mihari 5.7.0 → 5.7.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/lib/mihari/actor.rb +10 -4
- data/lib/mihari/cli/main.rb +2 -0
- data/lib/mihari/clients/base.rb +23 -1
- data/lib/mihari/clients/binaryedge.rb +1 -3
- data/lib/mihari/clients/censys.rb +1 -2
- data/lib/mihari/clients/crtsh.rb +2 -3
- data/lib/mihari/clients/dnstwister.rb +1 -2
- data/lib/mihari/clients/fofa.rb +1 -3
- data/lib/mihari/clients/greynoise.rb +1 -2
- data/lib/mihari/clients/hunterhow.rb +1 -2
- data/lib/mihari/clients/misp.rb +1 -2
- data/lib/mihari/clients/onyphe.rb +1 -2
- data/lib/mihari/clients/otx.rb +2 -14
- data/lib/mihari/clients/passivetotal.rb +3 -16
- data/lib/mihari/clients/publsedive.rb +2 -17
- data/lib/mihari/clients/securitytrails.rb +3 -25
- data/lib/mihari/clients/shodan.rb +1 -2
- data/lib/mihari/clients/the_hive.rb +1 -2
- data/lib/mihari/clients/urlscan.rb +1 -2
- data/lib/mihari/clients/virustotal.rb +3 -17
- data/lib/mihari/clients/zoomeye.rb +9 -19
- data/lib/mihari/commands/alert.rb +11 -9
- data/lib/mihari/commands/database.rb +4 -1
- data/lib/mihari/commands/mixins.rb +11 -0
- data/lib/mihari/commands/search.rb +13 -32
- data/lib/mihari/constants.rb +1 -1
- data/lib/mihari/database.rb +1 -1
- data/lib/mihari/enrichers/ipinfo.rb +1 -1
- data/lib/mihari/entities/tag.rb +1 -0
- data/lib/mihari/http.rb +13 -11
- data/lib/mihari/rule.rb +14 -0
- data/lib/mihari/service.rb +12 -2
- data/lib/mihari/services/alert_builder.rb +81 -8
- data/lib/mihari/services/alert_runner.rb +3 -10
- data/lib/mihari/services/rule_builder.rb +8 -10
- data/lib/mihari/services/rule_runner.rb +2 -25
- data/lib/mihari/structs/binaryedge.rb +9 -0
- data/lib/mihari/structs/censys.rb +0 -14
- data/lib/mihari/structs/fofa.rb +3 -0
- data/lib/mihari/structs/google_public_dns.rb +0 -4
- data/lib/mihari/structs/greynoise.rb +0 -6
- data/lib/mihari/structs/hunterhow.rb +0 -6
- data/lib/mihari/structs/ipinfo.rb +0 -2
- data/lib/mihari/structs/onyphe.rb +0 -4
- data/lib/mihari/structs/shodan.rb +0 -2
- data/lib/mihari/structs/urlscan.rb +0 -6
- data/lib/mihari/structs/virustotal_intelligence.rb +0 -8
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/app.rb +20 -17
- data/lib/mihari/web/endpoints/alerts.rb +75 -38
- data/lib/mihari/web/endpoints/artifacts.rb +60 -53
- data/lib/mihari/web/endpoints/ip_addresses.rb +19 -4
- data/lib/mihari/web/endpoints/rules.rb +132 -88
- data/lib/mihari/web/endpoints/tags.rb +15 -13
- data/lib/mihari/web/middleware/error_notification_adapter.rb +8 -3
- data/lib/mihari/web/public/assets/{index-821134e2.js → index-ec641cb0.js} +45 -44
- data/lib/mihari/web/public/index.html +1 -1
- data/lib/mihari/web/public/redoc-static.html +400 -400
- data/lib/mihari.rb +0 -2
- data/mihari.gemspec +5 -5
- data/mkdocs.yml +14 -7
- metadata +13 -140
- data/docs/alternatives.md +0 -5
- data/docs/analyzers/binaryedge.md +0 -26
- data/docs/analyzers/censys.md +0 -31
- data/docs/analyzers/circl.md +0 -37
- data/docs/analyzers/crtsh.md +0 -26
- data/docs/analyzers/dnstwister.md +0 -25
- data/docs/analyzers/feed.md +0 -73
- data/docs/analyzers/fofa.md +0 -31
- data/docs/analyzers/greynoise.md +0 -26
- data/docs/analyzers/hunterhow.md +0 -33
- data/docs/analyzers/index.md +0 -104
- data/docs/analyzers/onyphe.md +0 -26
- data/docs/analyzers/otx.md +0 -28
- data/docs/analyzers/passivetotal.md +0 -52
- data/docs/analyzers/pulsedive.md +0 -28
- data/docs/analyzers/securitytrails.md +0 -41
- data/docs/analyzers/shodan.md +0 -26
- data/docs/analyzers/urlscan.md +0 -28
- data/docs/analyzers/virustotal.md +0 -43
- data/docs/analyzers/virustotal_intelligence.md +0 -33
- data/docs/analyzers/zoomeye.md +0 -38
- data/docs/configuration.md +0 -35
- data/docs/emitters/database.md +0 -22
- data/docs/emitters/hive.md +0 -26
- data/docs/emitters/index.md +0 -36
- data/docs/emitters/misp.md +0 -21
- data/docs/emitters/slack.md +0 -21
- data/docs/emitters/webhook.md +0 -63
- data/docs/enrichers/google_public_dns.md +0 -19
- data/docs/enrichers/index.md +0 -35
- data/docs/enrichers/ipinfo.md +0 -26
- data/docs/enrichers/shodan.md +0 -22
- data/docs/enrichers/whois.md +0 -17
- data/docs/github_actions.md +0 -43
- data/docs/index.md +0 -11
- data/docs/installation.md +0 -31
- data/docs/requirements.md +0 -13
- data/docs/rule.md +0 -168
- data/docs/tags.md +0 -3
- data/docs/usage.md +0 -103
- data/frontend/.eslintrc.cjs +0 -22
- data/frontend/.gitignore +0 -31
- data/frontend/.prettierrc.json +0 -8
- data/frontend/README.md +0 -3
- data/frontend/env.d.ts +0 -5
- data/frontend/index.html +0 -21
- data/frontend/package-lock.json +0 -7219
- data/frontend/package.json +0 -67
- data/frontend/public/favicon.ico +0 -0
- data/frontend/scripts/swagger_doc_to_yaml.rb +0 -23
- data/frontend/src/App.vue +0 -27
- data/frontend/src/ace-config.ts +0 -6
- data/frontend/src/api-helper.ts +0 -111
- data/frontend/src/api.ts +0 -105
- data/frontend/src/components/ErrorMessage.vue +0 -31
- data/frontend/src/components/Loading.vue +0 -15
- data/frontend/src/components/Navbar.vue +0 -42
- data/frontend/src/components/Pagination.vue +0 -119
- data/frontend/src/components/alert/Alert.vue +0 -87
- data/frontend/src/components/alert/Alerts.vue +0 -63
- data/frontend/src/components/alert/AlertsWithPagination.vue +0 -90
- data/frontend/src/components/alert/AlertsWrapper.vue +0 -128
- data/frontend/src/components/alert/Form.vue +0 -169
- data/frontend/src/components/artifact/AS.vue +0 -23
- data/frontend/src/components/artifact/Artifact.vue +0 -287
- data/frontend/src/components/artifact/ArtifactTag.vue +0 -64
- data/frontend/src/components/artifact/ArtifactTags.vue +0 -29
- data/frontend/src/components/artifact/ArtifactWrapper.vue +0 -57
- data/frontend/src/components/artifact/CPEs.vue +0 -23
- data/frontend/src/components/artifact/DnsRecords.vue +0 -32
- data/frontend/src/components/artifact/Ports.vue +0 -23
- data/frontend/src/components/artifact/ReverseDnsNames.vue +0 -23
- data/frontend/src/components/artifact/Tags.vue +0 -29
- data/frontend/src/components/artifact/WhoisRecord.vue +0 -44
- data/frontend/src/components/config/Configs.vue +0 -65
- data/frontend/src/components/config/ConfigsWrapper.vue +0 -32
- data/frontend/src/components/link/Link.vue +0 -32
- data/frontend/src/components/link/Links.vue +0 -42
- data/frontend/src/components/rule/EditRule.vue +0 -72
- data/frontend/src/components/rule/EditRuleWrapper.vue +0 -48
- data/frontend/src/components/rule/Form.vue +0 -158
- data/frontend/src/components/rule/InputForm.vue +0 -45
- data/frontend/src/components/rule/NewRule.vue +0 -57
- data/frontend/src/components/rule/Rule.vue +0 -100
- data/frontend/src/components/rule/RuleWrapper.vue +0 -53
- data/frontend/src/components/rule/Rules.vue +0 -84
- data/frontend/src/components/rule/RulesWrapper.vue +0 -121
- data/frontend/src/components/rule/YAML.vue +0 -37
- data/frontend/src/components/tag/Tag.vue +0 -65
- data/frontend/src/components/tag/Tags.vue +0 -37
- data/frontend/src/countries.ts +0 -350
- data/frontend/src/index.ts +0 -20
- data/frontend/src/links/anyrun.ts +0 -19
- data/frontend/src/links/base.ts +0 -14
- data/frontend/src/links/censys.ts +0 -20
- data/frontend/src/links/crtsh.ts +0 -20
- data/frontend/src/links/dnslytics.ts +0 -38
- data/frontend/src/links/greynoise.ts +0 -20
- data/frontend/src/links/index.ts +0 -40
- data/frontend/src/links/intezer.ts +0 -20
- data/frontend/src/links/otx.ts +0 -33
- data/frontend/src/links/securitytrails.ts +0 -38
- data/frontend/src/links/shodan.ts +0 -20
- data/frontend/src/links/urlscan.ts +0 -50
- data/frontend/src/links/virustotal.ts +0 -72
- data/frontend/src/main.ts +0 -41
- data/frontend/src/router/index.ts +0 -57
- data/frontend/src/rule.ts +0 -14
- data/frontend/src/shims-vue.d.ts +0 -6
- data/frontend/src/swagger.yaml +0 -771
- data/frontend/src/types.ts +0 -188
- data/frontend/src/utils.ts +0 -54
- data/frontend/src/views/Alerts.vue +0 -20
- data/frontend/src/views/Artifact.vue +0 -39
- data/frontend/src/views/Configs.vue +0 -20
- data/frontend/src/views/EditRule.vue +0 -39
- data/frontend/src/views/NewRule.vue +0 -26
- data/frontend/src/views/Rule.vue +0 -39
- data/frontend/src/views/Rules.vue +0 -20
- data/frontend/tests/utils.spec.ts +0 -9
- data/frontend/tsconfig.app.json +0 -21
- data/frontend/tsconfig.json +0 -14
- data/frontend/tsconfig.node.json +0 -13
- data/frontend/tsconfig.vitest.json +0 -12
- data/frontend/vite.config.ts +0 -24
- data/frontend/vitest.config.ts +0 -21
- data/lib/mihari/mixins/error_notification.rb +0 -21
- data/lib/mihari/services/alert_proxy.rb +0 -97
data/lib/mihari.rb
CHANGED
@@ -53,7 +53,6 @@ require "mihari/config"
|
|
53
53
|
require "mihari/mixins/autonomous_system"
|
54
54
|
require "mihari/mixins/configurable"
|
55
55
|
require "mihari/mixins/falsepositive"
|
56
|
-
require "mihari/mixins/error_notification"
|
57
56
|
require "mihari/mixins/refang"
|
58
57
|
require "mihari/mixins/retriable"
|
59
58
|
|
@@ -264,7 +263,6 @@ require "mihari/services/rule_builder"
|
|
264
263
|
require "mihari/services/rule_runner"
|
265
264
|
|
266
265
|
require "mihari/services/alert_builder"
|
267
|
-
require "mihari/services/alert_proxy"
|
268
266
|
require "mihari/services/alert_runner"
|
269
267
|
|
270
268
|
# Entities
|
data/mihari.gemspec
CHANGED
@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
|
|
31
31
|
# Specify which files should be added to the gem when it is released.
|
32
32
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
33
33
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
34
|
-
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(
|
34
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(.github|.vscode|docs|docker|frontend|images|spec|)/}) }
|
35
35
|
end
|
36
36
|
# Include frontend assets in lib/mihari/web/public
|
37
37
|
spec.files += Dir.glob("lib/mihari/web/public/**/*")
|
@@ -67,7 +67,7 @@ Gem::Specification.new do |spec|
|
|
67
67
|
spec.add_development_dependency "solargraph", "~> 0.49"
|
68
68
|
end
|
69
69
|
|
70
|
-
spec.add_dependency "activerecord", "7.1.
|
70
|
+
spec.add_dependency "activerecord", "7.1.2"
|
71
71
|
spec.add_dependency "addressable", "2.8.5"
|
72
72
|
spec.add_dependency "anyway_config", "2.5.4"
|
73
73
|
spec.add_dependency "awrence", "2.0.1"
|
@@ -95,13 +95,13 @@ Gem::Specification.new do |spec|
|
|
95
95
|
spec.add_dependency "rack", "3.0.8"
|
96
96
|
spec.add_dependency "rack-cors", "2.0.1"
|
97
97
|
spec.add_dependency "rackup", "2.1.0"
|
98
|
-
spec.add_dependency "semantic_logger", "4.
|
99
|
-
spec.add_dependency "sentry-ruby", "5.
|
98
|
+
spec.add_dependency "semantic_logger", "4.15.0"
|
99
|
+
spec.add_dependency "sentry-ruby", "5.13.0"
|
100
100
|
spec.add_dependency "slack-notifier", "2.4.0"
|
101
101
|
spec.add_dependency "sqlite3", "1.6.8"
|
102
102
|
spec.add_dependency "thor", "1.3.0"
|
103
103
|
spec.add_dependency "thor-hollaback", "0.2.1"
|
104
104
|
spec.add_dependency "uuidtools", "2.2.0"
|
105
|
-
spec.add_dependency "whois", "5.1.
|
105
|
+
spec.add_dependency "whois", "5.1.1"
|
106
106
|
spec.add_dependency "whois-parser", "2.0.0"
|
107
107
|
end
|
data/mkdocs.yml
CHANGED
@@ -16,13 +16,16 @@ nav:
|
|
16
16
|
- Usage: usage.md
|
17
17
|
- Configuration: configuration.md
|
18
18
|
- Tips:
|
19
|
-
-
|
20
|
-
-
|
19
|
+
- Docker: tips/docker.md
|
20
|
+
- GitHub Actions: tips/github_actions.md
|
21
|
+
- Superset: tips/superset.md
|
22
|
+
- Alternatives: tips/alternatives.md
|
21
23
|
- References:
|
22
|
-
- Analyzers:
|
23
|
-
- Enrichers:
|
24
|
-
- Emitters:
|
25
|
-
-
|
24
|
+
- Analyzers: analyzers/index.md
|
25
|
+
- Enrichers: enrichers/index.md
|
26
|
+
- Emitters: emitters/index.md
|
27
|
+
- Database: database.md
|
28
|
+
- Tags: tags.md
|
26
29
|
|
27
30
|
markdown_extensions:
|
28
31
|
- toc:
|
@@ -32,4 +35,8 @@ markdown_extensions:
|
|
32
35
|
- pymdownx.extra
|
33
36
|
- pymdownx.highlight
|
34
37
|
- pymdownx.magiclink
|
35
|
-
- pymdownx.superfences
|
38
|
+
- pymdownx.superfences:
|
39
|
+
custom_fences:
|
40
|
+
- name: mermaid
|
41
|
+
class: mermaid
|
42
|
+
format: !!python/name:pymdownx.superfences.fence_code_format
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mihari
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.7.
|
4
|
+
version: 5.7.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-11-
|
11
|
+
date: 2023-11-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -324,14 +324,14 @@ dependencies:
|
|
324
324
|
requirements:
|
325
325
|
- - '='
|
326
326
|
- !ruby/object:Gem::Version
|
327
|
-
version: 7.1.
|
327
|
+
version: 7.1.2
|
328
328
|
type: :runtime
|
329
329
|
prerelease: false
|
330
330
|
version_requirements: !ruby/object:Gem::Requirement
|
331
331
|
requirements:
|
332
332
|
- - '='
|
333
333
|
- !ruby/object:Gem::Version
|
334
|
-
version: 7.1.
|
334
|
+
version: 7.1.2
|
335
335
|
- !ruby/object:Gem::Dependency
|
336
336
|
name: addressable
|
337
337
|
requirement: !ruby/object:Gem::Requirement
|
@@ -716,28 +716,28 @@ dependencies:
|
|
716
716
|
requirements:
|
717
717
|
- - '='
|
718
718
|
- !ruby/object:Gem::Version
|
719
|
-
version: 4.
|
719
|
+
version: 4.15.0
|
720
720
|
type: :runtime
|
721
721
|
prerelease: false
|
722
722
|
version_requirements: !ruby/object:Gem::Requirement
|
723
723
|
requirements:
|
724
724
|
- - '='
|
725
725
|
- !ruby/object:Gem::Version
|
726
|
-
version: 4.
|
726
|
+
version: 4.15.0
|
727
727
|
- !ruby/object:Gem::Dependency
|
728
728
|
name: sentry-ruby
|
729
729
|
requirement: !ruby/object:Gem::Requirement
|
730
730
|
requirements:
|
731
731
|
- - '='
|
732
732
|
- !ruby/object:Gem::Version
|
733
|
-
version: 5.
|
733
|
+
version: 5.13.0
|
734
734
|
type: :runtime
|
735
735
|
prerelease: false
|
736
736
|
version_requirements: !ruby/object:Gem::Requirement
|
737
737
|
requirements:
|
738
738
|
- - '='
|
739
739
|
- !ruby/object:Gem::Version
|
740
|
-
version: 5.
|
740
|
+
version: 5.13.0
|
741
741
|
- !ruby/object:Gem::Dependency
|
742
742
|
name: slack-notifier
|
743
743
|
requirement: !ruby/object:Gem::Requirement
|
@@ -814,14 +814,14 @@ dependencies:
|
|
814
814
|
requirements:
|
815
815
|
- - '='
|
816
816
|
- !ruby/object:Gem::Version
|
817
|
-
version: 5.1.
|
817
|
+
version: 5.1.1
|
818
818
|
type: :runtime
|
819
819
|
prerelease: false
|
820
820
|
version_requirements: !ruby/object:Gem::Requirement
|
821
821
|
requirements:
|
822
822
|
- - '='
|
823
823
|
- !ruby/object:Gem::Version
|
824
|
-
version: 5.1.
|
824
|
+
version: 5.1.1
|
825
825
|
- !ruby/object:Gem::Dependency
|
826
826
|
name: whois-parser
|
827
827
|
requirement: !ruby/object:Gem::Requirement
|
@@ -856,133 +856,7 @@ files:
|
|
856
856
|
- bin/setup
|
857
857
|
- build_frontend.sh
|
858
858
|
- config.ru
|
859
|
-
- docs/alternatives.md
|
860
|
-
- docs/analyzers/binaryedge.md
|
861
|
-
- docs/analyzers/censys.md
|
862
|
-
- docs/analyzers/circl.md
|
863
|
-
- docs/analyzers/crtsh.md
|
864
|
-
- docs/analyzers/dnstwister.md
|
865
|
-
- docs/analyzers/feed.md
|
866
|
-
- docs/analyzers/fofa.md
|
867
|
-
- docs/analyzers/greynoise.md
|
868
|
-
- docs/analyzers/hunterhow.md
|
869
|
-
- docs/analyzers/index.md
|
870
|
-
- docs/analyzers/onyphe.md
|
871
|
-
- docs/analyzers/otx.md
|
872
|
-
- docs/analyzers/passivetotal.md
|
873
|
-
- docs/analyzers/pulsedive.md
|
874
|
-
- docs/analyzers/securitytrails.md
|
875
|
-
- docs/analyzers/shodan.md
|
876
|
-
- docs/analyzers/urlscan.md
|
877
|
-
- docs/analyzers/virustotal.md
|
878
|
-
- docs/analyzers/virustotal_intelligence.md
|
879
|
-
- docs/analyzers/zoomeye.md
|
880
|
-
- docs/configuration.md
|
881
|
-
- docs/emitters/database.md
|
882
|
-
- docs/emitters/hive.md
|
883
|
-
- docs/emitters/index.md
|
884
|
-
- docs/emitters/misp.md
|
885
|
-
- docs/emitters/slack.md
|
886
|
-
- docs/emitters/webhook.md
|
887
|
-
- docs/enrichers/google_public_dns.md
|
888
|
-
- docs/enrichers/index.md
|
889
|
-
- docs/enrichers/ipinfo.md
|
890
|
-
- docs/enrichers/shodan.md
|
891
|
-
- docs/enrichers/whois.md
|
892
|
-
- docs/github_actions.md
|
893
|
-
- docs/index.md
|
894
|
-
- docs/installation.md
|
895
|
-
- docs/requirements.md
|
896
|
-
- docs/rule.md
|
897
|
-
- docs/tags.md
|
898
|
-
- docs/usage.md
|
899
859
|
- exe/mihari
|
900
|
-
- frontend/.eslintrc.cjs
|
901
|
-
- frontend/.gitignore
|
902
|
-
- frontend/.prettierrc.json
|
903
|
-
- frontend/README.md
|
904
|
-
- frontend/env.d.ts
|
905
|
-
- frontend/index.html
|
906
|
-
- frontend/package-lock.json
|
907
|
-
- frontend/package.json
|
908
|
-
- frontend/public/favicon.ico
|
909
|
-
- frontend/scripts/swagger_doc_to_yaml.rb
|
910
|
-
- frontend/src/App.vue
|
911
|
-
- frontend/src/ace-config.ts
|
912
|
-
- frontend/src/api-helper.ts
|
913
|
-
- frontend/src/api.ts
|
914
|
-
- frontend/src/components/ErrorMessage.vue
|
915
|
-
- frontend/src/components/Loading.vue
|
916
|
-
- frontend/src/components/Navbar.vue
|
917
|
-
- frontend/src/components/Pagination.vue
|
918
|
-
- frontend/src/components/alert/Alert.vue
|
919
|
-
- frontend/src/components/alert/Alerts.vue
|
920
|
-
- frontend/src/components/alert/AlertsWithPagination.vue
|
921
|
-
- frontend/src/components/alert/AlertsWrapper.vue
|
922
|
-
- frontend/src/components/alert/Form.vue
|
923
|
-
- frontend/src/components/artifact/AS.vue
|
924
|
-
- frontend/src/components/artifact/Artifact.vue
|
925
|
-
- frontend/src/components/artifact/ArtifactTag.vue
|
926
|
-
- frontend/src/components/artifact/ArtifactTags.vue
|
927
|
-
- frontend/src/components/artifact/ArtifactWrapper.vue
|
928
|
-
- frontend/src/components/artifact/CPEs.vue
|
929
|
-
- frontend/src/components/artifact/DnsRecords.vue
|
930
|
-
- frontend/src/components/artifact/Ports.vue
|
931
|
-
- frontend/src/components/artifact/ReverseDnsNames.vue
|
932
|
-
- frontend/src/components/artifact/Tags.vue
|
933
|
-
- frontend/src/components/artifact/WhoisRecord.vue
|
934
|
-
- frontend/src/components/config/Configs.vue
|
935
|
-
- frontend/src/components/config/ConfigsWrapper.vue
|
936
|
-
- frontend/src/components/link/Link.vue
|
937
|
-
- frontend/src/components/link/Links.vue
|
938
|
-
- frontend/src/components/rule/EditRule.vue
|
939
|
-
- frontend/src/components/rule/EditRuleWrapper.vue
|
940
|
-
- frontend/src/components/rule/Form.vue
|
941
|
-
- frontend/src/components/rule/InputForm.vue
|
942
|
-
- frontend/src/components/rule/NewRule.vue
|
943
|
-
- frontend/src/components/rule/Rule.vue
|
944
|
-
- frontend/src/components/rule/RuleWrapper.vue
|
945
|
-
- frontend/src/components/rule/Rules.vue
|
946
|
-
- frontend/src/components/rule/RulesWrapper.vue
|
947
|
-
- frontend/src/components/rule/YAML.vue
|
948
|
-
- frontend/src/components/tag/Tag.vue
|
949
|
-
- frontend/src/components/tag/Tags.vue
|
950
|
-
- frontend/src/countries.ts
|
951
|
-
- frontend/src/index.ts
|
952
|
-
- frontend/src/links/anyrun.ts
|
953
|
-
- frontend/src/links/base.ts
|
954
|
-
- frontend/src/links/censys.ts
|
955
|
-
- frontend/src/links/crtsh.ts
|
956
|
-
- frontend/src/links/dnslytics.ts
|
957
|
-
- frontend/src/links/greynoise.ts
|
958
|
-
- frontend/src/links/index.ts
|
959
|
-
- frontend/src/links/intezer.ts
|
960
|
-
- frontend/src/links/otx.ts
|
961
|
-
- frontend/src/links/securitytrails.ts
|
962
|
-
- frontend/src/links/shodan.ts
|
963
|
-
- frontend/src/links/urlscan.ts
|
964
|
-
- frontend/src/links/virustotal.ts
|
965
|
-
- frontend/src/main.ts
|
966
|
-
- frontend/src/router/index.ts
|
967
|
-
- frontend/src/rule.ts
|
968
|
-
- frontend/src/shims-vue.d.ts
|
969
|
-
- frontend/src/swagger.yaml
|
970
|
-
- frontend/src/types.ts
|
971
|
-
- frontend/src/utils.ts
|
972
|
-
- frontend/src/views/Alerts.vue
|
973
|
-
- frontend/src/views/Artifact.vue
|
974
|
-
- frontend/src/views/Configs.vue
|
975
|
-
- frontend/src/views/EditRule.vue
|
976
|
-
- frontend/src/views/NewRule.vue
|
977
|
-
- frontend/src/views/Rule.vue
|
978
|
-
- frontend/src/views/Rules.vue
|
979
|
-
- frontend/tests/utils.spec.ts
|
980
|
-
- frontend/tsconfig.app.json
|
981
|
-
- frontend/tsconfig.json
|
982
|
-
- frontend/tsconfig.node.json
|
983
|
-
- frontend/tsconfig.vitest.json
|
984
|
-
- frontend/vite.config.ts
|
985
|
-
- frontend/vitest.config.ts
|
986
860
|
- lefthook.yml
|
987
861
|
- lib/mihari.rb
|
988
862
|
- lib/mihari/actor.rb
|
@@ -1033,6 +907,7 @@ files:
|
|
1033
907
|
- lib/mihari/clients/zoomeye.rb
|
1034
908
|
- lib/mihari/commands/alert.rb
|
1035
909
|
- lib/mihari/commands/database.rb
|
910
|
+
- lib/mihari/commands/mixins.rb
|
1036
911
|
- lib/mihari/commands/rule.rb
|
1037
912
|
- lib/mihari/commands/search.rb
|
1038
913
|
- lib/mihari/commands/version.rb
|
@@ -1071,7 +946,6 @@ files:
|
|
1071
946
|
- lib/mihari/http.rb
|
1072
947
|
- lib/mihari/mixins/autonomous_system.rb
|
1073
948
|
- lib/mihari/mixins/configurable.rb
|
1074
|
-
- lib/mihari/mixins/error_notification.rb
|
1075
949
|
- lib/mihari/mixins/falsepositive.rb
|
1076
950
|
- lib/mihari/mixins/refang.rb
|
1077
951
|
- lib/mihari/mixins/retriable.rb
|
@@ -1098,7 +972,6 @@ files:
|
|
1098
972
|
- lib/mihari/schemas/rule.rb
|
1099
973
|
- lib/mihari/service.rb
|
1100
974
|
- lib/mihari/services/alert_builder.rb
|
1101
|
-
- lib/mihari/services/alert_proxy.rb
|
1102
975
|
- lib/mihari/services/alert_runner.rb
|
1103
976
|
- lib/mihari/services/rule_builder.rb
|
1104
977
|
- lib/mihari/services/rule_runner.rb
|
@@ -1129,7 +1002,7 @@ files:
|
|
1129
1002
|
- lib/mihari/web/middleware/connection_adapter.rb
|
1130
1003
|
- lib/mihari/web/middleware/error_notification_adapter.rb
|
1131
1004
|
- lib/mihari/web/public/assets/index-56fc2187.css
|
1132
|
-
- lib/mihari/web/public/assets/index-
|
1005
|
+
- lib/mihari/web/public/assets/index-ec641cb0.js
|
1133
1006
|
- lib/mihari/web/public/assets/mode-yaml-24faa242.js
|
1134
1007
|
- lib/mihari/web/public/favicon.ico
|
1135
1008
|
- lib/mihari/web/public/index.html
|
@@ -1158,7 +1031,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1158
1031
|
- !ruby/object:Gem::Version
|
1159
1032
|
version: '0'
|
1160
1033
|
requirements: []
|
1161
|
-
rubygems_version: 3.4.
|
1034
|
+
rubygems_version: 3.4.21
|
1162
1035
|
signing_key:
|
1163
1036
|
specification_version: 4
|
1164
1037
|
summary: A query aggregator for OSINT based threat hunting
|
data/docs/alternatives.md
DELETED
@@ -1,5 +0,0 @@
|
|
1
|
-
# Alternatives
|
2
|
-
|
3
|
-
- [InQuest/ThreatIngestor](https://github.com/InQuest/ThreatIngestor) - Extract and aggregate threat intelligence.
|
4
|
-
- [thalesgroup-cert/Watcher](https://github.com/thalesgroup-cert/Watcher) - Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
|
5
|
-
- [projectdiscovery/uncover](https://github.com/projectdiscovery/uncover) - Quickly discover exposed hosts on the internet using multiple search engines.
|
@@ -1,26 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:IP
|
4
|
-
---
|
5
|
-
|
6
|
-
# BinaryEdge
|
7
|
-
|
8
|
-
- [https://www.binaryedge.io/](https://www.binaryedge.io/)
|
9
|
-
|
10
|
-
This analyzer uses [BinaryEdge API V2](https://docs.binaryedge.io/api-v2/) (`/v2/query/search`) to search. Pagination is supported.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: binaryedge
|
14
|
-
query: ...
|
15
|
-
api_key: ...
|
16
|
-
```
|
17
|
-
|
18
|
-
## Components
|
19
|
-
|
20
|
-
### Query
|
21
|
-
|
22
|
-
`query` (`string`) is a search query.
|
23
|
-
|
24
|
-
### API Key
|
25
|
-
|
26
|
-
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
|
data/docs/analyzers/censys.md
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:IP
|
4
|
-
---
|
5
|
-
|
6
|
-
# Censys
|
7
|
-
|
8
|
-
- [https://censys.io/](https://censys.io/)
|
9
|
-
|
10
|
-
This analyzer uses [Censys Search 2.0 REST API](https://search.censys.io/api) to search. Pagination is supported.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: censys
|
14
|
-
query: ...
|
15
|
-
id: ...
|
16
|
-
secret: ...
|
17
|
-
```
|
18
|
-
|
19
|
-
## Components
|
20
|
-
|
21
|
-
### Query
|
22
|
-
|
23
|
-
`query` (`string`) is a search query.
|
24
|
-
|
25
|
-
### ID
|
26
|
-
|
27
|
-
`id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
|
28
|
-
|
29
|
-
### Secret
|
30
|
-
|
31
|
-
`secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
|
data/docs/analyzers/circl.md
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:IP
|
4
|
-
- Passive DNS
|
5
|
-
- Passive SSL
|
6
|
-
---
|
7
|
-
|
8
|
-
# CIRCL Passive DNS/SSL
|
9
|
-
|
10
|
-
- [https://www.circl.lu/services/passive-dns/](https://www.circl.lu/services/passive-dns/)
|
11
|
-
- [https://www.circl.lu/services/passive-ssl/](https://www.circl.lu/services/passive-ssl/)
|
12
|
-
|
13
|
-
This analyzer uses CIRCL passive DNS API or passive SSL API:
|
14
|
-
|
15
|
-
- Use passive DNS API if a query(input) is a domain
|
16
|
-
- Use passive SSL API if a query(input) is a SHA1 certificate fingerprint
|
17
|
-
|
18
|
-
```yaml
|
19
|
-
analyzer: circl
|
20
|
-
query: ...
|
21
|
-
password: ...
|
22
|
-
username: ...
|
23
|
-
```
|
24
|
-
|
25
|
-
## Components
|
26
|
-
|
27
|
-
### Query
|
28
|
-
|
29
|
-
`query` (`string`) is a domain or SHA1 certificate fingerprint.
|
30
|
-
|
31
|
-
### Username
|
32
|
-
|
33
|
-
`username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
|
34
|
-
|
35
|
-
### Password
|
36
|
-
|
37
|
-
`password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
|
data/docs/analyzers/crtsh.md
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:Domain
|
4
|
-
---
|
5
|
-
|
6
|
-
# crt.sh
|
7
|
-
|
8
|
-
- [https://crt.sh/](https://crt.sh/)
|
9
|
-
|
10
|
-
This analyzer uses [crt.sh](http://crt.sh)'s (unofficial?) REST API.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: crtsh
|
14
|
-
query: ...
|
15
|
-
exclude_expired: ...
|
16
|
-
```
|
17
|
-
|
18
|
-
## Components
|
19
|
-
|
20
|
-
### Query
|
21
|
-
|
22
|
-
`query` (`string`) is a search query.
|
23
|
-
|
24
|
-
### Exclude Expired
|
25
|
-
|
26
|
-
`exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
|
@@ -1,25 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:Domain
|
4
|
-
---
|
5
|
-
|
6
|
-
# dnstwister
|
7
|
-
|
8
|
-
- [https://dnstwister.report/](https://dnstwister.report/)
|
9
|
-
|
10
|
-
This analyzer uses [dnstwister API](https://dnstwister.report/api/) to search.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: dnstwister
|
14
|
-
query: ...
|
15
|
-
```
|
16
|
-
|
17
|
-
## Components
|
18
|
-
|
19
|
-
### Query
|
20
|
-
|
21
|
-
`query` (`string`) is a search query.
|
22
|
-
|
23
|
-
!!! tip
|
24
|
-
|
25
|
-
There is no need to input a domain in hexadecimal format. This analyzer automatically converts a domain (in string format) into a hexadecimal value.
|
data/docs/analyzers/feed.md
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
# Feed
|
2
|
-
|
3
|
-
This analyzer can ingest a feed (JSON or CSV) by specifying conditions.
|
4
|
-
|
5
|
-
Note that you should write a selector to get proper IoCs from a feed. A selector is based on [jr](https://github.com/yuya-takeyama/jr).
|
6
|
-
|
7
|
-
```yaml
|
8
|
-
analyzer: feed
|
9
|
-
query: ...
|
10
|
-
selector: ...
|
11
|
-
method: ...
|
12
|
-
headers: ...
|
13
|
-
params: ...
|
14
|
-
data: ...
|
15
|
-
json: ...
|
16
|
-
```
|
17
|
-
|
18
|
-
## Components
|
19
|
-
|
20
|
-
### Query
|
21
|
-
|
22
|
-
`query` (`string`) is a URL of a feed.
|
23
|
-
|
24
|
-
!!! note
|
25
|
-
|
26
|
-
I know this is a strange naming. It's just for keeping the convention with other analyzers.
|
27
|
-
|
28
|
-
### Method
|
29
|
-
|
30
|
-
`method` (`string`) is an HTTP method. Defaults to `GET`.
|
31
|
-
|
32
|
-
### Selector
|
33
|
-
|
34
|
-
`selector` (`string`) is a `jr` selector.
|
35
|
-
|
36
|
-
### Headers
|
37
|
-
|
38
|
-
`headers` (`hash`) is an HTTP headers. Optional.
|
39
|
-
|
40
|
-
### Params
|
41
|
-
|
42
|
-
`params` (`hash`) is an HTTP query params. Optional.
|
43
|
-
|
44
|
-
### Data
|
45
|
-
|
46
|
-
`data` (`hash`) is an HTTP form data. Optional.
|
47
|
-
|
48
|
-
### JSON
|
49
|
-
|
50
|
-
`json` (`hash`) is an JSON body. Optional.
|
51
|
-
|
52
|
-
## Examples
|
53
|
-
|
54
|
-
### ThreatFox
|
55
|
-
|
56
|
-
```yaml
|
57
|
-
analyzer: feed
|
58
|
-
query: "https://threatfox-api.abuse.ch/api/v1/"
|
59
|
-
method: POST
|
60
|
-
json:
|
61
|
-
query: get_iocs
|
62
|
-
days: 1
|
63
|
-
headers:
|
64
|
-
selector: "map(&:data).unwrap.map(&:ioc).map { |v| v.start_with?('http://', 'https://') ? v : v.split(':').first }"
|
65
|
-
```
|
66
|
-
|
67
|
-
### URLhaus
|
68
|
-
|
69
|
-
```yaml
|
70
|
-
analyzer: feed
|
71
|
-
query: "https://urlhaus.abuse.ch/feeds/country/JP/"
|
72
|
-
selector: "map { |v| v[1] }"
|
73
|
-
```
|
data/docs/analyzers/fofa.md
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:IP
|
4
|
-
---
|
5
|
-
|
6
|
-
# Fofa
|
7
|
-
|
8
|
-
- https://en.fofa.info/
|
9
|
-
|
10
|
-
This analyzer uses Fofa API (`/api/v1/search/all`) to search. Pagination is supported.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: fofa
|
14
|
-
query: ...
|
15
|
-
api_key: ...
|
16
|
-
email: ...
|
17
|
-
```
|
18
|
-
|
19
|
-
## Components
|
20
|
-
|
21
|
-
### Query
|
22
|
-
|
23
|
-
`query` (`string`) is a search query.
|
24
|
-
|
25
|
-
### API Key
|
26
|
-
|
27
|
-
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”FOFA_API_KEY"]`.
|
28
|
-
|
29
|
-
### Email
|
30
|
-
|
31
|
-
`email` (`string`) is an email. Optional. Defaults to `ENV[”FOFA_EMAIL"]`.
|
data/docs/analyzers/greynoise.md
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:IP
|
4
|
-
---
|
5
|
-
|
6
|
-
# GreyNoise
|
7
|
-
|
8
|
-
- [https://www.greynoise.io/](https://www.greynoise.io/)
|
9
|
-
|
10
|
-
This analyzer uses GreyNoise API (`/v2/experimental/gnql`) to search. Pagination is supported.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: greynoise
|
14
|
-
query: ...
|
15
|
-
api_key: ...
|
16
|
-
```
|
17
|
-
|
18
|
-
## Components
|
19
|
-
|
20
|
-
### Query
|
21
|
-
|
22
|
-
`query` (`string`) is a GNQL search query.
|
23
|
-
|
24
|
-
### API Key
|
25
|
-
|
26
|
-
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
|
data/docs/analyzers/hunterhow.md
DELETED
@@ -1,33 +0,0 @@
|
|
1
|
-
---
|
2
|
-
tags:
|
3
|
-
- Artifact:IP
|
4
|
-
---
|
5
|
-
|
6
|
-
# Hunter How
|
7
|
-
|
8
|
-
- [https://hunter.how/](https://hunter.how/)
|
9
|
-
|
10
|
-
This analyzer uses Hunter How API (`https://api.hunter.how/search`) to search. Pagination is supported.
|
11
|
-
|
12
|
-
```yaml
|
13
|
-
analyzer: hunterhow
|
14
|
-
query: ...
|
15
|
-
api_key: ...
|
16
|
-
start_time: ...
|
17
|
-
end_time: ...
|
18
|
-
```
|
19
|
-
|
20
|
-
## Components
|
21
|
-
|
22
|
-
### Query
|
23
|
-
|
24
|
-
`query` (`string`) is a search query.
|
25
|
-
|
26
|
-
### Start/End Time
|
27
|
-
|
28
|
-
- `start_time` (`date`): Only show results after the given date.
|
29
|
-
- `end_time` (`date`): Only show results after the given date.
|
30
|
-
|
31
|
-
### API key
|
32
|
-
|
33
|
-
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
|