mihari 5.4.9 → 5.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/docs/analyzers/binaryedge.md +2 -2
- data/docs/analyzers/censys.md +3 -3
- data/docs/analyzers/circl.md +3 -3
- data/docs/analyzers/crtsh.md +2 -2
- data/docs/analyzers/dnstwister.md +1 -1
- data/docs/analyzers/feed.md +7 -7
- data/docs/analyzers/greynoise.md +2 -2
- data/docs/analyzers/hunterhow.md +4 -4
- data/docs/analyzers/index.md +13 -8
- data/docs/analyzers/onyphe.md +2 -2
- data/docs/analyzers/otx.md +2 -2
- data/docs/analyzers/passivetotal.md +7 -3
- data/docs/analyzers/pulsedive.md +2 -2
- data/docs/analyzers/securitytrails.md +6 -2
- data/docs/analyzers/shodan.md +2 -2
- data/docs/analyzers/urlscan.md +2 -2
- data/docs/analyzers/virustotal.md +6 -2
- data/docs/analyzers/virustotal_intelligence.md +6 -2
- data/docs/analyzers/zoomeye.md +3 -3
- data/docs/emitters/hive.md +4 -4
- data/docs/emitters/index.md +29 -0
- data/docs/emitters/misp.md +2 -2
- data/docs/emitters/slack.md +2 -7
- data/docs/emitters/webhook.md +4 -4
- data/docs/enrichers/index.md +29 -0
- data/docs/enrichers/ipinfo.md +7 -0
- data/docs/index.md +0 -2
- data/docs/installation.md +1 -1
- data/docs/rule.md +12 -15
- data/docs/usage.md +5 -2
- data/frontend/package-lock.json +294 -2772
- data/frontend/package.json +10 -10
- data/frontend/src/components/ErrorMessage.vue +0 -1
- data/frontend/src/components/alert/Alerts.vue +0 -1
- data/frontend/src/components/alert/AlertsWithPagination.vue +0 -1
- data/frontend/src/components/alert/AlertsWrapper.vue +0 -6
- data/frontend/src/components/alert/Form.vue +1 -3
- data/frontend/src/components/artifact/Artifact.vue +0 -17
- data/frontend/src/components/artifact/ArtifactWrapper.vue +0 -2
- data/frontend/src/components/artifact/WhoisRecord.vue +0 -3
- data/frontend/src/components/config/ConfigsWrapper.vue +0 -2
- data/frontend/src/components/rule/EditRule.vue +0 -3
- data/frontend/src/components/rule/EditRuleWrapper.vue +0 -2
- data/frontend/src/components/rule/Form.vue +1 -3
- data/frontend/src/components/rule/NewRule.vue +0 -3
- data/frontend/src/components/rule/Rule.vue +1 -7
- data/frontend/src/components/rule/RuleWrapper.vue +0 -2
- data/frontend/src/components/rule/RulesWrapper.vue +0 -6
- data/frontend/src/swagger.yaml +254 -254
- data/lib/mihari/analyzers/base.rb +7 -37
- data/lib/mihari/analyzers/binaryedge.rb +5 -1
- data/lib/mihari/analyzers/censys.rb +6 -1
- data/lib/mihari/analyzers/greynoise.rb +5 -1
- data/lib/mihari/analyzers/hunterhow.rb +5 -1
- data/lib/mihari/analyzers/onyphe.rb +5 -1
- data/lib/mihari/analyzers/passivetotal.rb +9 -0
- data/lib/mihari/analyzers/pulsedive.rb +1 -1
- data/lib/mihari/analyzers/rule.rb +55 -54
- data/lib/mihari/analyzers/securitytrails.rb +9 -0
- data/lib/mihari/analyzers/shodan.rb +5 -1
- data/lib/mihari/analyzers/urlscan.rb +5 -1
- data/lib/mihari/analyzers/virustotal.rb +11 -2
- data/lib/mihari/analyzers/virustotal_intelligence.rb +21 -1
- data/lib/mihari/analyzers/zoomeye.rb +7 -3
- data/lib/mihari/base.rb +69 -0
- data/lib/mihari/cli/main.rb +36 -0
- data/lib/mihari/clients/base.rb +7 -7
- data/lib/mihari/clients/binaryedge.rb +10 -4
- data/lib/mihari/clients/censys.rb +11 -4
- data/lib/mihari/clients/greynoise.rb +10 -4
- data/lib/mihari/clients/hunterhow.rb +10 -4
- data/lib/mihari/clients/misp.rb +3 -2
- data/lib/mihari/clients/onyphe.rb +10 -4
- data/lib/mihari/clients/shodan.rb +10 -4
- data/lib/mihari/clients/the_hive.rb +3 -2
- data/lib/mihari/clients/urlscan.rb +9 -3
- data/lib/mihari/clients/virustotal.rb +10 -4
- data/lib/mihari/clients/zoomeye.rb +11 -5
- data/lib/mihari/commands/alert.rb +6 -33
- data/lib/mihari/commands/rule.rb +7 -12
- data/lib/mihari/commands/search.rb +10 -38
- data/lib/mihari/config.rb +8 -0
- data/lib/mihari/constants.rb +3 -3
- data/lib/mihari/emitters/base.rb +22 -15
- data/lib/mihari/emitters/database.rb +1 -1
- data/lib/mihari/emitters/misp.rb +7 -6
- data/lib/mihari/emitters/slack.rb +24 -6
- data/lib/mihari/emitters/the_hive.rb +8 -7
- data/lib/mihari/emitters/webhook.rb +31 -29
- data/lib/mihari/enrichers/base.rb +25 -19
- data/lib/mihari/enrichers/google_public_dns.rb +38 -38
- data/lib/mihari/enrichers/ipinfo.rb +32 -34
- data/lib/mihari/enrichers/shodan.rb +18 -26
- data/lib/mihari/enrichers/whois.rb +121 -111
- data/lib/mihari/mixins/retriable.rb +4 -2
- data/lib/mihari/models/artifact.rb +37 -23
- data/lib/mihari/models/autonomous_system.rb +3 -2
- data/lib/mihari/models/cpe.rb +3 -2
- data/lib/mihari/models/dns.rb +3 -2
- data/lib/mihari/models/geolocation.rb +3 -2
- data/lib/mihari/models/port.rb +3 -2
- data/lib/mihari/models/reverse_dns.rb +3 -2
- data/lib/mihari/models/whois.rb +4 -3
- data/lib/mihari/schemas/analyzer.rb +24 -23
- data/lib/mihari/schemas/emitter.rb +32 -25
- data/lib/mihari/schemas/enricher.rb +21 -2
- data/lib/mihari/schemas/options.rb +27 -0
- data/lib/mihari/schemas/rule.rb +8 -4
- data/lib/mihari/services/alert_runner.rb +1 -1
- data/lib/mihari/services/rule_runner.rb +1 -11
- data/lib/mihari/types.rb +1 -14
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/ip_addresses.rb +1 -1
- data/lib/mihari/web/public/assets/{index-33165282.css → index-56fc2187.css} +1 -1
- data/lib/mihari/web/public/assets/index-9cc489e6.js +1749 -0
- data/lib/mihari/web/public/index.html +2 -2
- data/lib/mihari/web/public/redoc-static.html +400 -400
- data/lib/mihari.rb +67 -37
- data/mihari.gemspec +3 -2
- data/mkdocs.yml +8 -6
- data/requirements.txt +1 -1
- metadata +24 -8
- data/lib/mihari/web/public/assets/index-a92abd57.js +0 -1740
data/lib/mihari.rb
CHANGED
|
@@ -69,16 +69,43 @@ module Mihari
|
|
|
69
69
|
end
|
|
70
70
|
memoize :emitters
|
|
71
71
|
|
|
72
|
+
#
|
|
73
|
+
# @return [Hash<String, Mihari::Enrichers::Base>]
|
|
74
|
+
#
|
|
75
|
+
def emitter_to_class
|
|
76
|
+
@emitter_to_class ||= emitters.flat_map do |klass|
|
|
77
|
+
klass.class_keys.map { |key| [key.downcase, klass] }
|
|
78
|
+
end.to_h
|
|
79
|
+
end
|
|
80
|
+
|
|
72
81
|
def analyzers
|
|
73
82
|
[]
|
|
74
83
|
end
|
|
75
84
|
memoize :analyzers
|
|
76
85
|
|
|
86
|
+
#
|
|
87
|
+
# @return [Hash<String, Mihari::Analyzers::Base>]
|
|
88
|
+
#
|
|
89
|
+
def analyzer_to_class
|
|
90
|
+
@analyzer_to_class ||= analyzers.flat_map do |klass|
|
|
91
|
+
klass.class_keys.map { |key| [key.downcase, klass] }
|
|
92
|
+
end.to_h
|
|
93
|
+
end
|
|
94
|
+
|
|
77
95
|
def enrichers
|
|
78
96
|
[]
|
|
79
97
|
end
|
|
80
98
|
memoize :enrichers
|
|
81
99
|
|
|
100
|
+
#
|
|
101
|
+
# @return [Hash<String, Mihari::Enrichers::Base>]
|
|
102
|
+
#
|
|
103
|
+
def enricher_to_class
|
|
104
|
+
@enricher_to_class ||= enrichers.flat_map do |klass|
|
|
105
|
+
klass.class_keys.map { |key| [key.downcase, klass] }
|
|
106
|
+
end.to_h
|
|
107
|
+
end
|
|
108
|
+
|
|
82
109
|
def config
|
|
83
110
|
@config ||= Config.new
|
|
84
111
|
end
|
|
@@ -103,46 +130,11 @@ module Mihari
|
|
|
103
130
|
end
|
|
104
131
|
end
|
|
105
132
|
|
|
106
|
-
# Constants
|
|
107
|
-
require "mihari/constants"
|
|
108
|
-
|
|
109
|
-
# Types
|
|
110
|
-
require "mihari/types"
|
|
111
|
-
|
|
112
133
|
# Core classes
|
|
134
|
+
require "mihari/base"
|
|
113
135
|
require "mihari/database"
|
|
114
|
-
require "mihari/type_checker"
|
|
115
136
|
require "mihari/http"
|
|
116
|
-
|
|
117
|
-
# Services
|
|
118
|
-
require "mihari/services/rule_builder"
|
|
119
|
-
require "mihari/services/rule_proxy"
|
|
120
|
-
require "mihari/services/rule_runner"
|
|
121
|
-
|
|
122
|
-
require "mihari/services/alert_builder"
|
|
123
|
-
require "mihari/services/alert_proxy"
|
|
124
|
-
require "mihari/services/alert_runner"
|
|
125
|
-
|
|
126
|
-
# Structs
|
|
127
|
-
require "mihari/structs/binaryedge"
|
|
128
|
-
require "mihari/structs/censys"
|
|
129
|
-
require "mihari/structs/config"
|
|
130
|
-
require "mihari/structs/filters"
|
|
131
|
-
require "mihari/structs/google_public_dns"
|
|
132
|
-
require "mihari/structs/greynoise"
|
|
133
|
-
require "mihari/structs/ipinfo"
|
|
134
|
-
require "mihari/structs/hunterhow"
|
|
135
|
-
require "mihari/structs/onyphe"
|
|
136
|
-
require "mihari/structs/shodan"
|
|
137
|
-
require "mihari/structs/urlscan"
|
|
138
|
-
require "mihari/structs/virustotal_intelligence"
|
|
139
|
-
|
|
140
|
-
# Schemas
|
|
141
|
-
require "mihari/schemas/macros"
|
|
142
|
-
|
|
143
|
-
require "mihari/schemas/alert"
|
|
144
|
-
require "mihari/schemas/analyzer"
|
|
145
|
-
require "mihari/schemas/rule"
|
|
137
|
+
require "mihari/type_checker"
|
|
146
138
|
|
|
147
139
|
# Enrichers
|
|
148
140
|
require "mihari/enrichers/base"
|
|
@@ -220,6 +212,44 @@ require "mihari/analyzers/zoomeye"
|
|
|
220
212
|
|
|
221
213
|
require "mihari/analyzers/rule"
|
|
222
214
|
|
|
215
|
+
# Types
|
|
216
|
+
require "mihari/types"
|
|
217
|
+
|
|
218
|
+
# Constants
|
|
219
|
+
require "mihari/constants"
|
|
220
|
+
|
|
221
|
+
# Structs
|
|
222
|
+
require "mihari/structs/binaryedge"
|
|
223
|
+
require "mihari/structs/censys"
|
|
224
|
+
require "mihari/structs/config"
|
|
225
|
+
require "mihari/structs/filters"
|
|
226
|
+
require "mihari/structs/google_public_dns"
|
|
227
|
+
require "mihari/structs/greynoise"
|
|
228
|
+
require "mihari/structs/ipinfo"
|
|
229
|
+
require "mihari/structs/hunterhow"
|
|
230
|
+
require "mihari/structs/onyphe"
|
|
231
|
+
require "mihari/structs/shodan"
|
|
232
|
+
require "mihari/structs/urlscan"
|
|
233
|
+
require "mihari/structs/virustotal_intelligence"
|
|
234
|
+
|
|
235
|
+
# Schemas
|
|
236
|
+
require "mihari/schemas/macros"
|
|
237
|
+
|
|
238
|
+
require "mihari/schemas/options"
|
|
239
|
+
|
|
240
|
+
require "mihari/schemas/alert"
|
|
241
|
+
require "mihari/schemas/analyzer"
|
|
242
|
+
require "mihari/schemas/rule"
|
|
243
|
+
|
|
244
|
+
# Services
|
|
245
|
+
require "mihari/services/rule_builder"
|
|
246
|
+
require "mihari/services/rule_proxy"
|
|
247
|
+
require "mihari/services/rule_runner"
|
|
248
|
+
|
|
249
|
+
require "mihari/services/alert_builder"
|
|
250
|
+
require "mihari/services/alert_proxy"
|
|
251
|
+
require "mihari/services/alert_runner"
|
|
252
|
+
|
|
223
253
|
# Entities
|
|
224
254
|
require "mihari/entities/message"
|
|
225
255
|
|
data/mihari.gemspec
CHANGED
|
@@ -66,7 +66,7 @@ Gem::Specification.new do |spec|
|
|
|
66
66
|
spec.add_dependency "awrence", "2.0.1"
|
|
67
67
|
spec.add_dependency "dotenv", "2.8.1"
|
|
68
68
|
spec.add_dependency "dry-container", "0.11.0"
|
|
69
|
-
spec.add_dependency "dry-files", "1.0
|
|
69
|
+
spec.add_dependency "dry-files", "1.1.0"
|
|
70
70
|
spec.add_dependency "dry-monads", "1.6.0"
|
|
71
71
|
spec.add_dependency "dry-schema", "1.13.3"
|
|
72
72
|
spec.add_dependency "dry-struct", "1.6.0"
|
|
@@ -93,7 +93,8 @@ Gem::Specification.new do |spec|
|
|
|
93
93
|
spec.add_dependency "sentry-ruby", "5.12.0"
|
|
94
94
|
spec.add_dependency "slack-notifier", "2.4.0"
|
|
95
95
|
spec.add_dependency "sqlite3", "1.6.7"
|
|
96
|
-
spec.add_dependency "thor", "1.
|
|
96
|
+
spec.add_dependency "thor", "1.3.0"
|
|
97
|
+
spec.add_dependency "thor-hollaback", "0.2.1"
|
|
97
98
|
spec.add_dependency "uuidtools", "2.2.0"
|
|
98
99
|
spec.add_dependency "whois", "5.1.0"
|
|
99
100
|
spec.add_dependency "whois-parser", "2.0.0"
|
data/mkdocs.yml
CHANGED
|
@@ -13,17 +13,19 @@ plugins:
|
|
|
13
13
|
case: lower
|
|
14
14
|
|
|
15
15
|
nav:
|
|
16
|
-
- Mihari: index.md
|
|
17
16
|
- Requirements: requirements.md
|
|
18
17
|
- Installation: installation.md
|
|
19
18
|
- How to Write a Rule: rule.md
|
|
20
19
|
- Usage: usage.md
|
|
21
20
|
- Configuration: configuration.md
|
|
22
|
-
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
-
|
|
26
|
-
|
|
21
|
+
- Tips:
|
|
22
|
+
- GitHub Actions: github_actions.md
|
|
23
|
+
- Alternatives: alternatives.md
|
|
24
|
+
- References:
|
|
25
|
+
- Analyzers: "analyzers/index.md"
|
|
26
|
+
- Enrichers: "enrichers/index.md"
|
|
27
|
+
- Emitters: "emitters/index.md"
|
|
28
|
+
- Tags: "./tags.md"
|
|
27
29
|
|
|
28
30
|
markdown_extensions:
|
|
29
31
|
- toc:
|
data/requirements.txt
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
mkdocs==1.5.3
|
|
2
|
-
mkdocs-material==9.4.
|
|
2
|
+
mkdocs-material==9.4.6
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-10-
|
|
11
|
+
date: 2023-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -380,14 +380,14 @@ dependencies:
|
|
|
380
380
|
requirements:
|
|
381
381
|
- - '='
|
|
382
382
|
- !ruby/object:Gem::Version
|
|
383
|
-
version: 1.0
|
|
383
|
+
version: 1.1.0
|
|
384
384
|
type: :runtime
|
|
385
385
|
prerelease: false
|
|
386
386
|
version_requirements: !ruby/object:Gem::Requirement
|
|
387
387
|
requirements:
|
|
388
388
|
- - '='
|
|
389
389
|
- !ruby/object:Gem::Version
|
|
390
|
-
version: 1.0
|
|
390
|
+
version: 1.1.0
|
|
391
391
|
- !ruby/object:Gem::Dependency
|
|
392
392
|
name: dry-monads
|
|
393
393
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -758,14 +758,28 @@ dependencies:
|
|
|
758
758
|
requirements:
|
|
759
759
|
- - '='
|
|
760
760
|
- !ruby/object:Gem::Version
|
|
761
|
-
version: 1.
|
|
761
|
+
version: 1.3.0
|
|
762
762
|
type: :runtime
|
|
763
763
|
prerelease: false
|
|
764
764
|
version_requirements: !ruby/object:Gem::Requirement
|
|
765
765
|
requirements:
|
|
766
766
|
- - '='
|
|
767
767
|
- !ruby/object:Gem::Version
|
|
768
|
-
version: 1.
|
|
768
|
+
version: 1.3.0
|
|
769
|
+
- !ruby/object:Gem::Dependency
|
|
770
|
+
name: thor-hollaback
|
|
771
|
+
requirement: !ruby/object:Gem::Requirement
|
|
772
|
+
requirements:
|
|
773
|
+
- - '='
|
|
774
|
+
- !ruby/object:Gem::Version
|
|
775
|
+
version: 0.2.1
|
|
776
|
+
type: :runtime
|
|
777
|
+
prerelease: false
|
|
778
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
779
|
+
requirements:
|
|
780
|
+
- - '='
|
|
781
|
+
- !ruby/object:Gem::Version
|
|
782
|
+
version: 0.2.1
|
|
769
783
|
- !ruby/object:Gem::Dependency
|
|
770
784
|
name: uuidtools
|
|
771
785
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -976,6 +990,7 @@ files:
|
|
|
976
990
|
- lib/mihari/analyzers/virustotal.rb
|
|
977
991
|
- lib/mihari/analyzers/virustotal_intelligence.rb
|
|
978
992
|
- lib/mihari/analyzers/zoomeye.rb
|
|
993
|
+
- lib/mihari/base.rb
|
|
979
994
|
- lib/mihari/cli/alert.rb
|
|
980
995
|
- lib/mihari/cli/base.rb
|
|
981
996
|
- lib/mihari/cli/database.rb
|
|
@@ -1061,6 +1076,7 @@ files:
|
|
|
1061
1076
|
- lib/mihari/schemas/emitter.rb
|
|
1062
1077
|
- lib/mihari/schemas/enricher.rb
|
|
1063
1078
|
- lib/mihari/schemas/macros.rb
|
|
1079
|
+
- lib/mihari/schemas/options.rb
|
|
1064
1080
|
- lib/mihari/schemas/rule.rb
|
|
1065
1081
|
- lib/mihari/services/alert_builder.rb
|
|
1066
1082
|
- lib/mihari/services/alert_proxy.rb
|
|
@@ -1094,8 +1110,8 @@ files:
|
|
|
1094
1110
|
- lib/mihari/web/endpoints/tags.rb
|
|
1095
1111
|
- lib/mihari/web/middleware/connection_adapter.rb
|
|
1096
1112
|
- lib/mihari/web/middleware/error_notification_adapter.rb
|
|
1097
|
-
- lib/mihari/web/public/assets/index-
|
|
1098
|
-
- lib/mihari/web/public/assets/index-
|
|
1113
|
+
- lib/mihari/web/public/assets/index-56fc2187.css
|
|
1114
|
+
- lib/mihari/web/public/assets/index-9cc489e6.js
|
|
1099
1115
|
- lib/mihari/web/public/assets/mode-yaml-a21faa53.js
|
|
1100
1116
|
- lib/mihari/web/public/favicon.ico
|
|
1101
1117
|
- lib/mihari/web/public/index.html
|