mihari 5.6.1 → 5.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (153) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +5 -1
  3. data/README.md +1 -0
  4. data/config.ru +1 -1
  5. data/docs/analyzers/fofa.md +31 -0
  6. data/docs/analyzers/index.md +1 -0
  7. data/frontend/package-lock.json +183 -186
  8. data/frontend/package.json +10 -10
  9. data/frontend/src/components/alert/Form.vue +1 -14
  10. data/frontend/src/components/artifact/AS.vue +2 -8
  11. data/frontend/src/components/artifact/DnsRecords.vue +2 -8
  12. data/frontend/src/components/artifact/ReverseDnsNames.vue +2 -10
  13. data/frontend/src/components/artifact/WhoisRecord.vue +1 -1
  14. data/lib/mihari/{base.rb → actor.rb} +27 -3
  15. data/lib/mihari/analyzers/base.rb +16 -20
  16. data/lib/mihari/analyzers/binaryedge.rb +4 -1
  17. data/lib/mihari/analyzers/censys.rb +5 -3
  18. data/lib/mihari/analyzers/circl.rb +4 -1
  19. data/lib/mihari/analyzers/crtsh.rb +4 -1
  20. data/lib/mihari/analyzers/dnstwister.rb +4 -1
  21. data/lib/mihari/analyzers/feed.rb +3 -0
  22. data/lib/mihari/analyzers/fofa.rb +65 -0
  23. data/lib/mihari/analyzers/greynoise.rb +4 -1
  24. data/lib/mihari/analyzers/hunterhow.rb +7 -2
  25. data/lib/mihari/analyzers/onyphe.rb +4 -1
  26. data/lib/mihari/analyzers/otx.rb +4 -1
  27. data/lib/mihari/analyzers/passivetotal.rb +5 -2
  28. data/lib/mihari/analyzers/pulsedive.rb +4 -1
  29. data/lib/mihari/analyzers/securitytrails.rb +5 -2
  30. data/lib/mihari/analyzers/shodan.rb +4 -1
  31. data/lib/mihari/analyzers/urlscan.rb +5 -2
  32. data/lib/mihari/analyzers/virustotal.rb +9 -6
  33. data/lib/mihari/analyzers/virustotal_intelligence.rb +4 -1
  34. data/lib/mihari/analyzers/zoomeye.rb +8 -5
  35. data/lib/mihari/cli/alert.rb +3 -0
  36. data/lib/mihari/cli/base.rb +3 -0
  37. data/lib/mihari/cli/database.rb +3 -0
  38. data/lib/mihari/cli/main.rb +3 -0
  39. data/lib/mihari/cli/rule.rb +3 -0
  40. data/lib/mihari/clients/base.rb +3 -0
  41. data/lib/mihari/clients/binaryedge.rb +5 -2
  42. data/lib/mihari/clients/censys.rb +7 -4
  43. data/lib/mihari/clients/circl.rb +3 -0
  44. data/lib/mihari/clients/crtsh.rb +5 -2
  45. data/lib/mihari/clients/dnstwister.rb +3 -0
  46. data/lib/mihari/clients/fofa.rb +83 -0
  47. data/lib/mihari/clients/greynoise.rb +5 -2
  48. data/lib/mihari/clients/hunterhow.rb +5 -2
  49. data/lib/mihari/clients/misp.rb +3 -0
  50. data/lib/mihari/clients/onyphe.rb +5 -2
  51. data/lib/mihari/clients/otx.rb +3 -0
  52. data/lib/mihari/clients/passivetotal.rb +7 -4
  53. data/lib/mihari/clients/publsedive.rb +4 -1
  54. data/lib/mihari/clients/securitytrails.rb +6 -3
  55. data/lib/mihari/clients/shodan.rb +5 -2
  56. data/lib/mihari/clients/the_hive.rb +3 -0
  57. data/lib/mihari/clients/urlscan.rb +7 -4
  58. data/lib/mihari/clients/virustotal.rb +5 -2
  59. data/lib/mihari/clients/zoomeye.rb +3 -0
  60. data/lib/mihari/commands/alert.rb +5 -14
  61. data/lib/mihari/commands/database.rb +3 -0
  62. data/lib/mihari/commands/rule.rb +11 -11
  63. data/lib/mihari/commands/search.rb +9 -6
  64. data/lib/mihari/commands/version.rb +3 -0
  65. data/lib/mihari/commands/web.rb +4 -1
  66. data/lib/mihari/config.rb +139 -150
  67. data/lib/mihari/constants.rb +1 -1
  68. data/lib/mihari/database.rb +6 -0
  69. data/lib/mihari/emitters/base.rb +16 -25
  70. data/lib/mihari/emitters/database.rb +10 -9
  71. data/lib/mihari/emitters/misp.rb +20 -41
  72. data/lib/mihari/emitters/slack.rb +16 -13
  73. data/lib/mihari/emitters/the_hive.rb +18 -46
  74. data/lib/mihari/emitters/webhook.rb +34 -23
  75. data/lib/mihari/enrichers/base.rb +16 -15
  76. data/lib/mihari/enrichers/google_public_dns.rb +6 -5
  77. data/lib/mihari/enrichers/ipinfo.rb +10 -8
  78. data/lib/mihari/enrichers/shodan.rb +4 -6
  79. data/lib/mihari/enrichers/whois.rb +13 -10
  80. data/lib/mihari/errors.rb +6 -0
  81. data/lib/mihari/feed/parser.rb +3 -0
  82. data/lib/mihari/feed/reader.rb +3 -0
  83. data/lib/mihari/http.rb +6 -0
  84. data/lib/mihari/mixins/autonomous_system.rb +3 -0
  85. data/lib/mihari/mixins/configurable.rb +3 -0
  86. data/lib/mihari/mixins/error_notification.rb +3 -0
  87. data/lib/mihari/mixins/falsepositive.rb +3 -0
  88. data/lib/mihari/mixins/refang.rb +3 -0
  89. data/lib/mihari/mixins/retriable.rb +6 -2
  90. data/lib/mihari/models/alert.rb +78 -73
  91. data/lib/mihari/models/artifact.rb +186 -178
  92. data/lib/mihari/models/autonomous_system.rb +25 -20
  93. data/lib/mihari/models/cpe.rb +24 -19
  94. data/lib/mihari/models/dns.rb +27 -22
  95. data/lib/mihari/models/geolocation.rb +25 -20
  96. data/lib/mihari/models/port.rb +24 -19
  97. data/lib/mihari/models/reverse_dns.rb +24 -19
  98. data/lib/mihari/models/rule.rb +71 -66
  99. data/lib/mihari/models/tag.rb +8 -3
  100. data/lib/mihari/models/tagging.rb +8 -3
  101. data/lib/mihari/models/whois.rb +20 -17
  102. data/lib/mihari/rule.rb +357 -0
  103. data/lib/mihari/schemas/alert.rb +3 -0
  104. data/lib/mihari/schemas/analyzer.rb +105 -87
  105. data/lib/mihari/schemas/emitter.rb +12 -5
  106. data/lib/mihari/schemas/enricher.rb +11 -4
  107. data/lib/mihari/schemas/macros.rb +4 -0
  108. data/lib/mihari/schemas/mixins.rb +20 -0
  109. data/lib/mihari/schemas/rule.rb +6 -10
  110. data/lib/mihari/service.rb +16 -0
  111. data/lib/mihari/services/alert_builder.rb +8 -5
  112. data/lib/mihari/services/alert_proxy.rb +16 -7
  113. data/lib/mihari/services/alert_runner.rb +10 -14
  114. data/lib/mihari/services/rule_builder.rb +10 -7
  115. data/lib/mihari/services/rule_runner.rb +11 -13
  116. data/lib/mihari/structs/binaryedge.rb +14 -29
  117. data/lib/mihari/structs/censys.rb +54 -133
  118. data/lib/mihari/structs/config.rb +20 -31
  119. data/lib/mihari/structs/filters.rb +38 -0
  120. data/lib/mihari/structs/fofa.rb +44 -0
  121. data/lib/mihari/structs/google_public_dns.rb +10 -28
  122. data/lib/mihari/structs/greynoise.rb +38 -89
  123. data/lib/mihari/structs/hunterhow.rb +27 -25
  124. data/lib/mihari/structs/ipinfo.rb +14 -35
  125. data/lib/mihari/structs/onyphe.rb +36 -81
  126. data/lib/mihari/structs/shodan.rb +53 -118
  127. data/lib/mihari/structs/urlscan.rb +27 -66
  128. data/lib/mihari/structs/virustotal_intelligence.rb +23 -59
  129. data/lib/mihari/type_checker.rb +4 -0
  130. data/lib/mihari/types.rb +3 -0
  131. data/lib/mihari/version.rb +1 -1
  132. data/lib/mihari/web/api.rb +15 -10
  133. data/lib/mihari/web/app.rb +59 -54
  134. data/lib/mihari/web/endpoints/alerts.rb +94 -89
  135. data/lib/mihari/web/endpoints/artifacts.rb +115 -110
  136. data/lib/mihari/web/endpoints/configs.rb +18 -13
  137. data/lib/mihari/web/endpoints/ip_addresses.rb +21 -16
  138. data/lib/mihari/web/endpoints/rules.rb +202 -204
  139. data/lib/mihari/web/endpoints/tags.rb +41 -36
  140. data/lib/mihari/web/middleware/connection_adapter.rb +16 -9
  141. data/lib/mihari/web/middleware/error_notification_adapter.rb +17 -10
  142. data/lib/mihari/web/public/assets/{index-9cc489e6.js → index-821134e2.js} +54 -54
  143. data/lib/mihari/web/public/assets/mode-yaml-24faa242.js +8 -0
  144. data/lib/mihari/web/public/index.html +1 -1
  145. data/lib/mihari.rb +30 -13
  146. data/mihari.gemspec +9 -3
  147. data/mkdocs.yml +3 -2
  148. data/requirements.txt +1 -1
  149. metadata +44 -26
  150. data/lib/mihari/analyzers/rule.rb +0 -232
  151. data/lib/mihari/services/rule_proxy.rb +0 -182
  152. data/lib/mihari/templates/rule.yml.erb +0 -5
  153. data/lib/mihari/web/public/assets/mode-yaml-a21faa53.js +0 -8
data/lib/mihari/analyzers/virustotal.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Analyzers
5
+ #
6
+ # VirusTotal analyzer
7
+ #
5
8
  class VirusTotal < Base
6
9
  include Mixins::Refang
7
10
 
@@ -43,7 +46,7 @@ module Mihari
43
46
  #
44
47
  # @return [Array<String>, nil]
45
48
  #
46
- def key_aliases
49
+ def class_key_aliases
47
50
  ["vt"]
48
51
  end
49
52
  end
@@ -51,7 +54,7 @@ module Mihari
51
54
  private
52
55
 
53
56
  def client
54
- @client = Clients::VirusTotal.new(api_key: api_key)
57
+ Clients::VirusTotal.new(api_key: api_key)
55
58
  end
56
59
 
57
60
  #
@@ -66,7 +69,7 @@ module Mihari
66
69
  #
67
70
  # Domain search
68
71
  #
69
- # @return [Array<Mihari::Artifact>]
72
+ # @return [Array<Mihari::Models::Artifact>]
70
73
  #
71
74
  def domain_search
72
75
  res = client.domain_search(query)
@@ -74,14 +77,14 @@ module Mihari
74
77
  data = res["data"] || []
75
78
  data.filter_map do |item|
76
79
  data = item.dig("attributes", "ip_address")
77
- data.nil? ? nil : Artifact.new(data: data, metadata: item)
80
+ data.nil? ? nil : Models::Artifact.new(data: data, metadata: item)
78
81
  end
79
82
  end
80
83
 
81
84
  #
82
85
  # IP search
83
86
  #
84
- # @return [Array<Mihari::Artifact>]
87
+ # @return [Array<Mihari::Models::Artifact>]
85
88
  #
86
89
  def ip_search
87
90
  res = client.ip_search(query)
@@ -89,7 +92,7 @@ module Mihari
89
92
  data = res["data"] || []
90
93
  data.filter_map do |item|
91
94
  data = item.dig("attributes", "host_name")
92
- Artifact.new(data: data, metadata: item)
95
+ Models::Artifact.new(data: data, metadata: item)
93
96
  end.uniq
94
97
  end
95
98
  end
data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Analyzers
5
+ #
6
+ # VirusTotal Intelligence analyzer
7
+ #
5
8
  class VirusTotalIntelligence < Base
6
9
  # @return [String, nil]
7
10
  attr_reader :api_key
@@ -49,7 +52,7 @@ module Mihari
49
52
  # @return [::VirusTotal::API]
50
53
  #
51
54
  def client
52
- @client = Clients::VirusTotal.new(
55
+ Clients::VirusTotal.new(
53
56
  api_key: api_key,
54
57
  pagination_interval: pagination_interval,
55
58
  timeout: timeout
data/lib/mihari/analyzers/zoomeye.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Analyzers
5
+ #
6
+ # ZoomEye analyzer
7
+ #
5
8
  class ZoomEye < Base
6
9
  # @return [String, nil]
7
10
  attr_reader :api_key
@@ -53,7 +56,7 @@ module Mihari
53
56
  end
54
57
 
55
58
  def client
56
- @client ||= Clients::ZoomEye.new(
59
+ Clients::ZoomEye.new(
57
60
  api_key: api_key,
58
61
  pagination_interval: pagination_interval,
59
62
  timeout: timeout
@@ -63,9 +66,9 @@ module Mihari
63
66
  #
64
67
  # Convert responses into an array of String
65
68
  #
66
- # @param [Hash] response
69
+ # @param [Hash] res
67
70
  #
68
- # @return [Array<Mihari::Artifact>]
71
+ # @return [Array<Mihari::Models::Artifact>]
69
72
  #
70
73
  def convert(res)
71
74
  matches = res["matches"] || []
@@ -73,9 +76,9 @@ module Mihari
73
76
  data = match["ip"]
74
77
 
75
78
  if data.is_a?(Array)
76
- data.map { |d| Artifact.new(data: d, metadata: match) }
79
+ data.map { |d| Models::Artifact.new(data: d, metadata: match) }
77
80
  else
78
- Artifact.new(data: data, metadata: match)
81
+ Models::Artifact.new(data: data, metadata: match)
79
82
  end
80
83
  end.flatten
81
84
  end
data/lib/mihari/cli/alert.rb CHANGED
@@ -4,6 +4,9 @@ require "mihari/commands/alert"
4
4
 
5
5
  module Mihari
6
6
  module CLI
7
+ #
8
+ # Alert CLI class (mihari alert ...)
9
+ #
7
10
  class Alert < Base
8
11
  include Mihari::Commands::Alert
9
12
  end
data/lib/mihari/cli/base.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module CLI
5
+ #
6
+ # Base class for Thor classes
7
+ #
5
8
  class Base < Thor
6
9
  class << self
7
10
  def exit_on_failure?
data/lib/mihari/cli/database.rb CHANGED
@@ -4,6 +4,9 @@ require "mihari/commands/database"
4
4
 
5
5
  module Mihari
6
6
  module CLI
7
+ #
8
+ # Database CLI class (mihari db ...)
9
+ #
7
10
  class Database < Base
8
11
  include Mihari::Commands::Database
9
12
  end
data/lib/mihari/cli/main.rb CHANGED
@@ -19,6 +19,9 @@ require "mihari/cli/rule"
19
19
 
20
20
  module Mihari
21
21
  module CLI
22
+ #
23
+ # Main CLI class
24
+ #
22
25
  class Main < Base
23
26
  class_option :debug, desc: "Sets up debug mode", aliases: ["-d"], type: :boolean
24
27
  class_around :safe_execute
data/lib/mihari/cli/rule.rb CHANGED
@@ -4,6 +4,9 @@ require "mihari/commands/rule"
4
4
 
5
5
  module Mihari
6
6
  module CLI
7
+ #
8
+ # Rule CLI class (mihari rule ...)
9
+ #
7
10
  class Rule < Base
8
11
  include Mihari::Commands::Rule
9
12
  end
data/lib/mihari/clients/base.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # Base class for API clients
7
+ #
5
8
  class Base
6
9
  # @return [String]
7
10
  attr_reader :base_url
data/lib/mihari/clients/binaryedge.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # BinaryEdge API client
7
+ #
5
8
  class BinaryEdge < Base
6
9
  #
7
10
  # @param [String] base_url
@@ -27,7 +30,7 @@ module Mihari
27
30
  # @param [Integer] page Default 1, Maximum: 500
28
31
  # @param [Integer, nil] only_ips If selected, only output IP addresses, ports and protocols.
29
32
  #
30
- # @return [Structs::BinaryEdge::Response]
33
+ # @return [Mihari::Structs::BinaryEdge::Response]
31
34
  #
32
35
  def search(query, page: 1, only_ips: nil)
33
36
  params = {
@@ -45,7 +48,7 @@ module Mihari
45
48
  # @param [Integer, nil] only_ips
46
49
  # @param [Integer] pagination_limit
47
50
  #
48
- # @return [Enumerable<Structs::BinaryEdge::Response.>]
51
+ # @return [Enumerable<Mihari::Structs::BinaryEdge::Response>]
49
52
  #
50
53
  def search_with_pagination(query, only_ips: nil, pagination_limit: Mihari.config.pagination_limit)
51
54
  Enumerator.new do |y|
data/lib/mihari/clients/censys.rb CHANGED
@@ -4,6 +4,9 @@ require "base64"
4
4
 
5
5
  module Mihari
6
6
  module Clients
7
+ #
8
+ # Censys API client
9
+ #
7
10
  class Censys < Base
8
11
  #
9
12
  # @param [String] base_url
@@ -36,10 +39,10 @@ module Mihari
36
39
  # For more details, see our documentation: https://search.censys.io/api/v2/docs
37
40
  #
38
41
  # @param [String] query the query to be executed.
39
- # @params [Integer, nil] per_page the number of results to be returned for each page.
40
- # @params [Integer, nil] cursor the cursor of the desired result set.
42
+ # @param [Integer, nil] per_page the number of results to be returned for each page.
43
+ # @param [Integer, nil] cursor the cursor of the desired result set.
41
44
  #
42
- # @return [Structs::Censys::Response]
45
+ # @return [Mihari::Structs::Censys::Response]
43
46
  #
44
47
  def search(query, per_page: nil, cursor: nil)
45
48
  params = { q: query, per_page: per_page, cursor: cursor }.compact
@@ -52,7 +55,7 @@ module Mihari
52
55
  # @param [Integer, nil] per_page
53
56
  # @param [Integer] pagination_limit
54
57
  #
55
- # @return [Enumerable<Structs::Censys::Response>]
58
+ # @return [Enumerable<Mihari::Structs::Censys::Response>]
56
59
  #
57
60
  def search_with_pagination(query, per_page: nil, pagination_limit: Mihari.config.pagination_limit)
58
61
  cursor = nil
data/lib/mihari/clients/circl.rb CHANGED
@@ -4,6 +4,9 @@ require "base64"
4
4
 
5
5
  module Mihari
6
6
  module Clients
7
+ #
8
+ # CIRCL passive DNS/SSL API client
9
+ #
7
10
  class CIRCL < Base
8
11
  #
9
12
  # @param [String] base_url
data/lib/mihari/clients/crtsh.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # crt.sh API client
7
+ #
5
8
  class Crtsh < Base
6
9
  #
7
10
  # @param [String] base_url
@@ -19,7 +22,7 @@ module Mihari
19
22
  # @param [String, nil] match "=", "ILIKE", "LIKE", "single", "any" or nil
20
23
  # @param [String, nil] exclude "expired" or nil
21
24
  #
22
- # @return [Array<Mihari::Artifact>]
25
+ # @return [Array<Mihari::Models::Artifact>]
23
26
  #
24
27
  def search(identity, match: nil, exclude: nil)
25
28
  params = { identity: identity, match: match, exclude: exclude, output: "json" }.compact
@@ -29,7 +32,7 @@ module Mihari
29
32
 
30
33
  parsed.map do |result|
31
34
  values = result["name_value"].to_s.lines.map(&:chomp)
32
- values.map { |value| Artifact.new(data: value, metadata: result) }
35
+ values.map { |value| Models::Artifact.new(data: value, metadata: result) }
33
36
  end.flatten
34
37
  end
35
38
  end
data/lib/mihari/clients/dnstwister.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # DNSTwister API client
7
+ #
5
8
  class DNSTwister < Base
6
9
  #
7
10
  # @param [String] base_url
data/lib/mihari/clients/fofa.rb ADDED
@@ -0,0 +1,83 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "base64"
4
+
5
+ module Mihari
6
+ module Clients
7
+ #
8
+ # Fofa API client
9
+ #
10
+ class Fofa < Base
11
+ PAGE_SIZE = 10_000
12
+
13
+ # @return [String]
14
+ attr_reader :api_key
15
+
16
+ # @return [String]
17
+ attr_reader :email
18
+
19
+ #
20
+ # @param [String] base_url
21
+ # @param [String, nil] api_key
22
+ # @param [String, nil] email
23
+ # @param [Hash] headers
24
+ # @param [Integer] pagination_interval
25
+ # @param [Integer, nil] timeout
26
+ #
27
+ # @param [Object] email
28
+ def initialize(
29
+ base_url = "https://fofa.info/",
30
+ api_key:,
31
+ email:,
32
+ headers: {},
33
+ pagination_interval: Mihari.config.pagination_interval,
34
+ timeout: nil
35
+ )
36
+ raise(ArgumentError, "api_key is required") unless api_key
37
+ raise(ArgumentError, "email is required") unless email
38
+
39
+ @api_key = api_key
40
+ @email = email
41
+
42
+ super(base_url, headers: headers, pagination_interval: pagination_interval, timeout: timeout)
43
+ end
44
+
45
+ #
46
+ # @param [String] query
47
+ # @param [Integer] size
48
+ # @param [Integer] page
49
+ #
50
+ # @return [Mihari::Structs::Fofa::Response]
51
+ #
52
+ def search(query, page:, size: PAGE_SIZE)
53
+ qbase64 = Base64.urlsafe_encode64(query)
54
+ params = { qbase64: qbase64, size: size, page: page, email: email, key: api_key }.compact
55
+ res = get("/api/v1/search/all", params: params)
56
+ Structs::Fofa::Response.from_dynamic! JSON.parse(res.body.to_s)
57
+ end
58
+
59
+ #
60
+ # @param [String] query
61
+ # @param [Integer] size
62
+ # @param [Integer] pagination_limit
63
+ #
64
+ # @return [Enumerable<Mihari::Structs::Fofa::Response>]
65
+ #
66
+ def search_with_pagination(query, size: PAGE_SIZE, pagination_limit: Mihari.config.pagination_limit)
67
+ Enumerator.new do |y|
68
+ (1..pagination_limit).each do |page|
69
+ res = search(query, page: page, size: size)
70
+
71
+ y.yield res
72
+
73
+ break if res.error
74
+
75
+ break if (res.results || []).length < size
76
+
77
+ sleep_pagination_interval
78
+ end
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
data/lib/mihari/clients/greynoise.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # GreyNoise API client
7
+ #
5
8
  class GreyNoise < Base
6
9
  PAGE_SIZE = 10_000
7
10
 
@@ -32,7 +35,7 @@ module Mihari
32
35
  # @param [Integer] size Maximum amount of results to grab
33
36
  # @param [Integer, nil] scroll Scroll token to paginate through results
34
37
  #
35
- # @return [Hash]
38
+ # @return [Mihari::Structs::GreyNoise::Response]
36
39
  #
37
40
  def gnql_search(query, size: PAGE_SIZE, scroll: nil)
38
41
  params = { query: query, size: size, scroll: scroll }.compact
@@ -45,7 +48,7 @@ module Mihari
45
48
  # @param [Integer] size
46
49
  # @param [Integer] pagination_limit
47
50
  #
48
- # @return [Enumerable<Structs::GreyNoise::Response>]
51
+ # @return [Enumerable<Mihari::Structs::GreyNoise::Response>]
49
52
  #
50
53
  def gnql_search_with_pagination(query, size: PAGE_SIZE, pagination_limit: Mihari.config.pagination_limit)
51
54
  scroll = nil
data/lib/mihari/clients/hunterhow.rb CHANGED
@@ -4,6 +4,9 @@ require "base64"
4
4
 
5
5
  module Mihari
6
6
  module Clients
7
+ #
8
+ # hunter.how API client
9
+ #
7
10
  class HunterHow < Base
8
11
  PAGE_SIZE = 100
9
12
 
@@ -38,7 +41,7 @@ module Mihari
38
41
  # @param [String] start_time
39
42
  # @param [String] end_time
40
43
  #
41
- # @return [Structs::HunterHow::Response]
44
+ # @return [Mihari::Structs::HunterHow::Response]
42
45
  #
43
46
  def search(query, start_time:, end_time:, page: 1, page_size: PAGE_SIZE)
44
47
  params = {
@@ -60,7 +63,7 @@ module Mihari
60
63
  # @param [String] start_time
61
64
  # @param [String] end_time
62
65
  #
63
- # @return [Enumerable<Structs::HunterHow::Response>]
66
+ # @return [Enumerable<Mihari::Structs::HunterHow::Response>]
64
67
  #
65
68
  def search_with_pagination(
66
69
  query,
data/lib/mihari/clients/misp.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # MISP API client
7
+ #
5
8
  class MISP < Base
6
9
  #
7
10
  # @param [String] base_url
data/lib/mihari/clients/onyphe.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # Onyphe API client
7
+ #
5
8
  class Onyphe < Base
6
9
  PAGE_SIZE = 10
7
10
 
@@ -33,7 +36,7 @@ module Mihari
33
36
  # @param [String] query
34
37
  # @param [Integer] page
35
38
  #
36
- # @return [Structs::Onyphe::Response]
39
+ # @return [Mihari::Structs::Onyphe::Response]
37
40
  #
38
41
  def datascan(query, page: 1)
39
42
  params = { page: page, apikey: api_key }
@@ -45,7 +48,7 @@ module Mihari
45
48
  # @param [String] query
46
49
  # @param [Integer] pagination_limit
47
50
  #
48
- # @return [Enumerable<Structs::Onyphe::Response>]
51
+ # @return [Enumerable<Mihari::Structs::Onyphe::Response>]
49
52
  #
50
53
  def datascan_with_pagination(query, pagination_limit: Mihari.config.pagination_limit)
51
54
  Enumerator.new do |y|
data/lib/mihari/clients/otx.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # OTX API client
7
+ #
5
8
  class OTX < Base
6
9
  #
7
10
  # @param [String] base_url
data/lib/mihari/clients/passivetotal.rb CHANGED
@@ -4,6 +4,9 @@ require "base64"
4
4
 
5
5
  module Mihari
6
6
  module Clients
7
+ #
8
+ # PassiveTotal API client
9
+ #
7
10
  class PassiveTotal < Base
8
11
  #
9
12
  # @param [String] base_url
@@ -39,7 +42,7 @@ module Mihari
39
42
  #
40
43
  # @param [String] query
41
44
  #
42
- # @return [Array<Mihari::Artifact>]
45
+ # @return [Array<Mihari::Models::Artifact>]
43
46
  #
44
47
  def reverse_whois_search(query)
45
48
  params = {
@@ -50,7 +53,7 @@ module Mihari
50
53
  results = res["results"] || []
51
54
  results.map do |result|
52
55
  data = result["domain"]
53
- Artifact.new(data: data, metadata: result)
56
+ Models::Artifact.new(data: data, metadata: result)
54
57
  end.flatten
55
58
  end
56
59
 
@@ -59,7 +62,7 @@ module Mihari
59
62
  #
60
63
  # @param [String] query
61
64
  #
62
- # @return [Array<Mihari::Artifact>]
65
+ # @return [Array<Mihari::Models::Artifact>]
63
66
  #
64
67
  def ssl_search(query)
65
68
  params = { query: query }
@@ -67,7 +70,7 @@ module Mihari
67
70
  results = res["results"] || []
68
71
  results.map do |result|
69
72
  data = result["ipAddresses"]
70
- data.map { |d| Artifact.new(data: d, metadata: result) }
73
+ data.map { |d| Models::Artifact.new(data: d, metadata: result) }
71
74
  end.flatten
72
75
  end
73
76
 
data/lib/mihari/clients/publsedive.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # PulseDive API client
7
+ #
5
8
  class PulseDive < Base
6
9
  # @return [String]
7
10
  attr_reader :api_key
@@ -21,7 +24,7 @@ module Mihari
21
24
  end
22
25
 
23
26
  #
24
- # @param [String] indicator_id
27
+ # @param [String] ip_or_domain
25
28
  #
26
29
  # @return [Hash]
27
30
  #
data/lib/mihari/clients/securitytrails.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # SecurityTrails API client
7
+ #
5
8
  class SecurityTrails < Base
6
9
  #
7
10
  # @param [String] base_url
@@ -36,13 +39,13 @@ module Mihari
36
39
  #
37
40
  # @param [String] query
38
41
  #
39
- # @return [Array<Mihari::Artifact>]
42
+ # @return [Array<Mihari::Models::Artifact>]
40
43
  #
41
44
  def ip_search(query)
42
45
  records = search_by_ip(query)
43
46
  records.filter_map do |record|
44
47
  data = record["hostname"]
45
- Artifact.new(data: data, metadata: record)
48
+ Models::Artifact.new(data: data, metadata: record)
46
49
  end
47
50
  end
48
51
 
@@ -57,7 +60,7 @@ module Mihari
57
60
  records = search_by_mail(query)
58
61
  records.filter_map do |record|
59
62
  data = record["hostname"]
60
- Artifact.new(data: data, metadata: record)
63
+ Models::Artifact.new(data: data, metadata: record)
61
64
  end
62
65
  end
63
66
 
data/lib/mihari/clients/shodan.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # Shodan API client
7
+ #
5
8
  class Shodan < Base
6
9
  PAGE_SIZE = 100
7
10
 
@@ -34,7 +37,7 @@ module Mihari
34
37
  # @param [Integer] page
35
38
  # @param [Boolean] minify
36
39
  #
37
- # @return [Structs::Shodan::Result]
40
+ # @return [Mihari::Structs::Shodan::Result]
38
41
  #
39
42
  def search(query, page: 1, minify: true)
40
43
  params = {
@@ -52,7 +55,7 @@ module Mihari
52
55
  # @param [Boolean] minify
53
56
  # @param [Integer] pagination_limit
54
57
  #
55
- # @return [Enumerable<Structs::Shodan::Response>]
58
+ # @return [Enumerable<Mihari::Structs::Shodan::Response>]
56
59
  #
57
60
  def search_with_pagination(query, minify: true, pagination_limit: Mihari.config.pagination_limit)
58
61
  Enumerator.new do |y|
data/lib/mihari/clients/the_hive.rb CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
+ #
6
+ # TheHive API client
7
+ #
5
8
  class TheHive < Base
6
9
  #
7
10
  # @param [String] base_url
data/lib/mihari/clients/urlscan.rb CHANGED
@@ -2,12 +2,15 @@
2
2
 
3
3
  module Mihari
4
4
  module Clients
5
- class UrlScan < Base
5
+ #
6
+ # urlscan.io API client
7
+ #
8
+ class Urlscan < Base
6
9
  #
7
10
  # @param [String] base_url
8
11
  # @param [String, nil] api_key
9
12
  # @param [Hash] headers
10
- # @param [Integer, nil] interval
13
+ # @param [Integer, nil] pagination_interval
11
14
  # @param [Integer, nil] timeout
12
15
  #
13
16
  def initialize(
@@ -29,7 +32,7 @@ module Mihari
29
32
  # @param [Integer, nil] size
30
33
  # @param [String, nil] search_after
31
34
  #
32
- # @return [Structs::Urlscan::Response]
35
+ # @return [Mihari::Structs::Urlscan::Response]
33
36
  #
34
37
  def search(q, size: nil, search_after: nil)
35
38
  params = { q: q, size: size, search_after: search_after }.compact
@@ -42,7 +45,7 @@ module Mihari
42
45
  # @param [Integer, nil] size
43
46
  # @param [Integer] pagination_limit
44
47
  #
45
- # @return [Enumerable<Structs::Urlscan::Response>]
48
+ # @return [Enumerable<Mihari::Structs::Urlscan::Response>]
46
49
  #
47
50
  def search_with_pagination(q, size: nil, pagination_limit: Mihari.config.pagination_limit)
48
51
  search_after = nil