mihari 7.5.0 → 7.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.shadowenv.d/000_unset_all.lisp +1 -0
- data/Rakefile +11 -7
- data/lib/mihari/analyzers/validin.rb +76 -0
- data/lib/mihari/clients/validin.rb +47 -0
- data/lib/mihari/config.rb +4 -0
- data/lib/mihari/schemas/analyzer.rb +1 -0
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/alerts.rb +2 -4
- data/lib/mihari/web/endpoints/artifacts.rb +2 -2
- data/lib/mihari/web/endpoints/configs.rb +1 -6
- data/lib/mihari/web/endpoints/rules.rb +2 -2
- data/lib/mihari/web/endpoints/tags.rb +2 -2
- data/lib/mihari/web/public/assets/index-CNoViC5p.css +1 -0
- data/lib/mihari/web/public/assets/index-ruBsf_QV.js +1783 -0
- data/lib/mihari/web/public/index.html +2 -2
- data/lib/mihari/web/public/redoc-static.html +26 -22
- data/lib/mihari.rb +1 -0
- data/mihari.gemspec +6 -6
- data/requirements.txt +1 -1
- metadata +18 -16
- data/lib/mihari/web/public/assets/index-80oZkhZG.css +0 -1
- data/lib/mihari/web/public/assets/index-BNLbw8nG.js +0 -1783
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2fd0c07fe2661f57d6db5b409c527789c5e17d23e7691d5ac241ff5b36a20698
|
|
4
|
+
data.tar.gz: d7f2a832b3cb364aca8bdfad71cf762f72dc707892d2697ef8bb272bcb794b1d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 39c5c92cf79721ed6d98b09a63a3d609eab8e8da9ba5badb1cd1a9f01fcb04d8f11edaa3b50fd7e0aed6dcb44f7befb77166e9bbf8399bac4d6592eafd943763
|
|
7
|
+
data.tar.gz: 7c06bd2ca9616605aa9601d198a413529f92205861dcafbfd86e84fa5bca6e2344d42ef558f27ee4c358f09778679fdaa2018954a6d34bfa534f2a3fa155042d
|
data/Rakefile
CHANGED
|
@@ -55,17 +55,21 @@ namespace :build do
|
|
|
55
55
|
|
|
56
56
|
puts "Swagger doc is built in #{elapsed}s"
|
|
57
57
|
end
|
|
58
|
+
|
|
59
|
+
desc "Build frontend assets"
|
|
60
|
+
task :frontend do
|
|
61
|
+
# Build frontend assets
|
|
62
|
+
sh "cd frontend && npm install && npm run docs && npm run build-only"
|
|
63
|
+
# Copy built assets into ./lib/web/public/
|
|
64
|
+
sh "rm -rf ./lib/mihari/web/public/"
|
|
65
|
+
sh "mkdir -p ./lib/mihari/web/public/"
|
|
66
|
+
sh "cp -r frontend/dist/* ./lib/mihari/web/public"
|
|
67
|
+
end
|
|
58
68
|
end
|
|
59
69
|
|
|
60
70
|
task :build do
|
|
61
71
|
Rake::Task["build:swagger"].invoke
|
|
62
|
-
|
|
63
|
-
# Build ReDocs docs & frontend assets
|
|
64
|
-
sh "cd frontend && npm install && npm run docs && npm run build-only"
|
|
65
|
-
# Copy built assets into ./lib/web/public/
|
|
66
|
-
sh "rm -rf ./lib/mihari/web/public/"
|
|
67
|
-
sh "mkdir -p ./lib/mihari/web/public/"
|
|
68
|
-
sh "cp -r frontend/dist/* ./lib/mihari/web/public"
|
|
72
|
+
Rake::Task["build:frontend"].invoke
|
|
69
73
|
end
|
|
70
74
|
|
|
71
75
|
# require it later enables doing pre-build step (= build the frontend app)
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "mihari/clients/validin"
|
|
4
|
+
|
|
5
|
+
module Mihari
|
|
6
|
+
module Analyzers
|
|
7
|
+
#
|
|
8
|
+
# Validin analyzer
|
|
9
|
+
#
|
|
10
|
+
class Validin < Base
|
|
11
|
+
include Concerns::Refangable
|
|
12
|
+
|
|
13
|
+
# @return [String, nil]
|
|
14
|
+
attr_reader :type
|
|
15
|
+
|
|
16
|
+
# @return [String, nil]
|
|
17
|
+
attr_reader :username
|
|
18
|
+
|
|
19
|
+
# @return [String, nil]
|
|
20
|
+
attr_reader :api_key
|
|
21
|
+
|
|
22
|
+
#
|
|
23
|
+
# @param [String] query
|
|
24
|
+
# @param [Hash, nil] options
|
|
25
|
+
# @param [String, nil] api_key
|
|
26
|
+
#
|
|
27
|
+
def initialize(query, options: nil, api_key: nil)
|
|
28
|
+
super(refang(query), options:)
|
|
29
|
+
|
|
30
|
+
@type = DataType.type(query)
|
|
31
|
+
|
|
32
|
+
@api_key = api_key || Mihari.config.validin_api_key
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def artifacts
|
|
36
|
+
case type
|
|
37
|
+
when "domain"
|
|
38
|
+
dns_history_search
|
|
39
|
+
when "ip"
|
|
40
|
+
reverse_ip_search
|
|
41
|
+
else
|
|
42
|
+
raise ValueError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
private
|
|
47
|
+
|
|
48
|
+
def dns_history_search
|
|
49
|
+
res = client.dns_history_search(query)
|
|
50
|
+
(res.dig("records", "A") || []).filter_map do |r|
|
|
51
|
+
r["value"]
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def reverse_ip_search
|
|
56
|
+
res = client.dns_history_search(query)
|
|
57
|
+
(res.dig("records", "A") || []).filter_map do |r|
|
|
58
|
+
r["value"]
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def client
|
|
63
|
+
Clients::Validin.new(api_key:, timeout:)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
#
|
|
67
|
+
# Check whether a type is valid or not
|
|
68
|
+
#
|
|
69
|
+
# @return [Boolean]
|
|
70
|
+
#
|
|
71
|
+
def valid_type?
|
|
72
|
+
%w[ip domain].include? type
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Clients
|
|
5
|
+
#
|
|
6
|
+
# Validin API client
|
|
7
|
+
#
|
|
8
|
+
class Validin < Base
|
|
9
|
+
#
|
|
10
|
+
# @param [String] base_url
|
|
11
|
+
# @param [String, nil] api_key
|
|
12
|
+
# @param [Hash] headers
|
|
13
|
+
# @param [Integer, nil] timeout
|
|
14
|
+
#
|
|
15
|
+
def initialize(
|
|
16
|
+
base_url = "https://app.validin.com",
|
|
17
|
+
api_key:,
|
|
18
|
+
headers: {},
|
|
19
|
+
timeout: nil
|
|
20
|
+
)
|
|
21
|
+
raise(ArgumentError, "api_key is required") if api_key.nil?
|
|
22
|
+
|
|
23
|
+
headers["Authorization"] = "Bearer #{api_key}"
|
|
24
|
+
|
|
25
|
+
super(base_url, headers:, timeout:)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
#
|
|
29
|
+
# @param [String] domain
|
|
30
|
+
#
|
|
31
|
+
# @return [Hash]
|
|
32
|
+
#
|
|
33
|
+
def dns_history_search(domain)
|
|
34
|
+
get_json "/api/axon/domain/dns/history/#{domain}/A"
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
#
|
|
38
|
+
# @param [String] ip
|
|
39
|
+
#
|
|
40
|
+
# @return [Hash]
|
|
41
|
+
#
|
|
42
|
+
def search_reverse_ip(ip)
|
|
43
|
+
get_json "/api/axon/ip/dns/history/#{ip}"
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
data/lib/mihari/config.rb
CHANGED
|
@@ -33,6 +33,7 @@ module Mihari
|
|
|
33
33
|
thehive_api_key: nil,
|
|
34
34
|
thehive_url: nil,
|
|
35
35
|
urlscan_api_key: nil,
|
|
36
|
+
validin_api_key: nil,
|
|
36
37
|
virustotal_api_key: nil,
|
|
37
38
|
yeti_api_key: nil,
|
|
38
39
|
yeti_url: nil,
|
|
@@ -122,6 +123,9 @@ module Mihari
|
|
|
122
123
|
# @!attribute [r] urlscan_api_key
|
|
123
124
|
# @return [String, nil]
|
|
124
125
|
|
|
126
|
+
# @!attribute [r] validin_api_key
|
|
127
|
+
# @return [String, nil]
|
|
128
|
+
|
|
125
129
|
# @!attribute [r] virustotal_api_key
|
|
126
130
|
# @return [String, nil]
|
|
127
131
|
|
data/lib/mihari/version.rb
CHANGED
|
@@ -52,7 +52,7 @@ module Mihari
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
desc "Delete an alert", {
|
|
55
|
-
success: {code: 204
|
|
55
|
+
success: {code: 204},
|
|
56
56
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
57
57
|
summary: "Delete an alert"
|
|
58
58
|
}
|
|
@@ -60,11 +60,9 @@ module Mihari
|
|
|
60
60
|
requires :id, type: Integer
|
|
61
61
|
end
|
|
62
62
|
delete "/:id" do
|
|
63
|
-
status 204
|
|
64
|
-
|
|
65
63
|
id = params["id"].to_i
|
|
66
64
|
result = Services::AlertDestroyer.result(id)
|
|
67
|
-
return
|
|
65
|
+
return if result.success?
|
|
68
66
|
|
|
69
67
|
case result.failure
|
|
70
68
|
when ActiveRecord::RecordNotFound
|
|
@@ -87,7 +87,7 @@ module Mihari
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
desc "Delete an artifact", {
|
|
90
|
-
success: {code: 204
|
|
90
|
+
success: {code: 204},
|
|
91
91
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
92
92
|
summary: "Delete an artifact"
|
|
93
93
|
}
|
|
@@ -99,7 +99,7 @@ module Mihari
|
|
|
99
99
|
|
|
100
100
|
id = params["id"].to_i
|
|
101
101
|
result = Services::ArtifactDestroyer.result(id)
|
|
102
|
-
return
|
|
102
|
+
return if result.success?
|
|
103
103
|
|
|
104
104
|
case result.failure
|
|
105
105
|
when ActiveRecord::RecordNotFound
|
|
@@ -167,7 +167,7 @@ module Mihari
|
|
|
167
167
|
end
|
|
168
168
|
|
|
169
169
|
desc "Delete a rule", {
|
|
170
|
-
success: {code: 204
|
|
170
|
+
success: {code: 204},
|
|
171
171
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
172
172
|
summary: "Delete a rule"
|
|
173
173
|
}
|
|
@@ -179,7 +179,7 @@ module Mihari
|
|
|
179
179
|
|
|
180
180
|
id = params[:id].to_s
|
|
181
181
|
result = Services::RuleDestroyer.result(id)
|
|
182
|
-
return
|
|
182
|
+
return if result.success?
|
|
183
183
|
|
|
184
184
|
case result.failure
|
|
185
185
|
when ActiveRecord::RecordNotFound
|
|
@@ -32,7 +32,7 @@ module Mihari
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
desc "Delete a tag", {
|
|
35
|
-
success: {code: 204
|
|
35
|
+
success: {code: 204},
|
|
36
36
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
37
37
|
summary: "Delete a tag"
|
|
38
38
|
}
|
|
@@ -44,7 +44,7 @@ module Mihari
|
|
|
44
44
|
|
|
45
45
|
id = params[:id].to_i
|
|
46
46
|
result = Services::TagDestroyer.result(id)
|
|
47
|
-
return
|
|
47
|
+
return if result.success?
|
|
48
48
|
|
|
49
49
|
case result.failure
|
|
50
50
|
when ActiveRecord::RecordNotFound
|