RubyGems - mihari - Versions diffs - 5.6.1 → 5.7.0 - Mend

mihari 5.6.1 → 5.7.0

Files changed (153) hide show

checksums.yaml +4 -4
data/.rubocop.yml +5 -1
data/README.md +1 -0
data/config.ru +1 -1
data/docs/analyzers/fofa.md +31 -0
data/docs/analyzers/index.md +1 -0
data/frontend/package-lock.json +183 -186
data/frontend/package.json +10 -10
data/frontend/src/components/alert/Form.vue +1 -14
data/frontend/src/components/artifact/AS.vue +2 -8
data/frontend/src/components/artifact/DnsRecords.vue +2 -8
data/frontend/src/components/artifact/ReverseDnsNames.vue +2 -10
data/frontend/src/components/artifact/WhoisRecord.vue +1 -1
data/lib/mihari/{base.rb → actor.rb} +27 -3
data/lib/mihari/analyzers/base.rb +16 -20
data/lib/mihari/analyzers/binaryedge.rb +4 -1
data/lib/mihari/analyzers/censys.rb +5 -3
data/lib/mihari/analyzers/circl.rb +4 -1
data/lib/mihari/analyzers/crtsh.rb +4 -1
data/lib/mihari/analyzers/dnstwister.rb +4 -1
data/lib/mihari/analyzers/feed.rb +3 -0
data/lib/mihari/analyzers/fofa.rb +65 -0
data/lib/mihari/analyzers/greynoise.rb +4 -1
data/lib/mihari/analyzers/hunterhow.rb +7 -2
data/lib/mihari/analyzers/onyphe.rb +4 -1
data/lib/mihari/analyzers/otx.rb +4 -1
data/lib/mihari/analyzers/passivetotal.rb +5 -2
data/lib/mihari/analyzers/pulsedive.rb +4 -1
data/lib/mihari/analyzers/securitytrails.rb +5 -2
data/lib/mihari/analyzers/shodan.rb +4 -1
data/lib/mihari/analyzers/urlscan.rb +5 -2
data/lib/mihari/analyzers/virustotal.rb +9 -6
data/lib/mihari/analyzers/virustotal_intelligence.rb +4 -1
data/lib/mihari/analyzers/zoomeye.rb +8 -5
data/lib/mihari/cli/alert.rb +3 -0
data/lib/mihari/cli/base.rb +3 -0
data/lib/mihari/cli/database.rb +3 -0
data/lib/mihari/cli/main.rb +3 -0
data/lib/mihari/cli/rule.rb +3 -0
data/lib/mihari/clients/base.rb +3 -0
data/lib/mihari/clients/binaryedge.rb +5 -2
data/lib/mihari/clients/censys.rb +7 -4
data/lib/mihari/clients/circl.rb +3 -0
data/lib/mihari/clients/crtsh.rb +5 -2
data/lib/mihari/clients/dnstwister.rb +3 -0
data/lib/mihari/clients/fofa.rb +83 -0
data/lib/mihari/clients/greynoise.rb +5 -2
data/lib/mihari/clients/hunterhow.rb +5 -2
data/lib/mihari/clients/misp.rb +3 -0
data/lib/mihari/clients/onyphe.rb +5 -2
data/lib/mihari/clients/otx.rb +3 -0
data/lib/mihari/clients/passivetotal.rb +7 -4
data/lib/mihari/clients/publsedive.rb +4 -1
data/lib/mihari/clients/securitytrails.rb +6 -3
data/lib/mihari/clients/shodan.rb +5 -2
data/lib/mihari/clients/the_hive.rb +3 -0
data/lib/mihari/clients/urlscan.rb +7 -4
data/lib/mihari/clients/virustotal.rb +5 -2
data/lib/mihari/clients/zoomeye.rb +3 -0
data/lib/mihari/commands/alert.rb +5 -14
data/lib/mihari/commands/database.rb +3 -0
data/lib/mihari/commands/rule.rb +11 -11
data/lib/mihari/commands/search.rb +9 -6
data/lib/mihari/commands/version.rb +3 -0
data/lib/mihari/commands/web.rb +4 -1
data/lib/mihari/config.rb +139 -150
data/lib/mihari/constants.rb +1 -1
data/lib/mihari/database.rb +6 -0
data/lib/mihari/emitters/base.rb +16 -25
data/lib/mihari/emitters/database.rb +10 -9
data/lib/mihari/emitters/misp.rb +20 -41
data/lib/mihari/emitters/slack.rb +16 -13
data/lib/mihari/emitters/the_hive.rb +18 -46
data/lib/mihari/emitters/webhook.rb +34 -23
data/lib/mihari/enrichers/base.rb +16 -15
data/lib/mihari/enrichers/google_public_dns.rb +6 -5
data/lib/mihari/enrichers/ipinfo.rb +10 -8
data/lib/mihari/enrichers/shodan.rb +4 -6
data/lib/mihari/enrichers/whois.rb +13 -10
data/lib/mihari/errors.rb +6 -0
data/lib/mihari/feed/parser.rb +3 -0
data/lib/mihari/feed/reader.rb +3 -0
data/lib/mihari/http.rb +6 -0
data/lib/mihari/mixins/autonomous_system.rb +3 -0
data/lib/mihari/mixins/configurable.rb +3 -0
data/lib/mihari/mixins/error_notification.rb +3 -0
data/lib/mihari/mixins/falsepositive.rb +3 -0
data/lib/mihari/mixins/refang.rb +3 -0
data/lib/mihari/mixins/retriable.rb +6 -2
data/lib/mihari/models/alert.rb +78 -73
data/lib/mihari/models/artifact.rb +186 -178
data/lib/mihari/models/autonomous_system.rb +25 -20
data/lib/mihari/models/cpe.rb +24 -19
data/lib/mihari/models/dns.rb +27 -22
data/lib/mihari/models/geolocation.rb +25 -20
data/lib/mihari/models/port.rb +24 -19
data/lib/mihari/models/reverse_dns.rb +24 -19
data/lib/mihari/models/rule.rb +71 -66
data/lib/mihari/models/tag.rb +8 -3
data/lib/mihari/models/tagging.rb +8 -3
data/lib/mihari/models/whois.rb +20 -17
data/lib/mihari/rule.rb +357 -0
data/lib/mihari/schemas/alert.rb +3 -0
data/lib/mihari/schemas/analyzer.rb +105 -87
data/lib/mihari/schemas/emitter.rb +12 -5
data/lib/mihari/schemas/enricher.rb +11 -4
data/lib/mihari/schemas/macros.rb +4 -0
data/lib/mihari/schemas/mixins.rb +20 -0
data/lib/mihari/schemas/rule.rb +6 -10
data/lib/mihari/service.rb +16 -0
data/lib/mihari/services/alert_builder.rb +8 -5
data/lib/mihari/services/alert_proxy.rb +16 -7
data/lib/mihari/services/alert_runner.rb +10 -14
data/lib/mihari/services/rule_builder.rb +10 -7
data/lib/mihari/services/rule_runner.rb +11 -13
data/lib/mihari/structs/binaryedge.rb +14 -29
data/lib/mihari/structs/censys.rb +54 -133
data/lib/mihari/structs/config.rb +20 -31
data/lib/mihari/structs/filters.rb +38 -0
data/lib/mihari/structs/fofa.rb +44 -0
data/lib/mihari/structs/google_public_dns.rb +10 -28
data/lib/mihari/structs/greynoise.rb +38 -89
data/lib/mihari/structs/hunterhow.rb +27 -25
data/lib/mihari/structs/ipinfo.rb +14 -35
data/lib/mihari/structs/onyphe.rb +36 -81
data/lib/mihari/structs/shodan.rb +53 -118
data/lib/mihari/structs/urlscan.rb +27 -66
data/lib/mihari/structs/virustotal_intelligence.rb +23 -59
data/lib/mihari/type_checker.rb +4 -0
data/lib/mihari/types.rb +3 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/api.rb +15 -10
data/lib/mihari/web/app.rb +59 -54
data/lib/mihari/web/endpoints/alerts.rb +94 -89
data/lib/mihari/web/endpoints/artifacts.rb +115 -110
data/lib/mihari/web/endpoints/configs.rb +18 -13
data/lib/mihari/web/endpoints/ip_addresses.rb +21 -16
data/lib/mihari/web/endpoints/rules.rb +202 -204
data/lib/mihari/web/endpoints/tags.rb +41 -36
data/lib/mihari/web/middleware/connection_adapter.rb +16 -9
data/lib/mihari/web/middleware/error_notification_adapter.rb +17 -10
data/lib/mihari/web/public/assets/{index-9cc489e6.js → index-821134e2.js} +54 -54
data/lib/mihari/web/public/assets/mode-yaml-24faa242.js +8 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari.rb +30 -13
data/mihari.gemspec +9 -3
data/mkdocs.yml +3 -2
data/requirements.txt +1 -1
metadata +44 -26
data/lib/mihari/analyzers/rule.rb +0 -232
data/lib/mihari/services/rule_proxy.rb +0 -182
data/lib/mihari/templates/rule.yml.erb +0 -5
data/lib/mihari/web/public/assets/mode-yaml-a21faa53.js +0 -8

data/lib/mihari/services/rule_proxy.rb DELETED Viewed

@@ -1,182 +0,0 @@
-# frozen_string_literal: true
-require "json"
-module Mihari
-  module Services
-    #
-    # proxy (or converter) class for rule
-    # proxying rule schema data into analyzer & model
-    #
-    class RuleProxy
-      include Mixins::FalsePositive
-      # @return [Hash]
-      attr_reader :data
-      # @return [Array, nil]
-      attr_reader :errors
-      #
-      # Initialize
-      #
-      # @param [Hash] data
-      #
-      def initialize(data)
-        @data = data.deep_symbolize_keys
-        @errors = nil
-        validate!
-      end
-      #
-      # @return [Boolean]
-      #
-      def errors?
-        return false if @errors.nil?
-        !@errors.empty?
-      end
-      def validate!
-        contract = Schemas::RuleContract.new
-        result = contract.call(data)
-        @data = result.to_h
-        @errors = result.errors
-        raise ValidationError.new("Validation failed", errors) if errors?
-      end
-      def [](key)
-        data key.to_sym
-      end
-      #
-      # @return [String]
-      #
-      def id
-        @id ||= data[:id]
-      end
-      #
-      # @return [String]
-      #
-      def title
-        @title ||= data[:title]
-      end
-      #
-      # @return [String]
-      #
-      def description
-        @description ||= data[:description]
-      end
-      #
-      # @return [String]
-      #
-      def yaml
-        @yaml ||= data.deep_stringify_keys.to_yaml
-      end
-      #
-      # @return [Array<Hash>]
-      #
-      def queries
-        @queries ||= data[:queries]
-      end
-      #
-      # @return [Array<String>]
-      #
-      def data_types
-        @data_types ||= data[:data_types]
-      end
-      #
-      # @return [Array<String>]
-      #
-      def tags
-        @tags ||= data[:tags]
-      end
-      #
-      # @return [Array<String, RegExp>]
-      #
-      def falsepositives
-        @falsepositives ||= data[:falsepositives].map { |fp| normalize_falsepositive fp }
-      end
-      #
-      # @return [Array<Hash>]
-      #
-      def emitters
-        @emitters ||= data[:emitters]
-      end
-      #
-      # @return [Array<Hash>]
-      #
-      def enrichers
-        @enrichers ||= data[:enrichers]
-      end
-      #
-      # @return [Integer, nil]
-      #
-      def artifact_lifetime
-        @artifact_lifetime ||= data[:artifact_lifetime] || data[:artifact_ttl]
-      end
-      #
-      # @return [Mihari::Rule]
-      #
-      def model
-        rule = Mihari::Rule.find(id)
-        rule.title = title
-        rule.description = description
-        rule.data = data
-        rule
-      rescue ActiveRecord::RecordNotFound
-        Mihari::Rule.new(
-          id: id,
-          title: title,
-          description: description,
-          data: data
-        )
-      end
-      #
-      # @return [Mihari::Analyzers::Rule]
-      #
-      def analyzer
-        Mihari::Analyzers::Rule.new self
-      end
-      class << self
-        #
-        # Load rule from YAML string
-        #
-        # @param [String] yaml
-        #
-        # @return [Mihari::Services::Rule]
-        #
-        def from_yaml(yaml)
-          new YAML.safe_load(ERB.new(yaml).result, permitted_classes: [Date, Symbol])
-        end
-        #
-        # @param [Mihari::Rule] model
-        #
-        # @return [Mihari::Services::Rule]
-        #
-        def from_model(model)
-          new model.data
-        end
-      end
-    end
-  end
-end

data/lib/mihari/templates/rule.yml.erb DELETED Viewed

@@ -1,5 +0,0 @@
-id: <%= SecureRandom.uuid %>
-title: Title goes here
-description: Description goes here
-created_on: <%= Date.today %>
-queries: []

data/lib/mihari/web/public/assets/mode-yaml-a21faa53.js DELETED Viewed

@@ -1,8 +0,0 @@
-ace.define("ace/mode/yaml_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text_highlight_rules").TextHighlightRules,s=function(){this.$rules={start:[{token:"comment",regex:"#.*$"},{token:"list.markup",regex:/^(?:-{3}|\.{3})\s*(?=#|$)/},{token:"list.markup",regex:/^\s*[\-?](?:$|\s)/},{token:"constant",regex:"!![\\w//]+"},{token:"constant.language",regex:"[&\\*][a-zA-Z0-9-_]+"},{token:["meta.tag","keyword"],regex:/^(\s*\w[^\s:]*?)(:(?=\s|$))/},{token:["meta.tag","keyword"],regex:/(\w[^\s:]*?)(\s*:(?=\s|$))/},{token:"keyword.operator",regex:"<<\\w*:\\w*"},{token:"keyword.operator",regex:"-\\s*(?=[{])"},{token:"string",regex:'["](?:(?:\\\\.)|(?:[^"\\\\]))*?["]'},{token:"string",regex:/[|>][-+\d]*(?:$|\s+(?:$|#))/,onMatch:function(e,t,n,r){r=r.replace(/ #.*/,"");var i=/^ *((:\s*)?-(\s*[^|>])?)?/.exec(r)[0].replace(/\S\s*$/,"").length,s=parseInt(/\d+[\s+-]*$/.exec(r));return s?(i+=s-1,this.next="mlString"):this.next="mlStringPre",n.length?(n[0]=this.next,n[1]=i):(n.push(this.next),n.push(i)),this.token},next:"mlString"},{token:"string",regex:"['](?:(?:\\\\.)|(?:[^'\\\\]))*?[']"},{token:"constant.numeric",regex:/(\b|[+\-\.])[\d_]+(?:(?:\.[\d_]*)?(?:[eE][+\-]?[\d_]+)?)(?=[^\d-\w]|$)$/},{token:"constant.numeric",regex:/[+\-]?\.inf\b|NaN\b|0x[\dA-Fa-f_]+|0b[10_]+/},{token:"constant.language.boolean",regex:"\\b(?:true|false|TRUE|FALSE|True|False|yes|no)\\b"},{token:"paren.lparen",regex:"[[({]"},{token:"paren.rparen",regex:"[\\])}]"},{token:"text",regex:/[^\s,:\[\]\{\}]+/}],mlStringPre:[{token:"indent",regex:/^ *$/},{token:"indent",regex:/^ */,onMatch:function(e,t,n){var r=n[1];return r>=e.length?(this.next="start",n.shift(),n.shift()):(n[1]=e.length-1,this.next=n[0]="mlString"),this.token},next:"mlString"},{defaultToken:"string"}],mlString:[{token:"indent",regex:/^ *$/},{token:"indent",regex:/^ */,onMatch:function(e,t,n){var r=n[1];return r>=e.length?(this.next="start",n.splice(0)):this.next="mlString",this.token},next:"mlString"},{token:"string",regex:".+"}]},this.normalizeRules()};r.inherits(s,i),t.YamlHighlightRules=s}),ace.define("ace/mode/matching_brace_outdent",["require","exports","module","ace/range"],function(e,t,n){"use strict";var r=e("../range").Range,i=function(){};(function(){this.checkOutdent=function(e,t){return/^\s+$/.test(e)?/^\s*\}/.test(t):!1},this.autoOutdent=function(e,t){var n=e.getLine(t),i=n.match(/^(\s*\})/);if(!i)return 0;var s=i[1].length,o=e.findMatchingBracket({row:t,column:s});if(!o||o.row==t)return 0;var u=this.$getIndent(e.getLine(o.row));e.replace(new r(t,0,t,s-1),u)},this.$getIndent=function(e){return e.match(/^\s*/)[0]}}).call(i.prototype),t.MatchingBraceOutdent=i}),ace.define("ace/mode/folding/coffee",["require","exports","module","ace/lib/oop","ace/mode/folding/fold_mode","ace/range"],function(e,t,n){"use strict";var r=e("../../lib/oop"),i=e("./fold_mode").FoldMode,s=e("../../range").Range,o=t.FoldMode=function(){};r.inherits(o,i),function(){this.getFoldWidgetRange=function(e,t,n){var r=this.indentationBlock(e,n);if(r)return r;var i=/\S/,o=e.getLine(n),u=o.search(i);if(u==-1||o[u]!="#")return;var a=o.length,f=e.getLength(),l=n,c=n;while(++n<f){o=e.getLine(n);var h=o.search(i);if(h==-1)continue;if(o[h]!="#")break;c=n}if(c>l){var p=e.getLine(c).length;return new s(l,a,c,p)}},this.getFoldWidget=function(e,t,n){var r=e.getLine(n),i=r.search(/\S/),s=e.getLine(n+1),o=e.getLine(n-1),u=o.search(/\S/),a=s.search(/\S/);if(i==-1)return e.foldWidgets[n-1]=u!=-1&&u<a?"start":"","";if(u==-1){if(i==a&&r[i]=="#"&&s[i]=="#")return e.foldWidgets[n-1]="",e.foldWidgets[n+1]="","start"}else if(u==i&&r[i]=="#"&&o[i]=="#"&&e.getLine(n-2).search(/\S/)==-1)return e.foldWidgets[n-1]="start",e.foldWidgets[n+1]="","";return u!=-1&&u<i?e.foldWidgets[n-1]="start":e.foldWidgets[n-1]="",i<a?"start":""}}.call(o.prototype)}),ace.define("ace/mode/yaml",["require","exports","module","ace/lib/oop","ace/mode/text","ace/mode/yaml_highlight_rules","ace/mode/matching_brace_outdent","ace/mode/folding/coffee","ace/worker/worker_client"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text").Mode,s=e("./yaml_highlight_rules").YamlHighlightRules,o=e("./matching_brace_outdent").MatchingBraceOutdent,u=e("./folding/coffee").FoldMode,a=e("../worker/worker_client").WorkerClient,f=function(){this.HighlightRules=s,this.$outdent=new o,this.foldingRules=new u,this.$behaviour=this.$defaultBehaviour};r.inherits(f,i),function(){this.lineCommentStart=["#"],this.getNextLineIndent=function(e,t,n){var r=this.$getIndent(t);if(e=="start"){var i=t.match(/^.*[\{\(\[]\s*$/);i&&(r+=n)}return r},this.checkOutdent=function(e,t,n){return this.$outdent.checkOutdent(t,n)},this.autoOutdent=function(e,t,n){this.$outdent.autoOutdent(t,n)},this.createWorker=function(e){var t=new a(["ace"],"ace/mode/yaml_worker","YamlWorker");return t.attachToDocument(e.getDocument()),t.on("annotate",function(t){e.setAnnotations(t.data)}),t.on("terminate",function(){e.clearAnnotations()}),t},this.$id="ace/mode/yaml"}.call(f.prototype),t.Mode=f});                (function() {
-                    ace.require(["ace/mode/yaml"], function(m) {
-                        if (typeof module == "object" && typeof exports == "object" && module) {
-                            module.exports = m;
-                        }
-                    });
-                })();