mihari 5.6.2 → 5.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7136011e523fa8b61ed048932c1ca7e265425a4eaf89c76a5f8052f74c108f17
-  data.tar.gz: 243dfcbc17341520912a626210a336d0cdd419b011160d4d2f60ddd1f2326c33
+  metadata.gz: 2d27340b82929d2a9dba6cab93c9e429112eed2f254f18595b765bd65852cdfa
+  data.tar.gz: 137141dad2d1b3c4f5b33a2ed38824a9e19c965c7d13e99d20358c2d546dd24c
 SHA512:
-  metadata.gz: eade462830cc2258517594564713cd5b612755f359a4efafb40fd16973282785f9a0ad610e3063c9b372ffddcf45e98773e6047f3761547493a68f6bafe25769
-  data.tar.gz: 7ff869faaaf0782d842e241e476d5b7602d94e3c08ae2588d4fcbe56d0c44bb6b38714db72fa6be5da70ca5989c6803193b0516614af80d2752114783ff3a5bf
+  metadata.gz: 84825a14e57d1e740d7ee1e312ac23454017665b92dbdbe9fd2fe0cb55eb900addda0d9563049cf493094b67e9f1e5888d09fe37e7a102db5732f09837558fec
+  data.tar.gz: 393031f2550d7943271dd4b662c65b1da2df322661cdf1228808848e93f7bb7f65acaf8d1861599036bd951b464b5248f615e2abd738b171699eaf396b64f7c4

data/.rubocop.yml

@@ -3,12 +3,16 @@ Style/HashSyntax:
 Style/StringLiterals:
   EnforcedStyle: double_quotes
 Metrics/BlockLength:
+  Max: 150
   Exclude:
     - "spec/**/*"
     - "*.gemspec"
 Metrics/ClassLength:
   Enabled: false
 Metrics/MethodLength:
-  Max: 20
+  Max: 50
+Metrics/AbcSize:
+  Max: 50
 require:
   - rubocop-rspec
+  - rubocop-yard

data/README.md

@@ -24,6 +24,7 @@ Mihari supports the following services by default.
 - [CIRCL passive DNS](https://www.circl.lu/services/passive-dns/) / [passive SSL](https://www.circl.lu/services/passive-ssl/)
 - [crt.sh](https://crt.sh/)
 - [dnstwister](https://dnstwister.report/)
+- [Fofa](https://en.fofa.info/)
 - [GreyNoise](https://www.greynoise.io/)
 - [HunterHow](https://hunter.how/)
 - [Onyphe](https://onyphe.io)

data/config.ru

@@ -3,4 +3,4 @@ require "./lib/mihari"
 # set rack env as development
 ENV["RACK_ENV"] ||= "development"
 
-run Mihari::App.instance
+run Mihari::Web::App.instance

data/lib/mihari/actor.rb

@@ -2,7 +2,7 @@
 
 module Mihari
   #
-  # Base class for Analyzer, Emitter and Enricher
+  # Yet another base service class for Analyzer, Emitter and Enricher
   #
   class Actor
     include Dry::Monads[:result, :try]
@@ -16,7 +16,9 @@ module Mihari
     #
     # @param [Hash, nil] options
     #
-    def initialize(*_args, options: nil, **_kwargs)
+    def initialize(options: nil)
+      super()
+
       @options = options || {}
     end
 
@@ -57,6 +59,20 @@ module Mihari
       raise ConfigurationError, message
     end
 
+    def call(*args, **kwargs)
+      raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+    end
+
+    def result(...)
+      Try[StandardError] do
+        retry_on_error(
+          times: retry_times,
+          interval: retry_interval,
+          exponential_backoff: retry_exponential_backoff
+        ) { call(...) }
+      end.to_result
+    end
+
     class << self
       #
       # @return [String]

data/lib/mihari/analyzers/base.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Base class for analyzers
+    #
     class Base < Actor
       # @return [String]
       attr_reader :query
@@ -53,22 +56,20 @@ module Mihari
       # @return [Array<Mihari::Models::Artifact>]
       #
       def normalized_artifacts
-        retry_on_error(times: retry_times, interval: retry_interval, exponential_backoff: retry_exponential_backoff) do
-          artifacts.compact.sort.map do |artifact|
-            # No need to set data_type manually
-            # It is set automatically in #initialize
-            artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
-            artifact.source = self.class.class_key
-            artifact
-          end.select(&:valid?).uniq(&:data)
-        end
+        artifacts.compact.sort.map do |artifact|
+          # No need to set data_type manually
+          # It is set automatically in #initialize
+          artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
+          artifact.source = self.class.class_key
+          artifact
+        end.select(&:valid?).uniq(&:data)
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Array<Mihari::Models::Artifact>>, Dry::Monads::Result::Failure]
+      # @return [Array<Mihari::Models::Artifact>]
       #
-      def result
-        Try[StandardError] { normalized_artifacts }.to_result
+      def call
+        normalized_artifacts
       end
 
       class << self

data/lib/mihari/analyzers/binaryedge.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # BinaryEdge analyzer
+    #
     class BinaryEdge < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -32,7 +35,7 @@ module Mihari
       # @return [Mihari::Clients::BinaryEdge]
       #
       def client
-        @client ||= Clients::BinaryEdge.new(
+        Clients::BinaryEdge.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/censys.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Censys analyzer
+    #
     class Censys < Base
       # @return [String, nil]
       attr_reader :id
@@ -12,7 +15,6 @@ module Mihari
       #
       # @param [String] query
       # @param [hash, nil] options
-      # @param [String, nil] api_key
       # @param [String, nil] id
       # @param [String, nil] secret
       #
@@ -52,7 +54,7 @@ module Mihari
       # @return [Mihari::Clients::Censys]
       #
       def client
-        @client ||= Clients::Censys.new(
+        Clients::Censys.new(
           id: id,
           secret: secret,
           pagination_interval: pagination_interval,

data/lib/mihari/analyzers/circl.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # CIRCL passive DNS/SSL analyzer
+    #
     class CIRCL < Base
       include Mixins::Refang
 
@@ -51,7 +54,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::CIRCL.new(username: username, password: password, timeout: timeout)
+        Clients::CIRCL.new(username: username, password: password, timeout: timeout)
       end
 
       def username?

data/lib/mihari/analyzers/crtsh.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # crt.sh analyzer
+    #
     class Crtsh < Base
       # @return [Boolean]
       attr_reader :exclude_expired
@@ -28,7 +31,7 @@ module Mihari
       # @return [Mihari::Clients::Crtsh]
       #
       def client
-        @client ||= Mihari::Clients::Crtsh.new(timeout: timeout)
+        Mihari::Clients::Crtsh.new(timeout: timeout)
       end
     end
   end

data/lib/mihari/analyzers/dnstwister.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # DNSTwister analyzer
+    #
     class DNSTwister < Base
       include Mixins::Refang
 
@@ -39,7 +42,7 @@ module Mihari
       end
 
       def client
-        @client ||= Clients::DNSTwister.new(timeout: timeout)
+        Clients::DNSTwister.new(timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/feed.rb

@@ -5,6 +5,9 @@ require "mihari/feed/parser"
 
 module Mihari
   module Analyzers
+    #
+    # Feed analyzer
+    #
     class Feed < Base
       # @return [Hash, nil]
       attr_reader :data

data/lib/mihari/analyzers/fofa.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Analyzers
+    #
+    # Fofa analyzer
+    #
+    class Fofa < Base
+      # @return [String, nil]
+      attr_reader :api_key
+
+      # @return [String, nil]
+      attr_reader :email
+
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      # @param [String, nil] email
+      #
+      def initialize(query, options: nil, api_key: nil, email: nil)
+        super(query, options: options)
+
+        @api_key = api_key || Mihari.config.fofa_api_key
+        @email = email || Mihari.config.fofa_email
+      end
+
+      def artifacts
+        client.search_with_pagination(query, pagination_limit: pagination_limit).map do |res|
+          (res.results || []).map { |result| result[1] }
+        end.flatten.compact
+      end
+
+      def configuration_keys
+        %w[fofa_api_key fofa_email]
+      end
+
+      def configured?
+        api_key? && email?
+      end
+
+      private
+
+      def api_key?
+        !api_key.nil?
+      end
+
+      def email?
+        !email.nil?
+      end
+
+      #
+      # @return [Mihari::Clients::Fofa]
+      #
+      def client
+        Clients::Fofa.new(
+          api_key: api_key,
+          email: email,
+          pagination_interval: pagination_interval,
+          timeout: timeout
+        )
+      end
+    end
+  end
+end

data/lib/mihari/analyzers/greynoise.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # GreyNoise analyzer
+    #
     class GreyNoise < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -31,7 +34,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::GreyNoise.new(
+        Clients::GreyNoise.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/hunterhow.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # hunter.how analyzer
+    #
     class HunterHow < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -14,6 +17,8 @@ module Mihari
 
       #
       # @param [String] query
+      # @param [Date] start_time
+      # @param [Date] end_time
       # @param [Hash, nil] options
       # @param [String, nil] api_key
       #
@@ -46,7 +51,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::HunterHow.new(
+        Clients::HunterHow.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/onyphe.rb

@@ -4,6 +4,9 @@ require "normalize_country"
 
 module Mihari
   module Analyzers
+    #
+    # Onyphe analyzer
+    #
     class Onyphe < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -33,7 +36,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::Onyphe.new(
+        Clients::Onyphe.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/otx.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # OTX analyzer
+    #
     class OTX < Base
       include Mixins::Refang
 
@@ -42,7 +45,7 @@ module Mihari
       private
 
       def client
-        @client ||= Mihari::Clients::OTX.new(api_key: api_key, timeout: timeout)
+        Mihari::Clients::OTX.new(api_key: api_key, timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/passivetotal.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # PassiveTotal analyzer
+    #
     class PassiveTotal < Base
       include Mixins::Refang
 
@@ -62,7 +65,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::PassiveTotal.new(username: username, api_key: api_key, timeout: timeout)
+        Clients::PassiveTotal.new(username: username, api_key: api_key, timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/pulsedive.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Pulsedive analyzer
+    #
     class Pulsedive < Base
       include Mixins::Refang
 

data/lib/mihari/analyzers/securitytrails.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # SecurityTrails
+    #
     class SecurityTrails < Base
       include Mixins::Refang
 
@@ -56,7 +59,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::SecurityTrails.new(api_key: api_key, timeout: timeout)
+        Clients::SecurityTrails.new(api_key: api_key, timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/shodan.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Shodan analyzer
+    #
     class Shodan < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -34,7 +37,7 @@ module Mihari
       # @return [Clients::Shodan]
       #
       def client
-        @client ||= Clients::Shodan.new(
+        Clients::Shodan.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/urlscan.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # urlscan.io analyzer
+    #
     class Urlscan < Base
       SUPPORTED_DATA_TYPES = %w[url domain ip].freeze
 
@@ -44,7 +47,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::UrlScan.new(
+        Clients::Urlscan.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/virustotal.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # VirusTotal analyzer
+    #
     class VirusTotal < Base
       include Mixins::Refang
 
@@ -51,7 +54,7 @@ module Mihari
       private
 
       def client
-        @client = Clients::VirusTotal.new(api_key: api_key)
+        Clients::VirusTotal.new(api_key: api_key)
       end
 
       #

data/lib/mihari/analyzers/virustotal_intelligence.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # VirusTotal Intelligence analyzer
+    #
     class VirusTotalIntelligence < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -49,7 +52,7 @@ module Mihari
       # @return [::VirusTotal::API]
       #
       def client
-        @client = Clients::VirusTotal.new(
+        Clients::VirusTotal.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/zoomeye.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # ZoomEye analyzer
+    #
     class ZoomEye < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -53,7 +56,7 @@ module Mihari
       end
 
       def client
-        @client ||= Clients::ZoomEye.new(
+        Clients::ZoomEye.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout
@@ -63,7 +66,7 @@ module Mihari
       #
       # Convert responses into an array of String
       #
-      # @param [Hash] response
+      # @param [Hash] res
       #
       # @return [Array<Mihari::Models::Artifact>]
       #

data/lib/mihari/cli/alert.rb

@@ -4,6 +4,9 @@ require "mihari/commands/alert"
 
 module Mihari
   module CLI
+    #
+    # Alert CLI class (mihari alert ...)
+    #
     class Alert < Base
       include Mihari::Commands::Alert
     end

data/lib/mihari/cli/base.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module CLI
+    #
+    # Base class for Thor classes
+    #
     class Base < Thor
       class << self
         def exit_on_failure?

data/lib/mihari/cli/database.rb

@@ -4,6 +4,9 @@ require "mihari/commands/database"
 
 module Mihari
   module CLI
+    #
+    # Database CLI class (mihari db ...)
+    #
     class Database < Base
       include Mihari::Commands::Database
     end

data/lib/mihari/cli/main.rb

@@ -19,6 +19,9 @@ require "mihari/cli/rule"
 
 module Mihari
   module CLI
+    #
+    # Main CLI class
+    #
     class Main < Base
       class_option :debug, desc: "Sets up debug mode", aliases: ["-d"], type: :boolean
       class_around :safe_execute

data/lib/mihari/cli/rule.rb

@@ -4,6 +4,9 @@ require "mihari/commands/rule"
 
 module Mihari
   module CLI
+    #
+    # Rule CLI class (mihari rule ...)
+    #
     class Rule < Base
       include Mihari::Commands::Rule
     end

data/lib/mihari/clients/base.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Clients
+    #
+    # Base class for API clients
+    #
     class Base
       # @return [String]
       attr_reader :base_url

data/lib/mihari/clients/binaryedge.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Clients
+    #
+    # BinaryEdge API client
+    #
     class BinaryEdge < Base
       #
       # @param [String] base_url
@@ -27,7 +30,7 @@ module Mihari
       # @param [Integer] page Default 1, Maximum: 500
       # @param [Integer, nil] only_ips If selected, only output IP addresses, ports and protocols.
       #
-      # @return [Structs::BinaryEdge::Response]
+      # @return [Mihari::Structs::BinaryEdge::Response]
       #
       def search(query, page: 1, only_ips: nil)
         params = {
@@ -45,7 +48,7 @@ module Mihari
       # @param [Integer, nil] only_ips
       # @param [Integer] pagination_limit
       #
-      # @return [Enumerable<Structs::BinaryEdge::Response.>]
+      # @return [Enumerable<Mihari::Structs::BinaryEdge::Response>]
       #
       def search_with_pagination(query, only_ips: nil, pagination_limit: Mihari.config.pagination_limit)
         Enumerator.new do |y|

data/lib/mihari/clients/censys.rb

@@ -4,6 +4,9 @@ require "base64"
 
 module Mihari
   module Clients
+    #
+    # Censys API client
+    #
     class Censys < Base
       #
       # @param [String] base_url
@@ -36,10 +39,10 @@ module Mihari
       # For more details, see our documentation: https://search.censys.io/api/v2/docs
       #
       # @param [String] query the query to be executed.
-      # @params [Integer, nil] per_page the number of results to be returned for each page.
-      # @params [Integer, nil] cursor the cursor of the desired result set.
+      # @param [Integer, nil] per_page the number of results to be returned for each page.
+      # @param [Integer, nil] cursor the cursor of the desired result set.
       #
-      # @return [Structs::Censys::Response]
+      # @return [Mihari::Structs::Censys::Response]
       #
       def search(query, per_page: nil, cursor: nil)
         params = { q: query, per_page: per_page, cursor: cursor }.compact
@@ -52,7 +55,7 @@ module Mihari
       # @param [Integer, nil] per_page
       # @param [Integer] pagination_limit
       #
-      # @return [Enumerable<Structs::Censys::Response>]
+      # @return [Enumerable<Mihari::Structs::Censys::Response>]
       #
       def search_with_pagination(query, per_page: nil, pagination_limit: Mihari.config.pagination_limit)
         cursor = nil