mihari 5.7.0 → 5.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (192) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +1 -1
  3. data/lib/mihari/actor.rb +10 -4
  4. data/lib/mihari/cli/main.rb +2 -0
  5. data/lib/mihari/clients/base.rb +23 -1
  6. data/lib/mihari/clients/binaryedge.rb +1 -3
  7. data/lib/mihari/clients/censys.rb +1 -2
  8. data/lib/mihari/clients/crtsh.rb +2 -3
  9. data/lib/mihari/clients/dnstwister.rb +1 -2
  10. data/lib/mihari/clients/fofa.rb +1 -3
  11. data/lib/mihari/clients/greynoise.rb +1 -2
  12. data/lib/mihari/clients/hunterhow.rb +1 -2
  13. data/lib/mihari/clients/misp.rb +1 -2
  14. data/lib/mihari/clients/onyphe.rb +1 -2
  15. data/lib/mihari/clients/otx.rb +2 -14
  16. data/lib/mihari/clients/passivetotal.rb +3 -16
  17. data/lib/mihari/clients/publsedive.rb +2 -17
  18. data/lib/mihari/clients/securitytrails.rb +3 -25
  19. data/lib/mihari/clients/shodan.rb +1 -2
  20. data/lib/mihari/clients/the_hive.rb +1 -2
  21. data/lib/mihari/clients/urlscan.rb +1 -2
  22. data/lib/mihari/clients/virustotal.rb +3 -17
  23. data/lib/mihari/clients/zoomeye.rb +9 -19
  24. data/lib/mihari/commands/alert.rb +11 -9
  25. data/lib/mihari/commands/database.rb +4 -1
  26. data/lib/mihari/commands/mixins.rb +11 -0
  27. data/lib/mihari/commands/search.rb +13 -32
  28. data/lib/mihari/constants.rb +1 -1
  29. data/lib/mihari/database.rb +1 -1
  30. data/lib/mihari/enrichers/ipinfo.rb +1 -1
  31. data/lib/mihari/entities/tag.rb +1 -0
  32. data/lib/mihari/http.rb +13 -11
  33. data/lib/mihari/rule.rb +14 -0
  34. data/lib/mihari/service.rb +12 -2
  35. data/lib/mihari/services/alert_builder.rb +81 -8
  36. data/lib/mihari/services/alert_runner.rb +3 -10
  37. data/lib/mihari/services/rule_builder.rb +8 -10
  38. data/lib/mihari/services/rule_runner.rb +2 -25
  39. data/lib/mihari/structs/binaryedge.rb +9 -0
  40. data/lib/mihari/structs/censys.rb +0 -14
  41. data/lib/mihari/structs/fofa.rb +3 -0
  42. data/lib/mihari/structs/google_public_dns.rb +0 -4
  43. data/lib/mihari/structs/greynoise.rb +0 -6
  44. data/lib/mihari/structs/hunterhow.rb +0 -6
  45. data/lib/mihari/structs/ipinfo.rb +0 -2
  46. data/lib/mihari/structs/onyphe.rb +0 -4
  47. data/lib/mihari/structs/shodan.rb +0 -2
  48. data/lib/mihari/structs/urlscan.rb +0 -6
  49. data/lib/mihari/structs/virustotal_intelligence.rb +0 -8
  50. data/lib/mihari/version.rb +1 -1
  51. data/lib/mihari/web/app.rb +20 -17
  52. data/lib/mihari/web/endpoints/alerts.rb +75 -38
  53. data/lib/mihari/web/endpoints/artifacts.rb +60 -53
  54. data/lib/mihari/web/endpoints/ip_addresses.rb +19 -4
  55. data/lib/mihari/web/endpoints/rules.rb +132 -88
  56. data/lib/mihari/web/endpoints/tags.rb +15 -13
  57. data/lib/mihari/web/middleware/error_notification_adapter.rb +8 -3
  58. data/lib/mihari/web/public/assets/{index-821134e2.js → index-ec641cb0.js} +45 -44
  59. data/lib/mihari/web/public/index.html +1 -1
  60. data/lib/mihari/web/public/redoc-static.html +400 -400
  61. data/lib/mihari.rb +0 -2
  62. data/mihari.gemspec +5 -5
  63. data/mkdocs.yml +14 -7
  64. metadata +13 -140
  65. data/docs/alternatives.md +0 -5
  66. data/docs/analyzers/binaryedge.md +0 -26
  67. data/docs/analyzers/censys.md +0 -31
  68. data/docs/analyzers/circl.md +0 -37
  69. data/docs/analyzers/crtsh.md +0 -26
  70. data/docs/analyzers/dnstwister.md +0 -25
  71. data/docs/analyzers/feed.md +0 -73
  72. data/docs/analyzers/fofa.md +0 -31
  73. data/docs/analyzers/greynoise.md +0 -26
  74. data/docs/analyzers/hunterhow.md +0 -33
  75. data/docs/analyzers/index.md +0 -104
  76. data/docs/analyzers/onyphe.md +0 -26
  77. data/docs/analyzers/otx.md +0 -28
  78. data/docs/analyzers/passivetotal.md +0 -52
  79. data/docs/analyzers/pulsedive.md +0 -28
  80. data/docs/analyzers/securitytrails.md +0 -41
  81. data/docs/analyzers/shodan.md +0 -26
  82. data/docs/analyzers/urlscan.md +0 -28
  83. data/docs/analyzers/virustotal.md +0 -43
  84. data/docs/analyzers/virustotal_intelligence.md +0 -33
  85. data/docs/analyzers/zoomeye.md +0 -38
  86. data/docs/configuration.md +0 -35
  87. data/docs/emitters/database.md +0 -22
  88. data/docs/emitters/hive.md +0 -26
  89. data/docs/emitters/index.md +0 -36
  90. data/docs/emitters/misp.md +0 -21
  91. data/docs/emitters/slack.md +0 -21
  92. data/docs/emitters/webhook.md +0 -63
  93. data/docs/enrichers/google_public_dns.md +0 -19
  94. data/docs/enrichers/index.md +0 -35
  95. data/docs/enrichers/ipinfo.md +0 -26
  96. data/docs/enrichers/shodan.md +0 -22
  97. data/docs/enrichers/whois.md +0 -17
  98. data/docs/github_actions.md +0 -43
  99. data/docs/index.md +0 -11
  100. data/docs/installation.md +0 -31
  101. data/docs/requirements.md +0 -13
  102. data/docs/rule.md +0 -168
  103. data/docs/tags.md +0 -3
  104. data/docs/usage.md +0 -103
  105. data/frontend/.eslintrc.cjs +0 -22
  106. data/frontend/.gitignore +0 -31
  107. data/frontend/.prettierrc.json +0 -8
  108. data/frontend/README.md +0 -3
  109. data/frontend/env.d.ts +0 -5
  110. data/frontend/index.html +0 -21
  111. data/frontend/package-lock.json +0 -7219
  112. data/frontend/package.json +0 -67
  113. data/frontend/public/favicon.ico +0 -0
  114. data/frontend/scripts/swagger_doc_to_yaml.rb +0 -23
  115. data/frontend/src/App.vue +0 -27
  116. data/frontend/src/ace-config.ts +0 -6
  117. data/frontend/src/api-helper.ts +0 -111
  118. data/frontend/src/api.ts +0 -105
  119. data/frontend/src/components/ErrorMessage.vue +0 -31
  120. data/frontend/src/components/Loading.vue +0 -15
  121. data/frontend/src/components/Navbar.vue +0 -42
  122. data/frontend/src/components/Pagination.vue +0 -119
  123. data/frontend/src/components/alert/Alert.vue +0 -87
  124. data/frontend/src/components/alert/Alerts.vue +0 -63
  125. data/frontend/src/components/alert/AlertsWithPagination.vue +0 -90
  126. data/frontend/src/components/alert/AlertsWrapper.vue +0 -128
  127. data/frontend/src/components/alert/Form.vue +0 -169
  128. data/frontend/src/components/artifact/AS.vue +0 -23
  129. data/frontend/src/components/artifact/Artifact.vue +0 -287
  130. data/frontend/src/components/artifact/ArtifactTag.vue +0 -64
  131. data/frontend/src/components/artifact/ArtifactTags.vue +0 -29
  132. data/frontend/src/components/artifact/ArtifactWrapper.vue +0 -57
  133. data/frontend/src/components/artifact/CPEs.vue +0 -23
  134. data/frontend/src/components/artifact/DnsRecords.vue +0 -32
  135. data/frontend/src/components/artifact/Ports.vue +0 -23
  136. data/frontend/src/components/artifact/ReverseDnsNames.vue +0 -23
  137. data/frontend/src/components/artifact/Tags.vue +0 -29
  138. data/frontend/src/components/artifact/WhoisRecord.vue +0 -44
  139. data/frontend/src/components/config/Configs.vue +0 -65
  140. data/frontend/src/components/config/ConfigsWrapper.vue +0 -32
  141. data/frontend/src/components/link/Link.vue +0 -32
  142. data/frontend/src/components/link/Links.vue +0 -42
  143. data/frontend/src/components/rule/EditRule.vue +0 -72
  144. data/frontend/src/components/rule/EditRuleWrapper.vue +0 -48
  145. data/frontend/src/components/rule/Form.vue +0 -158
  146. data/frontend/src/components/rule/InputForm.vue +0 -45
  147. data/frontend/src/components/rule/NewRule.vue +0 -57
  148. data/frontend/src/components/rule/Rule.vue +0 -100
  149. data/frontend/src/components/rule/RuleWrapper.vue +0 -53
  150. data/frontend/src/components/rule/Rules.vue +0 -84
  151. data/frontend/src/components/rule/RulesWrapper.vue +0 -121
  152. data/frontend/src/components/rule/YAML.vue +0 -37
  153. data/frontend/src/components/tag/Tag.vue +0 -65
  154. data/frontend/src/components/tag/Tags.vue +0 -37
  155. data/frontend/src/countries.ts +0 -350
  156. data/frontend/src/index.ts +0 -20
  157. data/frontend/src/links/anyrun.ts +0 -19
  158. data/frontend/src/links/base.ts +0 -14
  159. data/frontend/src/links/censys.ts +0 -20
  160. data/frontend/src/links/crtsh.ts +0 -20
  161. data/frontend/src/links/dnslytics.ts +0 -38
  162. data/frontend/src/links/greynoise.ts +0 -20
  163. data/frontend/src/links/index.ts +0 -40
  164. data/frontend/src/links/intezer.ts +0 -20
  165. data/frontend/src/links/otx.ts +0 -33
  166. data/frontend/src/links/securitytrails.ts +0 -38
  167. data/frontend/src/links/shodan.ts +0 -20
  168. data/frontend/src/links/urlscan.ts +0 -50
  169. data/frontend/src/links/virustotal.ts +0 -72
  170. data/frontend/src/main.ts +0 -41
  171. data/frontend/src/router/index.ts +0 -57
  172. data/frontend/src/rule.ts +0 -14
  173. data/frontend/src/shims-vue.d.ts +0 -6
  174. data/frontend/src/swagger.yaml +0 -771
  175. data/frontend/src/types.ts +0 -188
  176. data/frontend/src/utils.ts +0 -54
  177. data/frontend/src/views/Alerts.vue +0 -20
  178. data/frontend/src/views/Artifact.vue +0 -39
  179. data/frontend/src/views/Configs.vue +0 -20
  180. data/frontend/src/views/EditRule.vue +0 -39
  181. data/frontend/src/views/NewRule.vue +0 -26
  182. data/frontend/src/views/Rule.vue +0 -39
  183. data/frontend/src/views/Rules.vue +0 -20
  184. data/frontend/tests/utils.spec.ts +0 -9
  185. data/frontend/tsconfig.app.json +0 -21
  186. data/frontend/tsconfig.json +0 -14
  187. data/frontend/tsconfig.node.json +0 -13
  188. data/frontend/tsconfig.vitest.json +0 -12
  189. data/frontend/vite.config.ts +0 -24
  190. data/frontend/vitest.config.ts +0 -21
  191. data/lib/mihari/mixins/error_notification.rb +0 -21
  192. data/lib/mihari/services/alert_proxy.rb +0 -97
data/lib/mihari.rb CHANGED
@@ -53,7 +53,6 @@ require "mihari/config"
53
53
  require "mihari/mixins/autonomous_system"
54
54
  require "mihari/mixins/configurable"
55
55
  require "mihari/mixins/falsepositive"
56
- require "mihari/mixins/error_notification"
57
56
  require "mihari/mixins/refang"
58
57
  require "mihari/mixins/retriable"
59
58
 
@@ -264,7 +263,6 @@ require "mihari/services/rule_builder"
264
263
  require "mihari/services/rule_runner"
265
264
 
266
265
  require "mihari/services/alert_builder"
267
- require "mihari/services/alert_proxy"
268
266
  require "mihari/services/alert_runner"
269
267
 
270
268
  # Entities
data/mihari.gemspec CHANGED
@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
31
31
  # Specify which files should be added to the gem when it is released.
32
32
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
33
33
  spec.files = Dir.chdir(File.expand_path(__dir__)) do
34
- `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|images|docker|.github)/}) }
34
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(.github|.vscode|docs|docker|frontend|images|spec|)/}) }
35
35
  end
36
36
  # Include frontend assets in lib/mihari/web/public
37
37
  spec.files += Dir.glob("lib/mihari/web/public/**/*")
@@ -67,7 +67,7 @@ Gem::Specification.new do |spec|
67
67
  spec.add_development_dependency "solargraph", "~> 0.49"
68
68
  end
69
69
 
70
- spec.add_dependency "activerecord", "7.1.1"
70
+ spec.add_dependency "activerecord", "7.1.2"
71
71
  spec.add_dependency "addressable", "2.8.5"
72
72
  spec.add_dependency "anyway_config", "2.5.4"
73
73
  spec.add_dependency "awrence", "2.0.1"
@@ -95,13 +95,13 @@ Gem::Specification.new do |spec|
95
95
  spec.add_dependency "rack", "3.0.8"
96
96
  spec.add_dependency "rack-cors", "2.0.1"
97
97
  spec.add_dependency "rackup", "2.1.0"
98
- spec.add_dependency "semantic_logger", "4.14.0"
99
- spec.add_dependency "sentry-ruby", "5.12.0"
98
+ spec.add_dependency "semantic_logger", "4.15.0"
99
+ spec.add_dependency "sentry-ruby", "5.13.0"
100
100
  spec.add_dependency "slack-notifier", "2.4.0"
101
101
  spec.add_dependency "sqlite3", "1.6.8"
102
102
  spec.add_dependency "thor", "1.3.0"
103
103
  spec.add_dependency "thor-hollaback", "0.2.1"
104
104
  spec.add_dependency "uuidtools", "2.2.0"
105
- spec.add_dependency "whois", "5.1.0"
105
+ spec.add_dependency "whois", "5.1.1"
106
106
  spec.add_dependency "whois-parser", "2.0.0"
107
107
  end
data/mkdocs.yml CHANGED
@@ -16,13 +16,16 @@ nav:
16
16
  - Usage: usage.md
17
17
  - Configuration: configuration.md
18
18
  - Tips:
19
- - GitHub Actions: github_actions.md
20
- - Alternatives: alternatives.md
19
+ - Docker: tips/docker.md
20
+ - GitHub Actions: tips/github_actions.md
21
+ - Superset: tips/superset.md
22
+ - Alternatives: tips/alternatives.md
21
23
  - References:
22
- - Analyzers: "analyzers/index.md"
23
- - Enrichers: "enrichers/index.md"
24
- - Emitters: "emitters/index.md"
25
- - Tags: "./tags.md"
24
+ - Analyzers: analyzers/index.md
25
+ - Enrichers: enrichers/index.md
26
+ - Emitters: emitters/index.md
27
+ - Database: database.md
28
+ - Tags: tags.md
26
29
 
27
30
  markdown_extensions:
28
31
  - toc:
@@ -32,4 +35,8 @@ markdown_extensions:
32
35
  - pymdownx.extra
33
36
  - pymdownx.highlight
34
37
  - pymdownx.magiclink
35
- - pymdownx.superfences
38
+ - pymdownx.superfences:
39
+ custom_fences:
40
+ - name: mermaid
41
+ class: mermaid
42
+ format: !!python/name:pymdownx.superfences.fence_code_format
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.7.0
4
+ version: 5.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-11-03 00:00:00.000000000 Z
11
+ date: 2023-11-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -324,14 +324,14 @@ dependencies:
324
324
  requirements:
325
325
  - - '='
326
326
  - !ruby/object:Gem::Version
327
- version: 7.1.1
327
+ version: 7.1.2
328
328
  type: :runtime
329
329
  prerelease: false
330
330
  version_requirements: !ruby/object:Gem::Requirement
331
331
  requirements:
332
332
  - - '='
333
333
  - !ruby/object:Gem::Version
334
- version: 7.1.1
334
+ version: 7.1.2
335
335
  - !ruby/object:Gem::Dependency
336
336
  name: addressable
337
337
  requirement: !ruby/object:Gem::Requirement
@@ -716,28 +716,28 @@ dependencies:
716
716
  requirements:
717
717
  - - '='
718
718
  - !ruby/object:Gem::Version
719
- version: 4.14.0
719
+ version: 4.15.0
720
720
  type: :runtime
721
721
  prerelease: false
722
722
  version_requirements: !ruby/object:Gem::Requirement
723
723
  requirements:
724
724
  - - '='
725
725
  - !ruby/object:Gem::Version
726
- version: 4.14.0
726
+ version: 4.15.0
727
727
  - !ruby/object:Gem::Dependency
728
728
  name: sentry-ruby
729
729
  requirement: !ruby/object:Gem::Requirement
730
730
  requirements:
731
731
  - - '='
732
732
  - !ruby/object:Gem::Version
733
- version: 5.12.0
733
+ version: 5.13.0
734
734
  type: :runtime
735
735
  prerelease: false
736
736
  version_requirements: !ruby/object:Gem::Requirement
737
737
  requirements:
738
738
  - - '='
739
739
  - !ruby/object:Gem::Version
740
- version: 5.12.0
740
+ version: 5.13.0
741
741
  - !ruby/object:Gem::Dependency
742
742
  name: slack-notifier
743
743
  requirement: !ruby/object:Gem::Requirement
@@ -814,14 +814,14 @@ dependencies:
814
814
  requirements:
815
815
  - - '='
816
816
  - !ruby/object:Gem::Version
817
- version: 5.1.0
817
+ version: 5.1.1
818
818
  type: :runtime
819
819
  prerelease: false
820
820
  version_requirements: !ruby/object:Gem::Requirement
821
821
  requirements:
822
822
  - - '='
823
823
  - !ruby/object:Gem::Version
824
- version: 5.1.0
824
+ version: 5.1.1
825
825
  - !ruby/object:Gem::Dependency
826
826
  name: whois-parser
827
827
  requirement: !ruby/object:Gem::Requirement
@@ -856,133 +856,7 @@ files:
856
856
  - bin/setup
857
857
  - build_frontend.sh
858
858
  - config.ru
859
- - docs/alternatives.md
860
- - docs/analyzers/binaryedge.md
861
- - docs/analyzers/censys.md
862
- - docs/analyzers/circl.md
863
- - docs/analyzers/crtsh.md
864
- - docs/analyzers/dnstwister.md
865
- - docs/analyzers/feed.md
866
- - docs/analyzers/fofa.md
867
- - docs/analyzers/greynoise.md
868
- - docs/analyzers/hunterhow.md
869
- - docs/analyzers/index.md
870
- - docs/analyzers/onyphe.md
871
- - docs/analyzers/otx.md
872
- - docs/analyzers/passivetotal.md
873
- - docs/analyzers/pulsedive.md
874
- - docs/analyzers/securitytrails.md
875
- - docs/analyzers/shodan.md
876
- - docs/analyzers/urlscan.md
877
- - docs/analyzers/virustotal.md
878
- - docs/analyzers/virustotal_intelligence.md
879
- - docs/analyzers/zoomeye.md
880
- - docs/configuration.md
881
- - docs/emitters/database.md
882
- - docs/emitters/hive.md
883
- - docs/emitters/index.md
884
- - docs/emitters/misp.md
885
- - docs/emitters/slack.md
886
- - docs/emitters/webhook.md
887
- - docs/enrichers/google_public_dns.md
888
- - docs/enrichers/index.md
889
- - docs/enrichers/ipinfo.md
890
- - docs/enrichers/shodan.md
891
- - docs/enrichers/whois.md
892
- - docs/github_actions.md
893
- - docs/index.md
894
- - docs/installation.md
895
- - docs/requirements.md
896
- - docs/rule.md
897
- - docs/tags.md
898
- - docs/usage.md
899
859
  - exe/mihari
900
- - frontend/.eslintrc.cjs
901
- - frontend/.gitignore
902
- - frontend/.prettierrc.json
903
- - frontend/README.md
904
- - frontend/env.d.ts
905
- - frontend/index.html
906
- - frontend/package-lock.json
907
- - frontend/package.json
908
- - frontend/public/favicon.ico
909
- - frontend/scripts/swagger_doc_to_yaml.rb
910
- - frontend/src/App.vue
911
- - frontend/src/ace-config.ts
912
- - frontend/src/api-helper.ts
913
- - frontend/src/api.ts
914
- - frontend/src/components/ErrorMessage.vue
915
- - frontend/src/components/Loading.vue
916
- - frontend/src/components/Navbar.vue
917
- - frontend/src/components/Pagination.vue
918
- - frontend/src/components/alert/Alert.vue
919
- - frontend/src/components/alert/Alerts.vue
920
- - frontend/src/components/alert/AlertsWithPagination.vue
921
- - frontend/src/components/alert/AlertsWrapper.vue
922
- - frontend/src/components/alert/Form.vue
923
- - frontend/src/components/artifact/AS.vue
924
- - frontend/src/components/artifact/Artifact.vue
925
- - frontend/src/components/artifact/ArtifactTag.vue
926
- - frontend/src/components/artifact/ArtifactTags.vue
927
- - frontend/src/components/artifact/ArtifactWrapper.vue
928
- - frontend/src/components/artifact/CPEs.vue
929
- - frontend/src/components/artifact/DnsRecords.vue
930
- - frontend/src/components/artifact/Ports.vue
931
- - frontend/src/components/artifact/ReverseDnsNames.vue
932
- - frontend/src/components/artifact/Tags.vue
933
- - frontend/src/components/artifact/WhoisRecord.vue
934
- - frontend/src/components/config/Configs.vue
935
- - frontend/src/components/config/ConfigsWrapper.vue
936
- - frontend/src/components/link/Link.vue
937
- - frontend/src/components/link/Links.vue
938
- - frontend/src/components/rule/EditRule.vue
939
- - frontend/src/components/rule/EditRuleWrapper.vue
940
- - frontend/src/components/rule/Form.vue
941
- - frontend/src/components/rule/InputForm.vue
942
- - frontend/src/components/rule/NewRule.vue
943
- - frontend/src/components/rule/Rule.vue
944
- - frontend/src/components/rule/RuleWrapper.vue
945
- - frontend/src/components/rule/Rules.vue
946
- - frontend/src/components/rule/RulesWrapper.vue
947
- - frontend/src/components/rule/YAML.vue
948
- - frontend/src/components/tag/Tag.vue
949
- - frontend/src/components/tag/Tags.vue
950
- - frontend/src/countries.ts
951
- - frontend/src/index.ts
952
- - frontend/src/links/anyrun.ts
953
- - frontend/src/links/base.ts
954
- - frontend/src/links/censys.ts
955
- - frontend/src/links/crtsh.ts
956
- - frontend/src/links/dnslytics.ts
957
- - frontend/src/links/greynoise.ts
958
- - frontend/src/links/index.ts
959
- - frontend/src/links/intezer.ts
960
- - frontend/src/links/otx.ts
961
- - frontend/src/links/securitytrails.ts
962
- - frontend/src/links/shodan.ts
963
- - frontend/src/links/urlscan.ts
964
- - frontend/src/links/virustotal.ts
965
- - frontend/src/main.ts
966
- - frontend/src/router/index.ts
967
- - frontend/src/rule.ts
968
- - frontend/src/shims-vue.d.ts
969
- - frontend/src/swagger.yaml
970
- - frontend/src/types.ts
971
- - frontend/src/utils.ts
972
- - frontend/src/views/Alerts.vue
973
- - frontend/src/views/Artifact.vue
974
- - frontend/src/views/Configs.vue
975
- - frontend/src/views/EditRule.vue
976
- - frontend/src/views/NewRule.vue
977
- - frontend/src/views/Rule.vue
978
- - frontend/src/views/Rules.vue
979
- - frontend/tests/utils.spec.ts
980
- - frontend/tsconfig.app.json
981
- - frontend/tsconfig.json
982
- - frontend/tsconfig.node.json
983
- - frontend/tsconfig.vitest.json
984
- - frontend/vite.config.ts
985
- - frontend/vitest.config.ts
986
860
  - lefthook.yml
987
861
  - lib/mihari.rb
988
862
  - lib/mihari/actor.rb
@@ -1033,6 +907,7 @@ files:
1033
907
  - lib/mihari/clients/zoomeye.rb
1034
908
  - lib/mihari/commands/alert.rb
1035
909
  - lib/mihari/commands/database.rb
910
+ - lib/mihari/commands/mixins.rb
1036
911
  - lib/mihari/commands/rule.rb
1037
912
  - lib/mihari/commands/search.rb
1038
913
  - lib/mihari/commands/version.rb
@@ -1071,7 +946,6 @@ files:
1071
946
  - lib/mihari/http.rb
1072
947
  - lib/mihari/mixins/autonomous_system.rb
1073
948
  - lib/mihari/mixins/configurable.rb
1074
- - lib/mihari/mixins/error_notification.rb
1075
949
  - lib/mihari/mixins/falsepositive.rb
1076
950
  - lib/mihari/mixins/refang.rb
1077
951
  - lib/mihari/mixins/retriable.rb
@@ -1098,7 +972,6 @@ files:
1098
972
  - lib/mihari/schemas/rule.rb
1099
973
  - lib/mihari/service.rb
1100
974
  - lib/mihari/services/alert_builder.rb
1101
- - lib/mihari/services/alert_proxy.rb
1102
975
  - lib/mihari/services/alert_runner.rb
1103
976
  - lib/mihari/services/rule_builder.rb
1104
977
  - lib/mihari/services/rule_runner.rb
@@ -1129,7 +1002,7 @@ files:
1129
1002
  - lib/mihari/web/middleware/connection_adapter.rb
1130
1003
  - lib/mihari/web/middleware/error_notification_adapter.rb
1131
1004
  - lib/mihari/web/public/assets/index-56fc2187.css
1132
- - lib/mihari/web/public/assets/index-821134e2.js
1005
+ - lib/mihari/web/public/assets/index-ec641cb0.js
1133
1006
  - lib/mihari/web/public/assets/mode-yaml-24faa242.js
1134
1007
  - lib/mihari/web/public/favicon.ico
1135
1008
  - lib/mihari/web/public/index.html
@@ -1158,7 +1031,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
1158
1031
  - !ruby/object:Gem::Version
1159
1032
  version: '0'
1160
1033
  requirements: []
1161
- rubygems_version: 3.4.20
1034
+ rubygems_version: 3.4.21
1162
1035
  signing_key:
1163
1036
  specification_version: 4
1164
1037
  summary: A query aggregator for OSINT based threat hunting
data/docs/alternatives.md DELETED
@@ -1,5 +0,0 @@
1
- # Alternatives
2
-
3
- - [InQuest/ThreatIngestor](https://github.com/InQuest/ThreatIngestor) - Extract and aggregate threat intelligence.
4
- - [thalesgroup-cert/Watcher](https://github.com/thalesgroup-cert/Watcher) - Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
5
- - [projectdiscovery/uncover](https://github.com/projectdiscovery/uncover) - Quickly discover exposed hosts on the internet using multiple search engines.
@@ -1,26 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:IP
4
- ---
5
-
6
- # BinaryEdge
7
-
8
- - [https://www.binaryedge.io/](https://www.binaryedge.io/)
9
-
10
- This analyzer uses [BinaryEdge API V2](https://docs.binaryedge.io/api-v2/) (`/v2/query/search`) to search. Pagination is supported.
11
-
12
- ```yaml
13
- analyzer: binaryedge
14
- query: ...
15
- api_key: ...
16
- ```
17
-
18
- ## Components
19
-
20
- ### Query
21
-
22
- `query` (`string`) is a search query.
23
-
24
- ### API Key
25
-
26
- `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
@@ -1,31 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:IP
4
- ---
5
-
6
- # Censys
7
-
8
- - [https://censys.io/](https://censys.io/)
9
-
10
- This analyzer uses [Censys Search 2.0 REST API](https://search.censys.io/api) to search. Pagination is supported.
11
-
12
- ```yaml
13
- analyzer: censys
14
- query: ...
15
- id: ...
16
- secret: ...
17
- ```
18
-
19
- ## Components
20
-
21
- ### Query
22
-
23
- `query` (`string`) is a search query.
24
-
25
- ### ID
26
-
27
- `id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
28
-
29
- ### Secret
30
-
31
- `secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
@@ -1,37 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:IP
4
- - Passive DNS
5
- - Passive SSL
6
- ---
7
-
8
- # CIRCL Passive DNS/SSL
9
-
10
- - [https://www.circl.lu/services/passive-dns/](https://www.circl.lu/services/passive-dns/)
11
- - [https://www.circl.lu/services/passive-ssl/](https://www.circl.lu/services/passive-ssl/)
12
-
13
- This analyzer uses CIRCL passive DNS API or passive SSL API:
14
-
15
- - Use passive DNS API if a query(input) is a domain
16
- - Use passive SSL API if a query(input) is a SHA1 certificate fingerprint
17
-
18
- ```yaml
19
- analyzer: circl
20
- query: ...
21
- password: ...
22
- username: ...
23
- ```
24
-
25
- ## Components
26
-
27
- ### Query
28
-
29
- `query` (`string`) is a domain or SHA1 certificate fingerprint.
30
-
31
- ### Username
32
-
33
- `username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
34
-
35
- ### Password
36
-
37
- `password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
@@ -1,26 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:Domain
4
- ---
5
-
6
- # crt.sh
7
-
8
- - [https://crt.sh/](https://crt.sh/)
9
-
10
- This analyzer uses [crt.sh](http://crt.sh)'s (unofficial?) REST API.
11
-
12
- ```yaml
13
- analyzer: crtsh
14
- query: ...
15
- exclude_expired: ...
16
- ```
17
-
18
- ## Components
19
-
20
- ### Query
21
-
22
- `query` (`string`) is a search query.
23
-
24
- ### Exclude Expired
25
-
26
- `exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
@@ -1,25 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:Domain
4
- ---
5
-
6
- # dnstwister
7
-
8
- - [https://dnstwister.report/](https://dnstwister.report/)
9
-
10
- This analyzer uses [dnstwister API](https://dnstwister.report/api/) to search.
11
-
12
- ```yaml
13
- analyzer: dnstwister
14
- query: ...
15
- ```
16
-
17
- ## Components
18
-
19
- ### Query
20
-
21
- `query` (`string`) is a search query.
22
-
23
- !!! tip
24
-
25
- There is no need to input a domain in hexadecimal format. This analyzer automatically converts a domain (in string format) into a hexadecimal value.
@@ -1,73 +0,0 @@
1
- # Feed
2
-
3
- This analyzer can ingest a feed (JSON or CSV) by specifying conditions.
4
-
5
- Note that you should write a selector to get proper IoCs from a feed. A selector is based on [jr](https://github.com/yuya-takeyama/jr).
6
-
7
- ```yaml
8
- analyzer: feed
9
- query: ...
10
- selector: ...
11
- method: ...
12
- headers: ...
13
- params: ...
14
- data: ...
15
- json: ...
16
- ```
17
-
18
- ## Components
19
-
20
- ### Query
21
-
22
- `query` (`string`) is a URL of a feed.
23
-
24
- !!! note
25
-
26
- I know this is a strange naming. It's just for keeping the convention with other analyzers.
27
-
28
- ### Method
29
-
30
- `method` (`string`) is an HTTP method. Defaults to `GET`.
31
-
32
- ### Selector
33
-
34
- `selector` (`string`) is a `jr` selector.
35
-
36
- ### Headers
37
-
38
- `headers` (`hash`) is an HTTP headers. Optional.
39
-
40
- ### Params
41
-
42
- `params` (`hash`) is an HTTP query params. Optional.
43
-
44
- ### Data
45
-
46
- `data` (`hash`) is an HTTP form data. Optional.
47
-
48
- ### JSON
49
-
50
- `json` (`hash`) is an JSON body. Optional.
51
-
52
- ## Examples
53
-
54
- ### ThreatFox
55
-
56
- ```yaml
57
- analyzer: feed
58
- query: "https://threatfox-api.abuse.ch/api/v1/"
59
- method: POST
60
- json:
61
- query: get_iocs
62
- days: 1
63
- headers:
64
- selector: "map(&:data).unwrap.map(&:ioc).map { |v| v.start_with?('http://', 'https://') ? v : v.split(':').first }"
65
- ```
66
-
67
- ### URLhaus
68
-
69
- ```yaml
70
- analyzer: feed
71
- query: "https://urlhaus.abuse.ch/feeds/country/JP/"
72
- selector: "map { |v| v[1] }"
73
- ```
@@ -1,31 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:IP
4
- ---
5
-
6
- # Fofa
7
-
8
- - https://en.fofa.info/
9
-
10
- This analyzer uses Fofa API (`/api/v1/search/all`) to search. Pagination is supported.
11
-
12
- ```yaml
13
- analyzer: fofa
14
- query: ...
15
- api_key: ...
16
- email: ...
17
- ```
18
-
19
- ## Components
20
-
21
- ### Query
22
-
23
- `query` (`string`) is a search query.
24
-
25
- ### API Key
26
-
27
- `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”FOFA_API_KEY"]`.
28
-
29
- ### Email
30
-
31
- `email` (`string`) is an email. Optional. Defaults to `ENV[”FOFA_EMAIL"]`.
@@ -1,26 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:IP
4
- ---
5
-
6
- # GreyNoise
7
-
8
- - [https://www.greynoise.io/](https://www.greynoise.io/)
9
-
10
- This analyzer uses GreyNoise API (`/v2/experimental/gnql`) to search. Pagination is supported.
11
-
12
- ```yaml
13
- analyzer: greynoise
14
- query: ...
15
- api_key: ...
16
- ```
17
-
18
- ## Components
19
-
20
- ### Query
21
-
22
- `query` (`string`) is a GNQL search query.
23
-
24
- ### API Key
25
-
26
- `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
@@ -1,33 +0,0 @@
1
- ---
2
- tags:
3
- - Artifact:IP
4
- ---
5
-
6
- # Hunter How
7
-
8
- - [https://hunter.how/](https://hunter.how/)
9
-
10
- This analyzer uses Hunter How API (`https://api.hunter.how/search`) to search. Pagination is supported.
11
-
12
- ```yaml
13
- analyzer: hunterhow
14
- query: ...
15
- api_key: ...
16
- start_time: ...
17
- end_time: ...
18
- ```
19
-
20
- ## Components
21
-
22
- ### Query
23
-
24
- `query` (`string`) is a search query.
25
-
26
- ### Start/End Time
27
-
28
- - `start_time` (`date`): Only show results after the given date.
29
- - `end_time` (`date`): Only show results after the given date.
30
-
31
- ### API key
32
-
33
- `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.