = Enrichers::Shodan.query_result(ip).bind do |res|
+          if res.nil?
+            Success []
+          else
+            Success(res.cpes.map { |cpe| new(cpe: cpe) })
+          end
+        end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/dns.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
     class << self
+      include Dry::Monads[:result]
       #
       # Build DNS records
       #
@@ -13,23 +15,16 @@ module Mihari
       # @return [Array<Mihari::DnsRecord>]
       #
       def build_by_domain(domain)
-        resource_types = %w[A AAAA CNAME TXT NS]
-        resource_types.map do |resource_type|
-          get_values domain, resource_type
-        rescue Resolv::ResolvError
-          nil
-        end.flatten.compact
-      end
-      private
-      def get_values(domain, resource_type)
-        response = Enrichers::GooglePublicDNS.query(domain, resource_type)
-        answers = response.answers || []
-        answers.filter_map do |answer|
-          new(resource: answer.resource_type, value: answer.data)
+        result = Enrichers::GooglePublicDNS.query_result(domain).bind do |responses|
+          Success(
+            responses.map do |res|
+              res.answers.map do |answer|
+                new(resource: answer.resource_type, value: answer.data)
+              end
+            end.flatten
+          )
         end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/geolocation.rb CHANGED Viewed

@@ -7,6 +7,8 @@ module Mihari
     belongs_to :artifact
     class << self
+      include Dry::Monads[:result]
       #
       # Build Geolocation
       #
@@ -15,11 +17,15 @@ module Mihari
       # @return [Mihari::Geolocation, nil]
       #
       def build_by_ip(ip)
-        res = Enrichers::IPInfo.query(ip)
-        return nil if res&.country_code.nil?
-        new(country: NormalizeCountry(res.country_code, to: :short), country_code: res.country_code)
+        result = Enrichers::IPInfo.query_result(ip).bind do |res|
+          value = res&.country_code
+          if value.nil?
+            Success nil
+          else
+            Success new(country: NormalizeCountry(value, to: :short), country_code: value)
+          end
+        end
+        result.value_or nil
       end
     end
   end

data/lib/mihari/models/port.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
     class << self
+      include Dry::Monads[:result]
       #
       # Build ports
       #
@@ -13,10 +15,14 @@ module Mihari
       # @return [Array<Mihari::Port>]
       #
       def build_by_ip(ip)
-        res = Enrichers::Shodan.query(ip)
-        return [] if res.nil?
-        res.ports.map { |port| new(port: port) }
+        result = Enrichers::Shodan.query_result(ip).bind do |res|
+          if res.nil?
+            Success []
+          else
+            Success(res.ports.map { |port| new(port: port) })
+          end
+        end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/reverse_dns.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
     class << self
+      include Dry::Monads[:result]
       #
       # Build reverse DNS names
       #
@@ -13,10 +15,14 @@ module Mihari
       # @return [Array<Mihari::ReverseDnsName>]
       #
       def build_by_ip(ip)
-        res = Enrichers::Shodan.query(ip)
-        return [] if res.nil?
-        res.hostnames.map { |name| new(name: name) }
+        result = Enrichers::Shodan.query_result(ip).bind do |res|
+          if res.nil?
+            Success []
+          else
+            Success(res.hostnames.map { |name| new(name: name) })
+          end
+        end
+        result.value_or []
       end
     end
   end