mihari 7.3.2 → 7.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +8 -0
- data/.rubocop.yml +0 -2
- data/.shadowenv.d/.gitignore +2 -0
- data/.shadowenv.d/000_unset_all.lisp +39 -0
- data/README.md +0 -8
- data/lib/mihari/analyzers/base.rb +2 -2
- data/lib/mihari/analyzers/binaryedge.rb +5 -5
- data/lib/mihari/analyzers/censys.rb +6 -6
- data/lib/mihari/analyzers/circl.rb +2 -2
- data/lib/mihari/analyzers/crtsh.rb +3 -3
- data/lib/mihari/analyzers/dnstwister.rb +2 -2
- data/lib/mihari/analyzers/feed.rb +12 -18
- data/lib/mihari/analyzers/fofa.rb +6 -6
- data/lib/mihari/analyzers/greynoise.rb +5 -5
- data/lib/mihari/analyzers/hunterhow.rb +4 -4
- data/lib/mihari/analyzers/onyphe.rb +5 -5
- data/lib/mihari/analyzers/otx.rb +2 -2
- data/lib/mihari/analyzers/passivetotal.rb +3 -3
- data/lib/mihari/analyzers/pulsedive.rb +3 -3
- data/lib/mihari/analyzers/securitytrails.rb +4 -4
- data/lib/mihari/analyzers/shodan.rb +5 -5
- data/lib/mihari/analyzers/urlscan.rb +5 -5
- data/lib/mihari/analyzers/virustotal.rb +4 -4
- data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -5
- data/lib/mihari/analyzers/zoomeye.rb +5 -5
- data/lib/mihari/cli/application.rb +1 -1
- data/lib/mihari/clients/base.rb +7 -6
- data/lib/mihari/clients/binaryedge.rb +6 -6
- data/lib/mihari/clients/censys.rb +4 -4
- data/lib/mihari/clients/circl.rb +2 -2
- data/lib/mihari/clients/crtsh.rb +2 -2
- data/lib/mihari/clients/dnstwister.rb +1 -1
- data/lib/mihari/clients/fofa.rb +4 -4
- data/lib/mihari/clients/google_public_dns.rb +2 -2
- data/lib/mihari/clients/greynoise.rb +4 -4
- data/lib/mihari/clients/hunterhow.rb +10 -10
- data/lib/mihari/clients/misp.rb +1 -1
- data/lib/mihari/clients/mmdb.rb +1 -1
- data/lib/mihari/clients/onyphe.rb +4 -4
- data/lib/mihari/clients/otx.rb +1 -1
- data/lib/mihari/clients/passivetotal.rb +5 -5
- data/lib/mihari/clients/publsedive.rb +3 -3
- data/lib/mihari/clients/securitytrails.rb +6 -6
- data/lib/mihari/clients/shodan.rb +6 -6
- data/lib/mihari/clients/shodan_internet_db.rb +1 -1
- data/lib/mihari/clients/the_hive.rb +2 -2
- data/lib/mihari/clients/urlscan.rb +4 -4
- data/lib/mihari/clients/virustotal.rb +4 -4
- data/lib/mihari/clients/whois.rb +118 -0
- data/lib/mihari/clients/yeti.rb +38 -0
- data/lib/mihari/clients/zoomeye.rb +12 -12
- data/lib/mihari/commands/alert.rb +1 -1
- data/lib/mihari/commands/artifact.rb +1 -1
- data/lib/mihari/commands/rule.rb +1 -1
- data/lib/mihari/commands/tag.rb +1 -1
- data/lib/mihari/concerns/autonomous_system_normalizable.rb +1 -4
- data/lib/mihari/concerns/configurable.rb +1 -1
- data/lib/mihari/concerns/database_connectable.rb +2 -2
- data/lib/mihari/concerns/retriable.rb +1 -1
- data/lib/mihari/config.rb +14 -2
- data/lib/mihari/constants.rb +2 -2
- data/lib/mihari/data_type.rb +1 -3
- data/lib/mihari/emitters/base.rb +2 -2
- data/lib/mihari/emitters/database.rb +1 -1
- data/lib/mihari/emitters/misp.rb +12 -4
- data/lib/mihari/emitters/slack.rb +9 -9
- data/lib/mihari/emitters/the_hive.rb +9 -4
- data/lib/mihari/emitters/webhook.rb +4 -4
- data/lib/mihari/emitters/yeti.rb +107 -0
- data/lib/mihari/enrichers/base.rb +1 -1
- data/lib/mihari/enrichers/google_public_dns.rb +1 -1
- data/lib/mihari/enrichers/mmdb.rb +1 -1
- data/lib/mihari/enrichers/shodan.rb +3 -3
- data/lib/mihari/enrichers/whois.rb +6 -91
- data/lib/mihari/entities/alert.rb +6 -6
- data/lib/mihari/entities/artifact.rb +17 -17
- data/lib/mihari/entities/autonomous_system.rb +1 -1
- data/lib/mihari/entities/config.rb +8 -4
- data/lib/mihari/entities/cpe.rb +2 -2
- data/lib/mihari/entities/dns.rb +3 -3
- data/lib/mihari/entities/geolocation.rb +3 -3
- data/lib/mihari/entities/ip_address.rb +3 -3
- data/lib/mihari/entities/messages.rb +3 -3
- data/lib/mihari/entities/pagination.rb +3 -3
- data/lib/mihari/entities/port.rb +2 -2
- data/lib/mihari/entities/reverse_dns.rb +2 -2
- data/lib/mihari/entities/rule.rb +8 -8
- data/lib/mihari/entities/tag.rb +3 -3
- data/lib/mihari/entities/vulnerability.rb +2 -2
- data/lib/mihari/entities/whois.rb +7 -7
- data/lib/mihari/errors.rb +1 -1
- data/lib/mihari/models/artifact.rb +2 -2
- data/lib/mihari/models/port.rb +1 -1
- data/lib/mihari/models/tag.rb +3 -0
- data/lib/mihari/rule.rb +10 -14
- data/lib/mihari/schemas/emitter.rb +9 -0
- data/lib/mihari/services/feed.rb +3 -3
- data/lib/mihari/services/getters.rb +1 -1
- data/lib/mihari/services/proxies.rb +1 -1
- data/lib/mihari/services/renderer.rb +2 -0
- data/lib/mihari/services/searchers.rb +1 -1
- data/lib/mihari/sidekiq/application.rb +2 -2
- data/lib/mihari/structs/censys.rb +4 -4
- data/lib/mihari/structs/google_public_dns.rb +3 -3
- data/lib/mihari/structs/greynoise.rb +2 -2
- data/lib/mihari/structs/onyphe.rb +3 -3
- data/lib/mihari/structs/shodan.rb +10 -10
- data/lib/mihari/structs/urlscan.rb +1 -1
- data/lib/mihari/structs/virustotal_intelligence.rb +2 -2
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/api.rb +1 -1
- data/lib/mihari/web/application.rb +1 -1
- data/lib/mihari/web/endpoints/alerts.rb +12 -12
- data/lib/mihari/web/endpoints/artifacts.rb +11 -11
- data/lib/mihari/web/endpoints/configs.rb +7 -2
- data/lib/mihari/web/endpoints/ip_addresses.rb +5 -5
- data/lib/mihari/web/endpoints/rules.rb +26 -26
- data/lib/mihari/web/endpoints/tags.rb +4 -4
- data/lib/mihari/web/public/assets/{index-ReF8ffd-.css → index-80oZkhZG.css} +1 -1
- data/lib/mihari/web/public/assets/index-BNLbw8nG.js +1783 -0
- data/lib/mihari/web/public/index.html +2 -2
- data/lib/mihari/web/public/redoc-static.html +2 -2
- data/lib/mihari.rb +4 -1
- data/mihari.gemspec +19 -19
- data/renovate.json +1 -3
- data/requirements.txt +1 -1
- metadata +48 -44
- data/.standard.yml +0 -4
- data/lib/mihari/web/public/assets/index-lRP933ks.js +0 -1787
- /data/lib/mihari/web/public/assets/{mode-yaml-BC4MIiYj.js → mode-yaml-ELgwiJiP.js} +0 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Emitters
|
|
5
|
+
class Yeti < Base
|
|
6
|
+
# @return [String, nil]
|
|
7
|
+
attr_reader :url
|
|
8
|
+
|
|
9
|
+
# @return [String, nil]
|
|
10
|
+
attr_reader :api_key
|
|
11
|
+
|
|
12
|
+
# @return [Array<Mihari::Models::Artifact>]
|
|
13
|
+
attr_accessor :artifacts
|
|
14
|
+
|
|
15
|
+
#
|
|
16
|
+
# @param [Mihari::Rule] rule
|
|
17
|
+
# @param [Hash, nil] options
|
|
18
|
+
# @param [Hash] params
|
|
19
|
+
#
|
|
20
|
+
def initialize(rule:, options: nil, **params)
|
|
21
|
+
super(rule:, options:)
|
|
22
|
+
|
|
23
|
+
@url = params[:url] || Mihari.config.yeti_url
|
|
24
|
+
@api_key = params[:api_key] || Mihari.config.yeti_api_key
|
|
25
|
+
|
|
26
|
+
@artifacts = []
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
#
|
|
30
|
+
# @return [Boolean]
|
|
31
|
+
#
|
|
32
|
+
def configured?
|
|
33
|
+
api_key? && url?
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
#
|
|
37
|
+
# Create a Hive alert
|
|
38
|
+
#
|
|
39
|
+
# @param [Array<Mihari::Models::Artifact>] artifacts
|
|
40
|
+
#
|
|
41
|
+
def call(artifacts)
|
|
42
|
+
return if artifacts.empty?
|
|
43
|
+
|
|
44
|
+
@artifacts = artifacts
|
|
45
|
+
|
|
46
|
+
client.create_observables({observables:})
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
#
|
|
50
|
+
# @return [String]
|
|
51
|
+
#
|
|
52
|
+
def target
|
|
53
|
+
URI(url).host || "N/A"
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
private
|
|
57
|
+
|
|
58
|
+
def client
|
|
59
|
+
Clients::Yeti.new(url, api_key:, timeout:)
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
#
|
|
63
|
+
# Check whether a URL is set or not
|
|
64
|
+
#
|
|
65
|
+
# @return [Boolean]
|
|
66
|
+
#
|
|
67
|
+
def url?
|
|
68
|
+
!url.nil?
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def acceptable_artifacts
|
|
72
|
+
artifacts.reject { |artifact| artifact.data_type == "mail" }
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
#
|
|
76
|
+
# @param [Mihari::Models::Artifact] artifact
|
|
77
|
+
#
|
|
78
|
+
# @return [Hash]
|
|
79
|
+
#
|
|
80
|
+
def artifact_to_observable(artifact)
|
|
81
|
+
convert_table = {
|
|
82
|
+
domain: "hostname",
|
|
83
|
+
ip: "ipv4"
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
type = lambda do
|
|
87
|
+
detailed_type = DataType.detailed_type(artifact.data)
|
|
88
|
+
convert_table[detailed_type.to_sym] || detailed_type || artifact.data_type
|
|
89
|
+
end.call
|
|
90
|
+
|
|
91
|
+
{
|
|
92
|
+
tags:,
|
|
93
|
+
type:,
|
|
94
|
+
value: artifact.data
|
|
95
|
+
}
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def tags
|
|
99
|
+
@tags ||= rule.tags.map(&:name)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def observables
|
|
103
|
+
acceptable_artifacts.map { |artifact| artifact_to_observable(artifact) }
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
end
|
|
@@ -22,13 +22,13 @@ module Mihari
|
|
|
22
22
|
|
|
23
23
|
if tapped.reverse_dns_names.empty?
|
|
24
24
|
tapped.reverse_dns_names = (res&.hostnames || []).map do |name|
|
|
25
|
-
Models::ReverseDnsName.new(name:
|
|
25
|
+
Models::ReverseDnsName.new(name:)
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
if tapped.vulnerabilities.empty?
|
|
30
30
|
tapped.vulnerabilities = (res&.vulns || []).map do |name|
|
|
31
|
-
Models::Vulnerability.new(name:
|
|
31
|
+
Models::Vulnerability.new(name:)
|
|
32
32
|
end
|
|
33
33
|
end
|
|
34
34
|
end
|
|
@@ -50,7 +50,7 @@ module Mihari
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def client
|
|
53
|
-
@client ||= Clients::ShodanInternetDB.new(timeout:
|
|
53
|
+
@client ||= Clients::ShodanInternetDB.new(timeout:)
|
|
54
54
|
end
|
|
55
55
|
end
|
|
56
56
|
end
|
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "whois-parser"
|
|
4
|
-
|
|
5
3
|
module Mihari
|
|
6
4
|
module Enrichers
|
|
7
5
|
#
|
|
@@ -18,22 +16,15 @@ module Mihari
|
|
|
18
16
|
def call(artifact)
|
|
19
17
|
return if artifact.domain.nil?
|
|
20
18
|
|
|
21
|
-
|
|
22
|
-
record = memoized_lookup(domain)
|
|
23
|
-
return if record.parser.available?
|
|
24
|
-
|
|
25
|
-
artifact.whois_record ||= Models::WhoisRecord.new(
|
|
26
|
-
domain: domain,
|
|
27
|
-
created_on: get_created_on(record.parser),
|
|
28
|
-
updated_on: get_updated_on(record.parser),
|
|
29
|
-
expires_on: get_expires_on(record.parser),
|
|
30
|
-
registrar: get_registrar(record.parser),
|
|
31
|
-
contacts: get_contacts(record.parser)
|
|
32
|
-
)
|
|
19
|
+
artifact.whois_record ||= memoized_lookup(PublicSuffix.domain(artifact.domain))
|
|
33
20
|
end
|
|
34
21
|
|
|
35
22
|
private
|
|
36
23
|
|
|
24
|
+
def client
|
|
25
|
+
@client ||= Clients::Whois.new(timeout:)
|
|
26
|
+
end
|
|
27
|
+
|
|
37
28
|
#
|
|
38
29
|
# @param [Mihari::Models::Artifact] artifact
|
|
39
30
|
#
|
|
@@ -53,85 +44,9 @@ module Mihari
|
|
|
53
44
|
# @return [Mihari::Models::WhoisRecord, nil]
|
|
54
45
|
#
|
|
55
46
|
def memoized_lookup(domain)
|
|
56
|
-
|
|
47
|
+
client.lookup domain
|
|
57
48
|
end
|
|
58
49
|
memo_wise :memoized_lookup
|
|
59
|
-
|
|
60
|
-
#
|
|
61
|
-
# @return [::Whois::Client]
|
|
62
|
-
#
|
|
63
|
-
def whois
|
|
64
|
-
@whois ||= lambda do
|
|
65
|
-
return ::Whois::Client.new if timeout.nil?
|
|
66
|
-
|
|
67
|
-
::Whois::Client.new(timeout: timeout)
|
|
68
|
-
end.call
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
#
|
|
72
|
-
# Get created_on
|
|
73
|
-
#
|
|
74
|
-
# @param [::Whois::Parser] parser
|
|
75
|
-
#
|
|
76
|
-
# @return [Date, nil]
|
|
77
|
-
#
|
|
78
|
-
def get_created_on(parser)
|
|
79
|
-
parser.created_on
|
|
80
|
-
rescue ::Whois::AttributeNotImplemented
|
|
81
|
-
nil
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
#
|
|
85
|
-
# Get updated_on
|
|
86
|
-
#
|
|
87
|
-
# @param [::Whois::Parser] parser
|
|
88
|
-
#
|
|
89
|
-
# @return [Date, nil]
|
|
90
|
-
#
|
|
91
|
-
def get_updated_on(parser)
|
|
92
|
-
parser.updated_on
|
|
93
|
-
rescue ::Whois::AttributeNotImplemented
|
|
94
|
-
nil
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
#
|
|
98
|
-
# Get expires_on
|
|
99
|
-
#
|
|
100
|
-
# @param [::Whois::Parser] parser
|
|
101
|
-
#
|
|
102
|
-
# @return [Date, nil]
|
|
103
|
-
#
|
|
104
|
-
def get_expires_on(parser)
|
|
105
|
-
parser.expires_on
|
|
106
|
-
rescue ::Whois::AttributeNotImplemented
|
|
107
|
-
nil
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
#
|
|
111
|
-
# Get registrar
|
|
112
|
-
#
|
|
113
|
-
# @param [::Whois::Parser] parser
|
|
114
|
-
#
|
|
115
|
-
# @return [Hash, nil]
|
|
116
|
-
#
|
|
117
|
-
def get_registrar(parser)
|
|
118
|
-
parser.registrar&.to_h
|
|
119
|
-
rescue ::Whois::AttributeNotImplemented
|
|
120
|
-
nil
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
#
|
|
124
|
-
# Get contacts
|
|
125
|
-
#
|
|
126
|
-
# @param [::Whois::Parser] parser
|
|
127
|
-
#
|
|
128
|
-
# @return [Array<Hash>, nil]
|
|
129
|
-
#
|
|
130
|
-
def get_contacts(parser)
|
|
131
|
-
parser.contacts.map(&:to_h)
|
|
132
|
-
rescue ::Whois::AttributeNotImplemented
|
|
133
|
-
nil
|
|
134
|
-
end
|
|
135
50
|
end
|
|
136
51
|
end
|
|
137
52
|
end
|
|
@@ -3,16 +3,16 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Alert < Grape::Entity
|
|
6
|
-
expose :id, documentation: {
|
|
7
|
-
expose :rule_id, documentation: {
|
|
8
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :id, documentation: {type: Integer, required: true}
|
|
7
|
+
expose :rule_id, documentation: {type: String, required: true}, as: :ruleId
|
|
8
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
9
9
|
|
|
10
|
-
expose :artifacts, using: Entities::BaseArtifact, documentation: {
|
|
11
|
-
expose :tags, using: Entities::Tag, documentation: {
|
|
10
|
+
expose :artifacts, using: Entities::BaseArtifact, documentation: {type: Entities::BaseArtifact, is_array: true}
|
|
11
|
+
expose :tags, using: Entities::Tag, documentation: {type: Entities::Tag, is_array: true, required: true}
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
class AlertsWithPagination < Pagination
|
|
15
|
-
expose :results, using: Entities::Alert, documentation: {
|
|
15
|
+
expose :results, using: Entities::Alert, documentation: {type: Entities::Alert, is_array: true, required: true}
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
end
|
|
@@ -3,40 +3,40 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class BaseArtifact < Grape::Entity
|
|
6
|
-
expose :id, documentation: {
|
|
7
|
-
expose :data, documentation: {
|
|
8
|
-
expose :data_type, documentation: {
|
|
9
|
-
expose :source, documentation: {
|
|
10
|
-
expose :query, documentation: {
|
|
11
|
-
expose :created_at, documentation: {
|
|
12
|
-
expose :tags, using: Entities::Tag, documentation: {
|
|
6
|
+
expose :id, documentation: {type: Integer, required: true}
|
|
7
|
+
expose :data, documentation: {type: String, required: true}
|
|
8
|
+
expose :data_type, documentation: {type: String, required: true}, as: :dataType
|
|
9
|
+
expose :source, documentation: {type: String, required: true}
|
|
10
|
+
expose :query, documentation: {type: String, required: false}
|
|
11
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
12
|
+
expose :tags, using: Entities::Tag, documentation: {type: Entities::Tag, is_array: true, required: true}
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
class Artifact < BaseArtifact
|
|
16
|
-
expose :metadata, documentation: {
|
|
16
|
+
expose :metadata, documentation: {type: Hash}
|
|
17
17
|
expose :autonomous_system, using: Entities::AutonomousSystem,
|
|
18
|
-
documentation: {
|
|
19
|
-
expose :geolocation, using: Entities::Geolocation, documentation: {
|
|
18
|
+
documentation: {type: Entities::AutonomousSystem, required: false}, as: :autonomousSystem
|
|
19
|
+
expose :geolocation, using: Entities::Geolocation, documentation: {type: Entities::Geolocation, required: false}
|
|
20
20
|
expose :whois_record, using: Entities::WhoisRecord,
|
|
21
|
-
documentation: {
|
|
21
|
+
documentation: {type: Entities::WhoisRecord, required: false}, as: :whoisRecord
|
|
22
22
|
|
|
23
23
|
expose :reverse_dns_names, using: Entities::ReverseDnsName,
|
|
24
|
-
documentation: {
|
|
24
|
+
documentation: {type: Entities::ReverseDnsName, is_array: true, required: false}, as: :reverseDnsNames do |status, _options|
|
|
25
25
|
status.reverse_dns_names.empty? ? nil : status.reverse_dns_names
|
|
26
26
|
end
|
|
27
27
|
expose :dns_records, using: Entities::DnsRecord,
|
|
28
|
-
documentation: {
|
|
28
|
+
documentation: {type: Entities::DnsRecord, is_array: true, required: false}, as: :dnsRecords do |status, _options|
|
|
29
29
|
status.dns_records.empty? ? nil : status.dns_records
|
|
30
30
|
end
|
|
31
|
-
expose :ceps, using: Entities::CPE, documentation: {
|
|
31
|
+
expose :ceps, using: Entities::CPE, documentation: {type: Entities::CPE, is_array: true, required: false},
|
|
32
32
|
as: :cpes do |status, _options|
|
|
33
33
|
status.cpes.empty? ? nil : status.cpes
|
|
34
34
|
end
|
|
35
|
-
expose :ports, using: Entities::Port, documentation: {
|
|
35
|
+
expose :ports, using: Entities::Port, documentation: {type: Entities::Port, is_array: true, required: false},
|
|
36
36
|
as: :ports do |status, _options|
|
|
37
37
|
status.ports.empty? ? nil : status.ports
|
|
38
38
|
end
|
|
39
|
-
expose :vulnerabilities, using: Vulnerability, documentation: {
|
|
39
|
+
expose :vulnerabilities, using: Vulnerability, documentation: {type: Vulnerability, is_array: true, required: false},
|
|
40
40
|
as: :vulnerabilities do |status, _options|
|
|
41
41
|
status.vulnerabilities.empty? ? nil : status.vulnerabilities
|
|
42
42
|
end
|
|
@@ -44,7 +44,7 @@ module Mihari
|
|
|
44
44
|
|
|
45
45
|
class ArtifactsWithPagination < Pagination
|
|
46
46
|
expose :results, using: Entities::BaseArtifact,
|
|
47
|
-
documentation: {
|
|
47
|
+
documentation: {type: Entities::Artifact, is_array: true, required: true}
|
|
48
48
|
end
|
|
49
49
|
end
|
|
50
50
|
end
|
|
@@ -3,10 +3,14 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Config < Grape::Entity
|
|
6
|
-
expose :name, documentation: {
|
|
7
|
-
expose :type, documentation: {
|
|
8
|
-
expose :items, documentation: {
|
|
9
|
-
expose :configured, documentation: {
|
|
6
|
+
expose :name, documentation: {type: String, required: true}
|
|
7
|
+
expose :type, documentation: {type: String, required: true}
|
|
8
|
+
expose :items, documentation: {type: Hash, is_array: true, required: true}
|
|
9
|
+
expose :configured, documentation: {type: Grape::API::Boolean, required: true}
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
class Configs < Grape::Entity
|
|
13
|
+
expose :results, using: Config, documentation: {type: Config, is_array: true, required: true}
|
|
10
14
|
end
|
|
11
15
|
end
|
|
12
16
|
end
|
data/lib/mihari/entities/cpe.rb
CHANGED
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class CPE < Grape::Entity
|
|
6
|
-
expose :name, documentation: {
|
|
7
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :name, documentation: {type: String, required: true}
|
|
7
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
10
|
end
|
data/lib/mihari/entities/dns.rb
CHANGED
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class DnsRecord < Grape::Entity
|
|
6
|
-
expose :resource, documentation: {
|
|
7
|
-
expose :value, documentation: {
|
|
8
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :resource, documentation: {type: String, required: true}
|
|
7
|
+
expose :value, documentation: {type: String, required: true}
|
|
8
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Geolocation < Grape::Entity
|
|
6
|
-
expose :country, documentation: {
|
|
7
|
-
expose :country_code, documentation: {
|
|
8
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :country, documentation: {type: String, required: true}
|
|
7
|
+
expose :country_code, documentation: {type: String, required: true}, as: :countryCode
|
|
8
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class IPAddress < Grape::Entity
|
|
6
|
-
expose :country_code, documentation: {
|
|
7
|
-
expose :asn, documentation: {
|
|
8
|
-
expose :loc, documentation: {
|
|
6
|
+
expose :country_code, documentation: {type: String, required: true}, as: :countryCode
|
|
7
|
+
expose :asn, documentation: {type: Integer, required: false}
|
|
8
|
+
expose :loc, documentation: {type: String, required: false}
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
|
@@ -3,15 +3,15 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Message < Grape::Entity
|
|
6
|
-
expose :message, documentation: {
|
|
6
|
+
expose :message, documentation: {type: String, required: true}
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
class ErrorMessage < Message
|
|
10
|
-
expose :detail, documentation: {
|
|
10
|
+
expose :detail, documentation: {type: Hash, required: false}
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
class QueueMessage < Message
|
|
14
|
-
expose :queued, documentation: {
|
|
14
|
+
expose :queued, documentation: {type: Grape::API::Boolean, required: true}
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
end
|
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Pagination < Grape::Entity
|
|
6
|
-
expose :total, documentation: {
|
|
7
|
-
expose :current_page, documentation: {
|
|
8
|
-
expose :page_size, documentation: {
|
|
6
|
+
expose :total, documentation: {type: Integer, required: true}
|
|
7
|
+
expose :current_page, documentation: {type: Integer, required: true}, as: :currentPage
|
|
8
|
+
expose :page_size, documentation: {type: Integer, required: true}, as: :pageSize
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
data/lib/mihari/entities/port.rb
CHANGED
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Port < Grape::Entity
|
|
6
|
-
expose :number, documentation: {
|
|
7
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :number, documentation: {type: Integer, required: true}
|
|
7
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
10
|
end
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class ReverseDnsName < Grape::Entity
|
|
6
|
-
expose :name, documentation: {
|
|
7
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :name, documentation: {type: String, required: true}
|
|
7
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
10
|
end
|
data/lib/mihari/entities/rule.rb
CHANGED
|
@@ -3,17 +3,17 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Rule < Grape::Entity
|
|
6
|
-
expose :id, documentation: {
|
|
7
|
-
expose :title, documentation: {
|
|
8
|
-
expose :description, documentation: {
|
|
9
|
-
expose :yaml, documentation: {
|
|
10
|
-
expose :created_at, documentation: {
|
|
11
|
-
expose :updated_at, documentation: {
|
|
12
|
-
expose :tags, using: Entities::Tag, documentation: {
|
|
6
|
+
expose :id, documentation: {type: String, required: true}
|
|
7
|
+
expose :title, documentation: {type: String, required: true}
|
|
8
|
+
expose :description, documentation: {type: String, required: true}
|
|
9
|
+
expose :yaml, documentation: {type: String, required: true}
|
|
10
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
11
|
+
expose :updated_at, documentation: {type: DateTime, required: true}, as: :updatedAt
|
|
12
|
+
expose :tags, using: Entities::Tag, documentation: {type: Entities::Tag, is_array: true, required: true}
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
class RulesWithPagination < Pagination
|
|
16
|
-
expose :results, using: Entities::Rule, documentation: {
|
|
16
|
+
expose :results, using: Entities::Rule, documentation: {type: Entities::Rule, is_array: true, required: true}
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
end
|
data/lib/mihari/entities/tag.rb
CHANGED
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Tag < Grape::Entity
|
|
6
|
-
expose :id, documentation: {
|
|
7
|
-
expose :name, documentation: {
|
|
6
|
+
expose :id, documentation: {type: Integer, required: true}
|
|
7
|
+
expose :name, documentation: {type: String, required: true}
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
class TagsWithPagination < Pagination
|
|
11
|
-
expose :results, using: Entities::Tag, documentation: {
|
|
11
|
+
expose :results, using: Entities::Tag, documentation: {type: Entities::Tag, is_array: true, required: true}
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
end
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class Vulnerability < Grape::Entity
|
|
6
|
-
expose :name, documentation: {
|
|
7
|
-
expose :created_at, documentation: {
|
|
6
|
+
expose :name, documentation: {type: String, required: true}
|
|
7
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
10
|
end
|
|
@@ -3,15 +3,15 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Entities
|
|
5
5
|
class WhoisRecord < Grape::Entity
|
|
6
|
-
expose :domain, documentation: {
|
|
7
|
-
expose :created_on, documentation: {
|
|
8
|
-
expose :updated_on, documentation: {
|
|
9
|
-
expose :expires_on, documentation: {
|
|
10
|
-
expose :registrar, documentation: {
|
|
11
|
-
expose :contacts, documentation: {
|
|
6
|
+
expose :domain, documentation: {type: String, required: true}
|
|
7
|
+
expose :created_on, documentation: {type: Date, required: false}, as: :createdOn
|
|
8
|
+
expose :updated_on, documentation: {type: Date, required: false}, as: :updatedOn
|
|
9
|
+
expose :expires_on, documentation: {type: Date, required: false}, as: :expiresOn
|
|
10
|
+
expose :registrar, documentation: {type: Hash, required: false}
|
|
11
|
+
expose :contacts, documentation: {type: Hash, is_array: true, required: true} do |whois_record, _options|
|
|
12
12
|
whois_record.contacts.map(&:to_camelback_keys)
|
|
13
13
|
end
|
|
14
|
-
expose :created_at, documentation: {
|
|
14
|
+
expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
end
|
data/lib/mihari/errors.rb
CHANGED
|
@@ -159,8 +159,8 @@ module Mihari
|
|
|
159
159
|
#
|
|
160
160
|
def unique?(base_time: nil, artifact_ttl: nil)
|
|
161
161
|
artifact = self.class.joins(:alert).where(
|
|
162
|
-
data
|
|
163
|
-
alert: {
|
|
162
|
+
data:,
|
|
163
|
+
alert: {rule_id:}
|
|
164
164
|
).order(created_at: :desc).first
|
|
165
165
|
return true if artifact.nil?
|
|
166
166
|
|
data/lib/mihari/models/port.rb
CHANGED