mihari 7.3.2 → 7.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +8 -0
- data/.rubocop.yml +0 -2
- data/.shadowenv.d/.gitignore +2 -0
- data/.shadowenv.d/000_unset_all.lisp +39 -0
- data/README.md +0 -8
- data/lib/mihari/analyzers/base.rb +2 -2
- data/lib/mihari/analyzers/binaryedge.rb +5 -5
- data/lib/mihari/analyzers/censys.rb +6 -6
- data/lib/mihari/analyzers/circl.rb +2 -2
- data/lib/mihari/analyzers/crtsh.rb +3 -3
- data/lib/mihari/analyzers/dnstwister.rb +2 -2
- data/lib/mihari/analyzers/feed.rb +12 -18
- data/lib/mihari/analyzers/fofa.rb +6 -6
- data/lib/mihari/analyzers/greynoise.rb +5 -5
- data/lib/mihari/analyzers/hunterhow.rb +4 -4
- data/lib/mihari/analyzers/onyphe.rb +5 -5
- data/lib/mihari/analyzers/otx.rb +2 -2
- data/lib/mihari/analyzers/passivetotal.rb +3 -3
- data/lib/mihari/analyzers/pulsedive.rb +3 -3
- data/lib/mihari/analyzers/securitytrails.rb +4 -4
- data/lib/mihari/analyzers/shodan.rb +5 -5
- data/lib/mihari/analyzers/urlscan.rb +5 -5
- data/lib/mihari/analyzers/virustotal.rb +4 -4
- data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -5
- data/lib/mihari/analyzers/zoomeye.rb +5 -5
- data/lib/mihari/cli/application.rb +1 -1
- data/lib/mihari/clients/base.rb +7 -6
- data/lib/mihari/clients/binaryedge.rb +6 -6
- data/lib/mihari/clients/censys.rb +4 -4
- data/lib/mihari/clients/circl.rb +2 -2
- data/lib/mihari/clients/crtsh.rb +2 -2
- data/lib/mihari/clients/dnstwister.rb +1 -1
- data/lib/mihari/clients/fofa.rb +4 -4
- data/lib/mihari/clients/google_public_dns.rb +2 -2
- data/lib/mihari/clients/greynoise.rb +4 -4
- data/lib/mihari/clients/hunterhow.rb +10 -10
- data/lib/mihari/clients/misp.rb +1 -1
- data/lib/mihari/clients/mmdb.rb +1 -1
- data/lib/mihari/clients/onyphe.rb +4 -4
- data/lib/mihari/clients/otx.rb +1 -1
- data/lib/mihari/clients/passivetotal.rb +5 -5
- data/lib/mihari/clients/publsedive.rb +3 -3
- data/lib/mihari/clients/securitytrails.rb +6 -6
- data/lib/mihari/clients/shodan.rb +6 -6
- data/lib/mihari/clients/shodan_internet_db.rb +1 -1
- data/lib/mihari/clients/the_hive.rb +2 -2
- data/lib/mihari/clients/urlscan.rb +4 -4
- data/lib/mihari/clients/virustotal.rb +4 -4
- data/lib/mihari/clients/whois.rb +118 -0
- data/lib/mihari/clients/yeti.rb +38 -0
- data/lib/mihari/clients/zoomeye.rb +12 -12
- data/lib/mihari/commands/alert.rb +1 -1
- data/lib/mihari/commands/artifact.rb +1 -1
- data/lib/mihari/commands/rule.rb +1 -1
- data/lib/mihari/commands/tag.rb +1 -1
- data/lib/mihari/concerns/autonomous_system_normalizable.rb +1 -4
- data/lib/mihari/concerns/configurable.rb +1 -1
- data/lib/mihari/concerns/database_connectable.rb +2 -2
- data/lib/mihari/concerns/retriable.rb +1 -1
- data/lib/mihari/config.rb +14 -2
- data/lib/mihari/constants.rb +2 -2
- data/lib/mihari/data_type.rb +1 -3
- data/lib/mihari/emitters/base.rb +2 -2
- data/lib/mihari/emitters/database.rb +1 -1
- data/lib/mihari/emitters/misp.rb +12 -4
- data/lib/mihari/emitters/slack.rb +9 -9
- data/lib/mihari/emitters/the_hive.rb +9 -4
- data/lib/mihari/emitters/webhook.rb +4 -4
- data/lib/mihari/emitters/yeti.rb +107 -0
- data/lib/mihari/enrichers/base.rb +1 -1
- data/lib/mihari/enrichers/google_public_dns.rb +1 -1
- data/lib/mihari/enrichers/mmdb.rb +1 -1
- data/lib/mihari/enrichers/shodan.rb +3 -3
- data/lib/mihari/enrichers/whois.rb +6 -91
- data/lib/mihari/entities/alert.rb +6 -6
- data/lib/mihari/entities/artifact.rb +17 -17
- data/lib/mihari/entities/autonomous_system.rb +1 -1
- data/lib/mihari/entities/config.rb +8 -4
- data/lib/mihari/entities/cpe.rb +2 -2
- data/lib/mihari/entities/dns.rb +3 -3
- data/lib/mihari/entities/geolocation.rb +3 -3
- data/lib/mihari/entities/ip_address.rb +3 -3
- data/lib/mihari/entities/messages.rb +3 -3
- data/lib/mihari/entities/pagination.rb +3 -3
- data/lib/mihari/entities/port.rb +2 -2
- data/lib/mihari/entities/reverse_dns.rb +2 -2
- data/lib/mihari/entities/rule.rb +8 -8
- data/lib/mihari/entities/tag.rb +3 -3
- data/lib/mihari/entities/vulnerability.rb +2 -2
- data/lib/mihari/entities/whois.rb +7 -7
- data/lib/mihari/errors.rb +1 -1
- data/lib/mihari/models/artifact.rb +2 -2
- data/lib/mihari/models/port.rb +1 -1
- data/lib/mihari/models/tag.rb +3 -0
- data/lib/mihari/rule.rb +10 -14
- data/lib/mihari/schemas/emitter.rb +9 -0
- data/lib/mihari/services/feed.rb +3 -3
- data/lib/mihari/services/getters.rb +1 -1
- data/lib/mihari/services/proxies.rb +1 -1
- data/lib/mihari/services/renderer.rb +2 -0
- data/lib/mihari/services/searchers.rb +1 -1
- data/lib/mihari/sidekiq/application.rb +2 -2
- data/lib/mihari/structs/censys.rb +4 -4
- data/lib/mihari/structs/google_public_dns.rb +3 -3
- data/lib/mihari/structs/greynoise.rb +2 -2
- data/lib/mihari/structs/onyphe.rb +3 -3
- data/lib/mihari/structs/shodan.rb +10 -10
- data/lib/mihari/structs/urlscan.rb +1 -1
- data/lib/mihari/structs/virustotal_intelligence.rb +2 -2
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/api.rb +1 -1
- data/lib/mihari/web/application.rb +1 -1
- data/lib/mihari/web/endpoints/alerts.rb +12 -12
- data/lib/mihari/web/endpoints/artifacts.rb +11 -11
- data/lib/mihari/web/endpoints/configs.rb +7 -2
- data/lib/mihari/web/endpoints/ip_addresses.rb +5 -5
- data/lib/mihari/web/endpoints/rules.rb +26 -26
- data/lib/mihari/web/endpoints/tags.rb +4 -4
- data/lib/mihari/web/public/assets/{index-ReF8ffd-.css → index-80oZkhZG.css} +1 -1
- data/lib/mihari/web/public/assets/index-BNLbw8nG.js +1783 -0
- data/lib/mihari/web/public/index.html +2 -2
- data/lib/mihari/web/public/redoc-static.html +2 -2
- data/lib/mihari.rb +4 -1
- data/mihari.gemspec +19 -19
- data/renovate.json +1 -3
- data/requirements.txt +1 -1
- metadata +48 -44
- data/.standard.yml +0 -4
- data/lib/mihari/web/public/assets/index-lRP933ks.js +0 -1787
- /data/lib/mihari/web/public/assets/{mode-yaml-BC4MIiYj.js → mode-yaml-ELgwiJiP.js} +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 71b5cf7cdeb320c813848b90973908a3999c839f742b9307ae819c1fbf20829b
|
4
|
+
data.tar.gz: 18b06e35086d2888016d6d1fd7a61c9e62f72e31f6a384e0c1a96f4fde8ab592
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2861d810f7ade8e177fd343e706c55a4ef64f734c3f19ae324a58d29c2992b3a11ccc8ad6d6735dff9831b15ce552305e3981c72b9326d55b83f621154f9d2f9
|
7
|
+
data.tar.gz: edf9f41d660252298cb5909eec731a6ca39968eab5d73c3d6eca3d55f8b452337ee22898427e9165312881058f6e2ba474d6f548aac922431c1b483b7a9c9746
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -0,0 +1,39 @@
|
|
1
|
+
(env/set "APP_ENV" ())
|
2
|
+
(env/set "BINARYEDGE_API_KEY" ())
|
3
|
+
(env/set "CENSYS_ID" ())
|
4
|
+
(env/set "CENSYS_SECRET" ())
|
5
|
+
(env/set "CIRCL_PASSIVE_PASSWORD" ())
|
6
|
+
(env/set "CIRCL_PASSIVE_USERNAME" ())
|
7
|
+
(env/set "DATABASE_URL" ())
|
8
|
+
(env/set "FOFA_API_KEY" ())
|
9
|
+
(env/set "FOFA_EMAIL" ())
|
10
|
+
(env/set "GREYNOISE_API_KEY" ())
|
11
|
+
(env/set "HIDE_CONFIG_VALUES" ())
|
12
|
+
(env/set "HUNTERHOW_API_KEY" ())
|
13
|
+
(env/set "IGNORE_ERROR" ())
|
14
|
+
(env/set "MISP_API_KEY" ())
|
15
|
+
(env/set "MISP_URL" ())
|
16
|
+
(env/set "ONYPHE_API_KEY" ())
|
17
|
+
(env/set "OTX_API_KEY" ())
|
18
|
+
(env/set "PAGINATION_INTERVAL" ())
|
19
|
+
(env/set "PAGINATION_LIMIT" ())
|
20
|
+
(env/set "PARALLEL" ())
|
21
|
+
(env/set "PASSIVETOTAL_API_KEY" ())
|
22
|
+
(env/set "PASSIVETOTAL_USERNAME" ())
|
23
|
+
(env/set "PULSEDIVE_API_KEY" ())
|
24
|
+
(env/set "RACK_ENV" ())
|
25
|
+
(env/set "RETRY_EXPONENTIAL_BACKOFF" ())
|
26
|
+
(env/set "RETRY_INTERVAL" ())
|
27
|
+
(env/set "RETRY_TIMES" ())
|
28
|
+
(env/set "SECURITYTRAILS_API_KEY" ())
|
29
|
+
(env/set "SENTRY_DSN" ())
|
30
|
+
(env/set "SENTRY_TRACE_SAMPLE_RATE" ())
|
31
|
+
(env/set "SHODAN_API_KEY" ())
|
32
|
+
(env/set "SIDEKIQ_REDIS_URL" ())
|
33
|
+
(env/set "SLACK_CHANNEL" ())
|
34
|
+
(env/set "SLACK_WEBHOOK_URL" ())
|
35
|
+
(env/set "THEHIVE_API_KEY" ())
|
36
|
+
(env/set "THEHIVE_URL" ())
|
37
|
+
(env/set "URLSCAN_API_KEY" ())
|
38
|
+
(env/set "VIRUSTOTAL_API_KEY" ())
|
39
|
+
(env/set "ZOOMEYE_API_KEY" ())
|
data/README.md
CHANGED
@@ -6,14 +6,6 @@
|
|
6
6
|
[![Coverage Status](https://coveralls.io/repos/github/ninoseki/mihari/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/mihari?branch=master)
|
7
7
|
[![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/mihari/badge)](https://www.codefactor.io/repository/github/ninoseki/mihari)
|
8
8
|
|
9
|
-
---
|
10
|
-
|
11
|
-
<p align="center">
|
12
|
-
<img src="https://github.com/ninoseki/mihari/raw/master/images/logo.png"/>
|
13
|
-
</p>
|
14
|
-
|
15
|
-
---
|
16
|
-
|
17
9
|
A query aggregator for OSINT based threat hunting.
|
18
10
|
|
19
11
|
Mihari can aggregate multiple searches across multiple services in a single rule & persist findings in a database.
|
@@ -14,7 +14,7 @@ module Mihari
|
|
14
14
|
# @param [Hash, nil] options
|
15
15
|
#
|
16
16
|
def initialize(query, options: nil)
|
17
|
-
super(options:
|
17
|
+
super(options:)
|
18
18
|
|
19
19
|
@query = query
|
20
20
|
end
|
@@ -44,7 +44,7 @@ module Mihari
|
|
44
44
|
# @return [Boolean]
|
45
45
|
#
|
46
46
|
def parallel?
|
47
|
-
options[:parallel] || Mihari.config.
|
47
|
+
options[:parallel] || Mihari.config.analyzer_parallelism
|
48
48
|
end
|
49
49
|
|
50
50
|
# @return [Array<String>, Array<Mihari::Models::Artifact>]
|
@@ -15,13 +15,13 @@ module Mihari
|
|
15
15
|
# @param [String, nil] api_key
|
16
16
|
#
|
17
17
|
def initialize(query, options: nil, api_key: nil)
|
18
|
-
super(query, options:
|
18
|
+
super(query, options:)
|
19
19
|
|
20
20
|
@api_key = api_key || Mihari.config.binaryedge_api_key
|
21
21
|
end
|
22
22
|
|
23
23
|
def artifacts
|
24
|
-
client.search_with_pagination(query, pagination_limit:
|
24
|
+
client.search_with_pagination(query, pagination_limit:).map(&:artifacts).flatten
|
25
25
|
end
|
26
26
|
|
27
27
|
private
|
@@ -32,9 +32,9 @@ module Mihari
|
|
32
32
|
#
|
33
33
|
def client
|
34
34
|
Clients::BinaryEdge.new(
|
35
|
-
api_key
|
36
|
-
pagination_interval
|
37
|
-
timeout:
|
35
|
+
api_key:,
|
36
|
+
pagination_interval:,
|
37
|
+
timeout:
|
38
38
|
)
|
39
39
|
end
|
40
40
|
end
|
@@ -19,7 +19,7 @@ module Mihari
|
|
19
19
|
# @param [String, nil] secret
|
20
20
|
#
|
21
21
|
def initialize(query, options: nil, id: nil, secret: nil)
|
22
|
-
super(query, options:
|
22
|
+
super(query, options:)
|
23
23
|
|
24
24
|
@id = id || Mihari.config.censys_id
|
25
25
|
@secret = secret || Mihari.config.censys_secret
|
@@ -29,7 +29,7 @@ module Mihari
|
|
29
29
|
# @return [Array<Mihari::Models::Artifact>]
|
30
30
|
#
|
31
31
|
def artifacts
|
32
|
-
client.search_with_pagination(query, pagination_limit:
|
32
|
+
client.search_with_pagination(query, pagination_limit:).map do |res|
|
33
33
|
res.result.artifacts
|
34
34
|
end.flatten.uniq(&:data)
|
35
35
|
end
|
@@ -48,10 +48,10 @@ module Mihari
|
|
48
48
|
#
|
49
49
|
def client
|
50
50
|
Clients::Censys.new(
|
51
|
-
id
|
52
|
-
secret
|
53
|
-
pagination_interval
|
54
|
-
timeout:
|
51
|
+
id:,
|
52
|
+
secret:,
|
53
|
+
pagination_interval:,
|
54
|
+
timeout:
|
55
55
|
)
|
56
56
|
end
|
57
57
|
|
@@ -24,7 +24,7 @@ module Mihari
|
|
24
24
|
# @param [String, nil] password
|
25
25
|
#
|
26
26
|
def initialize(query, options: nil, username: nil, password: nil)
|
27
|
-
super(refang(query), options:
|
27
|
+
super(refang(query), options:)
|
28
28
|
|
29
29
|
@type = DataType.type(query)
|
30
30
|
|
@@ -50,7 +50,7 @@ module Mihari
|
|
50
50
|
private
|
51
51
|
|
52
52
|
def client
|
53
|
-
Clients::CIRCL.new(username
|
53
|
+
Clients::CIRCL.new(username:, password:, timeout:)
|
54
54
|
end
|
55
55
|
|
56
56
|
def username?
|
@@ -19,7 +19,7 @@ module Mihari
|
|
19
19
|
# @param [String, nil] match
|
20
20
|
#
|
21
21
|
def initialize(query, options: nil, exclude_expired: true, match: nil)
|
22
|
-
super(query, options:
|
22
|
+
super(query, options:)
|
23
23
|
|
24
24
|
@exclude_expired = exclude_expired
|
25
25
|
@match = match
|
@@ -27,7 +27,7 @@ module Mihari
|
|
27
27
|
|
28
28
|
def artifacts
|
29
29
|
exclude = exclude_expired ? "expired" : nil
|
30
|
-
client.search(query, exclude
|
30
|
+
client.search(query, exclude:, match:).map do |result|
|
31
31
|
values = result["name_value"].to_s.lines.map(&:chomp).reject { |value| value.starts_with?("*.") }
|
32
32
|
values.map { |value| Models::Artifact.new(data: value, metadata: result) }
|
33
33
|
end.flatten
|
@@ -39,7 +39,7 @@ module Mihari
|
|
39
39
|
# @return [Mihari::Clients::Crtsh]
|
40
40
|
#
|
41
41
|
def client
|
42
|
-
Mihari::Clients::Crtsh.new(timeout:
|
42
|
+
Mihari::Clients::Crtsh.new(timeout:)
|
43
43
|
end
|
44
44
|
end
|
45
45
|
end
|
@@ -16,7 +16,7 @@ module Mihari
|
|
16
16
|
# @param [Hash, nil] options
|
17
17
|
#
|
18
18
|
def initialize(query, options: nil)
|
19
|
-
super(refang(query), options:
|
19
|
+
super(refang(query), options:)
|
20
20
|
|
21
21
|
@type = DataType.type(query)
|
22
22
|
end
|
@@ -40,7 +40,7 @@ module Mihari
|
|
40
40
|
end
|
41
41
|
|
42
42
|
def client
|
43
|
-
Clients::DNSTwister.new(timeout:
|
43
|
+
Clients::DNSTwister.new(timeout:)
|
44
44
|
end
|
45
45
|
|
46
46
|
#
|
@@ -28,30 +28,24 @@ module Mihari
|
|
28
28
|
attr_reader :query
|
29
29
|
|
30
30
|
#
|
31
|
-
# @param [String]
|
31
|
+
# @param [String] url
|
32
32
|
# @param [Hash, nil] options
|
33
|
-
# @param [
|
34
|
-
# @param [Hash, nil] headers
|
35
|
-
# @param [Hash, nil] params
|
36
|
-
# @param [Hash, nil] json
|
37
|
-
# @param [form, nil] form
|
38
|
-
# @param [String] selector
|
33
|
+
# @param [Hash] params
|
39
34
|
#
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
@
|
45
|
-
@
|
46
|
-
@
|
47
|
-
@
|
48
|
-
@
|
49
|
-
@selector = selector
|
35
|
+
def initialize(url, options: nil, **params)
|
36
|
+
super(url, options:)
|
37
|
+
|
38
|
+
@method = params[:method] || "GET"
|
39
|
+
@headers = params[:headers] || {}
|
40
|
+
@params = params[:params]
|
41
|
+
@json = params[:json]
|
42
|
+
@form = params[:form]
|
43
|
+
@selector = params[:selector] || ""
|
50
44
|
end
|
51
45
|
|
52
46
|
def artifacts
|
53
47
|
data = Services::FeedReader.call(
|
54
|
-
url, headers
|
48
|
+
url, headers:, method:, params:, json:, form:, timeout:
|
55
49
|
)
|
56
50
|
Services::FeedParser.call(data, selector)
|
57
51
|
end
|
@@ -19,14 +19,14 @@ module Mihari
|
|
19
19
|
# @param [String, nil] email
|
20
20
|
#
|
21
21
|
def initialize(query, options: nil, api_key: nil, email: nil)
|
22
|
-
super(query, options:
|
22
|
+
super(query, options:)
|
23
23
|
|
24
24
|
@api_key = api_key || Mihari.config.fofa_api_key
|
25
25
|
@email = email || Mihari.config.fofa_email
|
26
26
|
end
|
27
27
|
|
28
28
|
def artifacts
|
29
|
-
client.search_with_pagination(query, pagination_limit:
|
29
|
+
client.search_with_pagination(query, pagination_limit:).map do |res|
|
30
30
|
(res.results || []).map { |result| result[1] }
|
31
31
|
end.flatten.compact
|
32
32
|
end
|
@@ -46,10 +46,10 @@ module Mihari
|
|
46
46
|
#
|
47
47
|
def client
|
48
48
|
Clients::Fofa.new(
|
49
|
-
api_key
|
50
|
-
email
|
51
|
-
pagination_interval
|
52
|
-
timeout:
|
49
|
+
api_key:,
|
50
|
+
email:,
|
51
|
+
pagination_interval:,
|
52
|
+
timeout:
|
53
53
|
)
|
54
54
|
end
|
55
55
|
end
|
@@ -15,7 +15,7 @@ module Mihari
|
|
15
15
|
# @param [String, nil] api_key
|
16
16
|
#
|
17
17
|
def initialize(query, options: nil, api_key: nil)
|
18
|
-
super(query, options:
|
18
|
+
super(query, options:)
|
19
19
|
|
20
20
|
@api_key = api_key || Mihari.config.greynoise_api_key
|
21
21
|
end
|
@@ -23,7 +23,7 @@ module Mihari
|
|
23
23
|
def artifacts
|
24
24
|
client.gnql_search_with_pagination(
|
25
25
|
query,
|
26
|
-
pagination_limit:
|
26
|
+
pagination_limit:
|
27
27
|
).map(&:artifacts).flatten
|
28
28
|
end
|
29
29
|
|
@@ -31,9 +31,9 @@ module Mihari
|
|
31
31
|
|
32
32
|
def client
|
33
33
|
Clients::GreyNoise.new(
|
34
|
-
api_key
|
35
|
-
pagination_interval
|
36
|
-
timeout:
|
34
|
+
api_key:,
|
35
|
+
pagination_interval:,
|
36
|
+
timeout:
|
37
37
|
)
|
38
38
|
end
|
39
39
|
end
|
@@ -23,7 +23,7 @@ module Mihari
|
|
23
23
|
# @param [String, nil] api_key
|
24
24
|
#
|
25
25
|
def initialize(query, start_time: nil, end_time: nil, options: nil, api_key: nil)
|
26
|
-
super(query, options:
|
26
|
+
super(query, options:)
|
27
27
|
|
28
28
|
@api_key = api_key || Mihari.config.hunterhow_api_key
|
29
29
|
|
@@ -48,9 +48,9 @@ module Mihari
|
|
48
48
|
|
49
49
|
def client
|
50
50
|
Clients::HunterHow.new(
|
51
|
-
api_key
|
52
|
-
pagination_interval
|
53
|
-
timeout:
|
51
|
+
api_key:,
|
52
|
+
pagination_interval:,
|
53
|
+
timeout:
|
54
54
|
)
|
55
55
|
end
|
56
56
|
end
|
@@ -17,7 +17,7 @@ module Mihari
|
|
17
17
|
# @param [String, nil] api_key
|
18
18
|
#
|
19
19
|
def initialize(query, options: nil, api_key: nil)
|
20
|
-
super(query, options:
|
20
|
+
super(query, options:)
|
21
21
|
|
22
22
|
@api_key = api_key || Mihari.config.onyphe_api_key
|
23
23
|
end
|
@@ -25,7 +25,7 @@ module Mihari
|
|
25
25
|
def artifacts
|
26
26
|
client.datascan_with_pagination(
|
27
27
|
query,
|
28
|
-
pagination_limit:
|
28
|
+
pagination_limit:
|
29
29
|
).map(&:artifacts).flatten
|
30
30
|
end
|
31
31
|
|
@@ -33,9 +33,9 @@ module Mihari
|
|
33
33
|
|
34
34
|
def client
|
35
35
|
Clients::Onyphe.new(
|
36
|
-
api_key
|
37
|
-
pagination_interval
|
38
|
-
timeout:
|
36
|
+
api_key:,
|
37
|
+
pagination_interval:,
|
38
|
+
timeout:
|
39
39
|
)
|
40
40
|
end
|
41
41
|
end
|
data/lib/mihari/analyzers/otx.rb
CHANGED
@@ -20,7 +20,7 @@ module Mihari
|
|
20
20
|
# @param [String, nil] api_key
|
21
21
|
#
|
22
22
|
def initialize(query, options: nil, api_key: nil)
|
23
|
-
super(refang(query), options:
|
23
|
+
super(refang(query), options:)
|
24
24
|
|
25
25
|
@type = DataType.type(query)
|
26
26
|
|
@@ -41,7 +41,7 @@ module Mihari
|
|
41
41
|
private
|
42
42
|
|
43
43
|
def client
|
44
|
-
Mihari::Clients::OTX.new(api_key
|
44
|
+
Mihari::Clients::OTX.new(api_key:, timeout:)
|
45
45
|
end
|
46
46
|
|
47
47
|
#
|
@@ -24,7 +24,7 @@ module Mihari
|
|
24
24
|
# @param [String, nil] username
|
25
25
|
#
|
26
26
|
def initialize(query, options: nil, api_key: nil, username: nil)
|
27
|
-
super(refang(query), options:
|
27
|
+
super(refang(query), options:)
|
28
28
|
|
29
29
|
@type = DataType.type(query)
|
30
30
|
|
@@ -69,7 +69,7 @@ module Mihari
|
|
69
69
|
res = client.reverse_whois_search(query)
|
70
70
|
(res["results"] || []).map do |result|
|
71
71
|
data = result["domain"]
|
72
|
-
Models::Artifact.new(data
|
72
|
+
Models::Artifact.new(data:, metadata: result)
|
73
73
|
end
|
74
74
|
end
|
75
75
|
|
@@ -82,7 +82,7 @@ module Mihari
|
|
82
82
|
end
|
83
83
|
|
84
84
|
def client
|
85
|
-
Clients::PassiveTotal.new(username
|
85
|
+
Clients::PassiveTotal.new(username:, api_key:, timeout:)
|
86
86
|
end
|
87
87
|
|
88
88
|
#
|
@@ -20,7 +20,7 @@ module Mihari
|
|
20
20
|
# @param [String, nil] api_key
|
21
21
|
#
|
22
22
|
def initialize(query, options: nil, api_key: nil)
|
23
|
-
super(refang(query), options:
|
23
|
+
super(refang(query), options:)
|
24
24
|
|
25
25
|
@type = DataType.type(query)
|
26
26
|
|
@@ -38,7 +38,7 @@ module Mihari
|
|
38
38
|
nil
|
39
39
|
else
|
40
40
|
data = property["value"]
|
41
|
-
Models::Artifact.new(data
|
41
|
+
Models::Artifact.new(data:, metadata: property)
|
42
42
|
end
|
43
43
|
end
|
44
44
|
end
|
@@ -46,7 +46,7 @@ module Mihari
|
|
46
46
|
private
|
47
47
|
|
48
48
|
def client
|
49
|
-
@client ||= Clients::PulseDive.new(api_key
|
49
|
+
@client ||= Clients::PulseDive.new(api_key:, timeout:)
|
50
50
|
end
|
51
51
|
|
52
52
|
#
|
@@ -23,7 +23,7 @@ module Mihari
|
|
23
23
|
# @param [String, nil] api_key
|
24
24
|
#
|
25
25
|
def initialize(query, options: nil, api_key: nil)
|
26
|
-
super(refang(query), options:
|
26
|
+
super(refang(query), options:)
|
27
27
|
|
28
28
|
@type = DataType.type(query)
|
29
29
|
|
@@ -66,7 +66,7 @@ module Mihari
|
|
66
66
|
res = client.ip_search(query)
|
67
67
|
(res["records"] || []).filter_map do |record|
|
68
68
|
data = record["hostname"]
|
69
|
-
Models::Artifact.new(data
|
69
|
+
Models::Artifact.new(data:, metadata: record)
|
70
70
|
end
|
71
71
|
end
|
72
72
|
|
@@ -74,12 +74,12 @@ module Mihari
|
|
74
74
|
res = client.mail_search(query)
|
75
75
|
(res["records"] || []).filter_map do |record|
|
76
76
|
data = record["hostname"]
|
77
|
-
Models::Artifact.new(data
|
77
|
+
Models::Artifact.new(data:, metadata: record)
|
78
78
|
end
|
79
79
|
end
|
80
80
|
|
81
81
|
def client
|
82
|
-
Clients::SecurityTrails.new(api_key
|
82
|
+
Clients::SecurityTrails.new(api_key:, timeout:)
|
83
83
|
end
|
84
84
|
|
85
85
|
#
|
@@ -15,7 +15,7 @@ module Mihari
|
|
15
15
|
# @param [String, nil] api_key
|
16
16
|
#
|
17
17
|
def initialize(query, options: nil, api_key: nil)
|
18
|
-
super(query, options:
|
18
|
+
super(query, options:)
|
19
19
|
|
20
20
|
@api_key = api_key || Mihari.config.shodan_api_key
|
21
21
|
end
|
@@ -23,7 +23,7 @@ module Mihari
|
|
23
23
|
def artifacts
|
24
24
|
client.search_with_pagination(
|
25
25
|
query,
|
26
|
-
pagination_limit:
|
26
|
+
pagination_limit:
|
27
27
|
).map(&:artifacts).flatten.uniq(&:data)
|
28
28
|
end
|
29
29
|
|
@@ -34,9 +34,9 @@ module Mihari
|
|
34
34
|
#
|
35
35
|
def client
|
36
36
|
Clients::Shodan.new(
|
37
|
-
api_key
|
38
|
-
pagination_interval
|
39
|
-
timeout:
|
37
|
+
api_key:,
|
38
|
+
pagination_interval:,
|
39
|
+
timeout:
|
40
40
|
)
|
41
41
|
end
|
42
42
|
end
|
@@ -21,7 +21,7 @@ module Mihari
|
|
21
21
|
# @param [Array<String>] allowed_data_types
|
22
22
|
#
|
23
23
|
def initialize(query, options: nil, api_key: nil, allowed_data_types: SUPPORTED_DATA_TYPES)
|
24
|
-
super(query, options:
|
24
|
+
super(query, options:)
|
25
25
|
|
26
26
|
@api_key = api_key || Mihari.config.urlscan_api_key
|
27
27
|
@allowed_data_types = allowed_data_types
|
@@ -33,7 +33,7 @@ module Mihari
|
|
33
33
|
|
34
34
|
def artifacts
|
35
35
|
# @type [Array<Mihari::Models::Artifact>]
|
36
|
-
artifacts = client.search_with_pagination(query, pagination_limit:
|
36
|
+
artifacts = client.search_with_pagination(query, pagination_limit:).map(&:artifacts).flatten
|
37
37
|
artifacts.select { |artifact| allowed_data_types.include? artifact.data_type }
|
38
38
|
end
|
39
39
|
|
@@ -41,9 +41,9 @@ module Mihari
|
|
41
41
|
|
42
42
|
def client
|
43
43
|
Clients::Urlscan.new(
|
44
|
-
api_key
|
45
|
-
pagination_interval
|
46
|
-
timeout:
|
44
|
+
api_key:,
|
45
|
+
pagination_interval:,
|
46
|
+
timeout:
|
47
47
|
)
|
48
48
|
end
|
49
49
|
|
@@ -20,7 +20,7 @@ module Mihari
|
|
20
20
|
# @param [String, nil] api_key
|
21
21
|
#
|
22
22
|
def initialize(query, options: nil, api_key: nil)
|
23
|
-
super(refang(query), options:
|
23
|
+
super(refang(query), options:)
|
24
24
|
|
25
25
|
@type = DataType.type(query)
|
26
26
|
|
@@ -50,7 +50,7 @@ module Mihari
|
|
50
50
|
private
|
51
51
|
|
52
52
|
def client
|
53
|
-
Clients::VirusTotal.new(api_key:
|
53
|
+
Clients::VirusTotal.new(api_key:)
|
54
54
|
end
|
55
55
|
|
56
56
|
#
|
@@ -73,7 +73,7 @@ module Mihari
|
|
73
73
|
data = res["data"] || []
|
74
74
|
data.filter_map do |item|
|
75
75
|
data = item.dig("attributes", "ip_address")
|
76
|
-
data.nil? ? nil : Models::Artifact.new(data
|
76
|
+
data.nil? ? nil : Models::Artifact.new(data:, metadata: item)
|
77
77
|
end
|
78
78
|
end
|
79
79
|
|
@@ -88,7 +88,7 @@ module Mihari
|
|
88
88
|
data = res["data"] || []
|
89
89
|
data.filter_map do |item|
|
90
90
|
data = item.dig("attributes", "host_name")
|
91
|
-
Models::Artifact.new(data
|
91
|
+
Models::Artifact.new(data:, metadata: item)
|
92
92
|
end.uniq
|
93
93
|
end
|
94
94
|
end
|
@@ -15,13 +15,13 @@ module Mihari
|
|
15
15
|
# @param [String, nil] api_key
|
16
16
|
#
|
17
17
|
def initialize(query, options: nil, api_key: nil)
|
18
|
-
super(query, options:
|
18
|
+
super(query, options:)
|
19
19
|
|
20
20
|
@api_key = api_key || Mihari.config.virustotal_api_key
|
21
21
|
end
|
22
22
|
|
23
23
|
def artifacts
|
24
|
-
client.intel_search_with_pagination(query, pagination_limit:
|
24
|
+
client.intel_search_with_pagination(query, pagination_limit:).map(&:artifacts).flatten
|
25
25
|
end
|
26
26
|
|
27
27
|
class << self
|
@@ -56,9 +56,9 @@ module Mihari
|
|
56
56
|
#
|
57
57
|
def client
|
58
58
|
Clients::VirusTotal.new(
|
59
|
-
api_key
|
60
|
-
pagination_interval
|
61
|
-
timeout:
|
59
|
+
api_key:,
|
60
|
+
pagination_interval:,
|
61
|
+
timeout:
|
62
62
|
)
|
63
63
|
end
|
64
64
|
end
|
@@ -19,7 +19,7 @@ module Mihari
|
|
19
19
|
# @param [String] type
|
20
20
|
#
|
21
21
|
def initialize(query, options: nil, api_key: nil, type: "host")
|
22
|
-
super(query, options:
|
22
|
+
super(query, options:)
|
23
23
|
|
24
24
|
@type = type
|
25
25
|
@api_key = api_key || Mihari.config.zoomeye_api_key
|
@@ -53,9 +53,9 @@ module Mihari
|
|
53
53
|
|
54
54
|
def client
|
55
55
|
Clients::ZoomEye.new(
|
56
|
-
api_key
|
57
|
-
pagination_interval
|
58
|
-
timeout:
|
56
|
+
api_key:,
|
57
|
+
pagination_interval:,
|
58
|
+
timeout:
|
59
59
|
)
|
60
60
|
end
|
61
61
|
|
@@ -74,7 +74,7 @@ module Mihari
|
|
74
74
|
if data.is_a?(Array)
|
75
75
|
data.map { |d| Models::Artifact.new(data: d, metadata: match) }
|
76
76
|
else
|
77
|
-
Models::Artifact.new(data
|
77
|
+
Models::Artifact.new(data:, metadata: match)
|
78
78
|
end
|
79
79
|
end.flatten
|
80
80
|
end
|