mihari 5.4.3 → 5.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -25
- data/docs/alternatives.md +5 -0
- data/docs/analyzers/binaryedge.md +21 -0
- data/docs/analyzers/censys.md +23 -0
- data/docs/analyzers/circl.md +29 -0
- data/docs/analyzers/crtsh.md +25 -0
- data/docs/analyzers/dnstwister.md +23 -0
- data/docs/analyzers/feed.md +49 -0
- data/docs/analyzers/greynoise.md +21 -0
- data/docs/analyzers/hunterhow.md +25 -0
- data/docs/analyzers/index.md +79 -0
- data/docs/analyzers/onyphe.md +21 -0
- data/docs/analyzers/otx.md +23 -0
- data/docs/analyzers/passivetotal.md +36 -0
- data/docs/analyzers/pulsedive.md +23 -0
- data/docs/analyzers/securitytrails.md +32 -0
- data/docs/analyzers/shodan.md +21 -0
- data/docs/analyzers/urlscan.md +23 -0
- data/docs/analyzers/virustotal.md +34 -0
- data/docs/analyzers/virustotal_intelligence.md +22 -0
- data/docs/analyzers/zoomeye.md +25 -0
- data/docs/configuration.md +35 -0
- data/docs/emitters/database.md +22 -0
- data/docs/emitters/hive.md +18 -0
- data/docs/emitters/index.md +7 -0
- data/docs/emitters/misp.md +16 -0
- data/docs/emitters/slack.md +16 -0
- data/docs/emitters/webhook.md +63 -0
- data/docs/enrichers/google_public_dns.md +19 -0
- data/docs/enrichers/index.md +6 -0
- data/docs/enrichers/ipinfo.md +19 -0
- data/docs/enrichers/shodan.md +22 -0
- data/docs/enrichers/whois.md +17 -0
- data/docs/github_actions.md +43 -0
- data/docs/index.md +13 -0
- data/docs/installation.md +31 -0
- data/docs/requirements.md +20 -0
- data/docs/rule.md +165 -0
- data/docs/tags.md +3 -0
- data/docs/usage.md +100 -0
- data/frontend/package-lock.json +2414 -1516
- data/frontend/package.json +22 -22
- data/lib/mihari/analyzers/base.rb +25 -10
- data/lib/mihari/analyzers/binaryedge.rb +1 -7
- data/lib/mihari/analyzers/circl.rb +1 -1
- data/lib/mihari/analyzers/dnstwister.rb +1 -1
- data/lib/mihari/analyzers/otx.rb +1 -1
- data/lib/mihari/analyzers/passivetotal.rb +1 -1
- data/lib/mihari/analyzers/pulsedive.rb +1 -1
- data/lib/mihari/analyzers/rule.rb +18 -13
- data/lib/mihari/analyzers/securitytrails.rb +1 -1
- data/lib/mihari/analyzers/urlscan.rb +1 -1
- data/lib/mihari/analyzers/virustotal.rb +1 -1
- data/lib/mihari/analyzers/zoomeye.rb +1 -1
- data/lib/mihari/clients/binaryedge.rb +4 -7
- data/lib/mihari/clients/crtsh.rb +1 -3
- data/lib/mihari/clients/publsedive.rb +1 -1
- data/lib/mihari/clients/shodan.rb +2 -2
- data/lib/mihari/commands/alert.rb +42 -13
- data/lib/mihari/commands/rule.rb +11 -7
- data/lib/mihari/commands/search.rb +54 -22
- data/lib/mihari/config.rb +5 -0
- data/lib/mihari/emitters/base.rb +9 -3
- data/lib/mihari/emitters/slack.rb +1 -1
- data/lib/mihari/enrichers/base.rb +13 -0
- data/lib/mihari/enrichers/google_public_dns.rb +16 -1
- data/lib/mihari/enrichers/ipinfo.rb +9 -13
- data/lib/mihari/enrichers/shodan.rb +1 -2
- data/lib/mihari/enrichers/whois.rb +2 -2
- data/lib/mihari/errors.rb +16 -10
- data/lib/mihari/feed/parser.rb +2 -2
- data/lib/mihari/models/artifact.rb +1 -1
- data/lib/mihari/models/autonomous_system.rb +11 -5
- data/lib/mihari/models/cpe.rb +10 -4
- data/lib/mihari/models/dns.rb +11 -16
- data/lib/mihari/models/geolocation.rb +11 -5
- data/lib/mihari/models/port.rb +10 -4
- data/lib/mihari/models/reverse_dns.rb +10 -4
- data/lib/mihari/models/whois.rb +4 -1
- data/lib/mihari/schemas/analyzer.rb +1 -0
- data/lib/mihari/services/alert_builder.rb +43 -0
- data/lib/mihari/services/alert_proxy.rb +7 -25
- data/lib/mihari/services/alert_runner.rb +9 -0
- data/lib/mihari/services/rule_builder.rb +47 -0
- data/lib/mihari/services/rule_proxy.rb +5 -61
- data/lib/mihari/services/rule_runner.rb +9 -4
- data/lib/mihari/structs/binaryedge.rb +89 -0
- data/lib/mihari/structs/shodan.rb +2 -1
- data/lib/mihari/structs/urlscan.rb +1 -3
- data/lib/mihari/structs/virustotal_intelligence.rb +1 -3
- data/lib/mihari/type_checker.rb +1 -1
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/alerts.rb +33 -15
- data/lib/mihari/web/endpoints/artifacts.rb +53 -25
- data/lib/mihari/web/endpoints/configs.rb +2 -2
- data/lib/mihari/web/endpoints/ip_addresses.rb +3 -5
- data/lib/mihari/web/endpoints/rules.rb +97 -71
- data/lib/mihari/web/endpoints/tags.rb +15 -5
- data/lib/mihari/web/public/assets/index-0a5a47bf.js +1740 -0
- data/lib/mihari/web/public/index.html +1 -1
- data/lib/mihari/web/public/redoc-static.html +419 -382
- data/lib/mihari.rb +4 -0
- data/mihari.gemspec +6 -5
- data/mkdocs.yml +35 -0
- data/requirements.txt +2 -0
- metadata +70 -12
- data/lib/mihari/web/public/assets/index-4d7eda9f.js +0 -1738
@@ -61,15 +61,23 @@ module Mihari
|
|
61
61
|
requires :id, type: String
|
62
62
|
end
|
63
63
|
get "/:id" do
|
64
|
+
extend Dry::Monads[:result, :try]
|
65
|
+
|
64
66
|
id = params["id"].to_s
|
65
67
|
|
66
|
-
|
67
|
-
|
68
|
-
|
68
|
+
result = Try do
|
69
|
+
Mihari::Rule.find(id)
|
70
|
+
end.to_result
|
71
|
+
|
72
|
+
return present(result.value!, with: Entities::Rule) if result.success?
|
73
|
+
|
74
|
+
failure = result.failure
|
75
|
+
case failure
|
76
|
+
when ActiveRecord::RecordNotFound
|
69
77
|
error!({ message: "ID:#{id} is not found" }, 404)
|
78
|
+
else
|
79
|
+
raise failure
|
70
80
|
end
|
71
|
-
|
72
|
-
present rule, with: Entities::Rule
|
73
81
|
end
|
74
82
|
|
75
83
|
desc "Run a rule", {
|
@@ -80,19 +88,27 @@ module Mihari
|
|
80
88
|
requires :id, type: String
|
81
89
|
end
|
82
90
|
get "/:id/run" do
|
91
|
+
extend Dry::Monads[:result, :try]
|
92
|
+
|
83
93
|
id = params["id"].to_s
|
84
94
|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
error!({ message: "ID:#{id} is not found" }, 404)
|
89
|
-
end
|
95
|
+
result = Try do
|
96
|
+
Mihari::Services::RuleProxy.from_model(Mihari::Rule.find(id))
|
97
|
+
end.to_result
|
90
98
|
|
91
|
-
|
92
|
-
|
99
|
+
if result.success?
|
100
|
+
result.value!.analyzer.run
|
101
|
+
status 201
|
102
|
+
return present({ message: "ID:#{id} is ran successfully" }, with: Entities::Message)
|
103
|
+
end
|
93
104
|
|
94
|
-
|
95
|
-
|
105
|
+
failure = result.failure
|
106
|
+
case failure
|
107
|
+
when ActiveRecord::RecordNotFound
|
108
|
+
error!({ message: "ID:#{id} is not found" }, 404)
|
109
|
+
else
|
110
|
+
raise failure
|
111
|
+
end
|
96
112
|
end
|
97
113
|
|
98
114
|
desc "Create a rule", {
|
@@ -103,39 +119,38 @@ module Mihari
|
|
103
119
|
requires :yaml, type: String, documentation: { param_type: "body" }
|
104
120
|
end
|
105
121
|
post "/" do
|
106
|
-
|
122
|
+
extend Dry::Monads[:result, :try]
|
107
123
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
124
|
+
yaml = params[:yaml]
|
125
|
+
result = Try do
|
126
|
+
Services::RuleProxy.from_yaml(yaml)
|
127
|
+
end.to_result.bind do |rule|
|
128
|
+
Try do
|
129
|
+
found = Mihari::Rule.find_by_id(rule.id)
|
130
|
+
error!({ message: "ID:#{rule.id} is already registered" }, 400) unless found.nil?
|
131
|
+
rule
|
132
|
+
end.to_result
|
133
|
+
end.bind do |rule|
|
134
|
+
Try do
|
135
|
+
rule.model.save
|
136
|
+
rule
|
137
|
+
end.to_result
|
112
138
|
end
|
113
139
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
error!({ message: "ID:#{rule.id} is already registered" }, 400)
|
118
|
-
rescue ActiveRecord::RecordNotFound
|
119
|
-
# do nothing
|
140
|
+
if result.success?
|
141
|
+
status 201
|
142
|
+
return present(result.value!.model, with: Entities::Rule)
|
120
143
|
end
|
121
144
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
error!({ message:
|
126
|
-
|
127
|
-
|
128
|
-
|
145
|
+
failure = result.failure
|
146
|
+
case failure
|
147
|
+
when Psych::SyntaxError
|
148
|
+
error!({ message: failure.message }, 400)
|
149
|
+
when ValidationError
|
150
|
+
error!({ message: "Data format is invalid", details: failure.errors.to_h }, 400)
|
151
|
+
else
|
152
|
+
raise failure
|
129
153
|
end
|
130
|
-
|
131
|
-
begin
|
132
|
-
rule.model.save
|
133
|
-
rescue ActiveRecord::RecordNotUnique
|
134
|
-
error!({ message: "ID:#{rule.id} is already registered" }, 400)
|
135
|
-
end
|
136
|
-
|
137
|
-
status 201
|
138
|
-
present rule.model, with: Entities::Rule
|
139
154
|
end
|
140
155
|
|
141
156
|
desc "Update a rule", {
|
@@ -147,38 +162,40 @@ module Mihari
|
|
147
162
|
requires :yaml, type: String, documentation: { param_type: "body" }
|
148
163
|
end
|
149
164
|
put "/" do
|
165
|
+
extend Dry::Monads[:result, :try]
|
166
|
+
|
150
167
|
id = params[:id]
|
151
168
|
yaml = params[:yaml]
|
152
169
|
|
153
|
-
|
170
|
+
result = Try do
|
154
171
|
Mihari::Rule.find(id)
|
155
|
-
|
156
|
-
|
172
|
+
end.to_result.bind do |_|
|
173
|
+
Try do
|
174
|
+
Services::RuleProxy.from_yaml(yaml)
|
175
|
+
end.to_result
|
176
|
+
end.bind do |rule|
|
177
|
+
Try do
|
178
|
+
rule.model.save
|
179
|
+
rule
|
180
|
+
end.to_result
|
157
181
|
end
|
158
182
|
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
error!({ message: e.message }, 400)
|
183
|
+
if result.success?
|
184
|
+
status 201
|
185
|
+
return present(result.value!.model, with: Entities::Rule)
|
163
186
|
end
|
164
187
|
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
error!({ message: "
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
rule.model.save
|
176
|
-
rescue ActiveRecord::RecordNotUnique
|
177
|
-
error!({ message: "ID:#{id} is already registered" }, 400)
|
188
|
+
failure = result.failure
|
189
|
+
case failure
|
190
|
+
when ActiveRecord::RecordNotFound
|
191
|
+
error!({ message: "ID:#{id} is not found" }, 404)
|
192
|
+
when Psych::SyntaxError
|
193
|
+
error!({ message: failure.message }, 400)
|
194
|
+
when ValidationError
|
195
|
+
error!({ message: "Data format is invalid", details: failure.errors.to_h }, 400)
|
196
|
+
else
|
197
|
+
raise failure
|
178
198
|
end
|
179
|
-
|
180
|
-
status 201
|
181
|
-
present rule.model, with: Entities::Rule
|
182
199
|
end
|
183
200
|
|
184
201
|
desc "Delete a rule", {
|
@@ -190,18 +207,27 @@ module Mihari
|
|
190
207
|
requires :id, type: String
|
191
208
|
end
|
192
209
|
delete "/:id" do
|
210
|
+
extend Dry::Monads[:result, :try]
|
211
|
+
|
193
212
|
id = params["id"].to_s
|
194
213
|
|
195
|
-
|
214
|
+
result = Try do
|
196
215
|
rule = Mihari::Rule.find(id)
|
197
|
-
|
198
|
-
|
199
|
-
end
|
216
|
+
rule.destroy
|
217
|
+
end.to_result
|
200
218
|
|
201
|
-
|
219
|
+
if result.success?
|
220
|
+
status 204
|
221
|
+
return present({ message: "ID:#{id} is deleted" }, with: Entities::Message)
|
222
|
+
end
|
202
223
|
|
203
|
-
|
204
|
-
|
224
|
+
failure = result.failure
|
225
|
+
case failure
|
226
|
+
when ActiveRecord::RecordNotFound
|
227
|
+
error!({ message: "ID:#{id} is not found" }, 404)
|
228
|
+
else
|
229
|
+
raise failure
|
230
|
+
end
|
205
231
|
end
|
206
232
|
end
|
207
233
|
end
|
@@ -23,16 +23,26 @@ module Mihari
|
|
23
23
|
requires :name, type: String
|
24
24
|
end
|
25
25
|
delete "/:name" do
|
26
|
+
extend Dry::Monads[:result, :try]
|
27
|
+
|
26
28
|
name = params[:name].to_s
|
27
29
|
|
28
|
-
|
30
|
+
result = Try do
|
29
31
|
Mihari::Tag.where(name: name).destroy_all
|
30
|
-
|
31
|
-
|
32
|
+
end.to_result
|
33
|
+
|
34
|
+
if result.success?
|
35
|
+
status 204
|
36
|
+
return present({ message: "" }, with: Entities::Message)
|
32
37
|
end
|
33
38
|
|
34
|
-
|
35
|
-
|
39
|
+
failure = result.failure
|
40
|
+
case failure
|
41
|
+
when ActiveRecord::RecordNotFound
|
42
|
+
error!({ message: "Name:#{name} is not found" }, 404)
|
43
|
+
else
|
44
|
+
raise failure
|
45
|
+
end
|
36
46
|
end
|
37
47
|
end
|
38
48
|
end
|