mihari 7.5.0 → 7.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.shadowenv.d/000_unset_all.lisp +1 -0
- data/Rakefile +11 -7
- data/lib/mihari/analyzers/validin.rb +76 -0
- data/lib/mihari/clients/validin.rb +47 -0
- data/lib/mihari/config.rb +4 -0
- data/lib/mihari/schemas/analyzer.rb +1 -0
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/alerts.rb +2 -4
- data/lib/mihari/web/endpoints/artifacts.rb +2 -2
- data/lib/mihari/web/endpoints/configs.rb +1 -6
- data/lib/mihari/web/endpoints/rules.rb +2 -2
- data/lib/mihari/web/endpoints/tags.rb +2 -2
- data/lib/mihari/web/public/assets/index-CNoViC5p.css +1 -0
- data/lib/mihari/web/public/assets/index-ruBsf_QV.js +1783 -0
- data/lib/mihari/web/public/index.html +2 -2
- data/lib/mihari/web/public/redoc-static.html +26 -22
- data/lib/mihari.rb +1 -0
- data/mihari.gemspec +6 -6
- data/requirements.txt +1 -1
- metadata +18 -16
- data/lib/mihari/web/public/assets/index-80oZkhZG.css +0 -1
- data/lib/mihari/web/public/assets/index-BNLbw8nG.js +0 -1783
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2fd0c07fe2661f57d6db5b409c527789c5e17d23e7691d5ac241ff5b36a20698
|
|
4
|
+
data.tar.gz: d7f2a832b3cb364aca8bdfad71cf762f72dc707892d2697ef8bb272bcb794b1d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 39c5c92cf79721ed6d98b09a63a3d609eab8e8da9ba5badb1cd1a9f01fcb04d8f11edaa3b50fd7e0aed6dcb44f7befb77166e9bbf8399bac4d6592eafd943763
|
|
7
|
+
data.tar.gz: 7c06bd2ca9616605aa9601d198a413529f92205861dcafbfd86e84fa5bca6e2344d42ef558f27ee4c358f09778679fdaa2018954a6d34bfa534f2a3fa155042d
|
data/Rakefile
CHANGED
|
@@ -55,17 +55,21 @@ namespace :build do
|
|
|
55
55
|
|
|
56
56
|
puts "Swagger doc is built in #{elapsed}s"
|
|
57
57
|
end
|
|
58
|
+
|
|
59
|
+
desc "Build frontend assets"
|
|
60
|
+
task :frontend do
|
|
61
|
+
# Build frontend assets
|
|
62
|
+
sh "cd frontend && npm install && npm run docs && npm run build-only"
|
|
63
|
+
# Copy built assets into ./lib/web/public/
|
|
64
|
+
sh "rm -rf ./lib/mihari/web/public/"
|
|
65
|
+
sh "mkdir -p ./lib/mihari/web/public/"
|
|
66
|
+
sh "cp -r frontend/dist/* ./lib/mihari/web/public"
|
|
67
|
+
end
|
|
58
68
|
end
|
|
59
69
|
|
|
60
70
|
task :build do
|
|
61
71
|
Rake::Task["build:swagger"].invoke
|
|
62
|
-
|
|
63
|
-
# Build ReDocs docs & frontend assets
|
|
64
|
-
sh "cd frontend && npm install && npm run docs && npm run build-only"
|
|
65
|
-
# Copy built assets into ./lib/web/public/
|
|
66
|
-
sh "rm -rf ./lib/mihari/web/public/"
|
|
67
|
-
sh "mkdir -p ./lib/mihari/web/public/"
|
|
68
|
-
sh "cp -r frontend/dist/* ./lib/mihari/web/public"
|
|
72
|
+
Rake::Task["build:frontend"].invoke
|
|
69
73
|
end
|
|
70
74
|
|
|
71
75
|
# require it later enables doing pre-build step (= build the frontend app)
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "mihari/clients/validin"
|
|
4
|
+
|
|
5
|
+
module Mihari
|
|
6
|
+
module Analyzers
|
|
7
|
+
#
|
|
8
|
+
# Validin analyzer
|
|
9
|
+
#
|
|
10
|
+
class Validin < Base
|
|
11
|
+
include Concerns::Refangable
|
|
12
|
+
|
|
13
|
+
# @return [String, nil]
|
|
14
|
+
attr_reader :type
|
|
15
|
+
|
|
16
|
+
# @return [String, nil]
|
|
17
|
+
attr_reader :username
|
|
18
|
+
|
|
19
|
+
# @return [String, nil]
|
|
20
|
+
attr_reader :api_key
|
|
21
|
+
|
|
22
|
+
#
|
|
23
|
+
# @param [String] query
|
|
24
|
+
# @param [Hash, nil] options
|
|
25
|
+
# @param [String, nil] api_key
|
|
26
|
+
#
|
|
27
|
+
def initialize(query, options: nil, api_key: nil)
|
|
28
|
+
super(refang(query), options:)
|
|
29
|
+
|
|
30
|
+
@type = DataType.type(query)
|
|
31
|
+
|
|
32
|
+
@api_key = api_key || Mihari.config.validin_api_key
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def artifacts
|
|
36
|
+
case type
|
|
37
|
+
when "domain"
|
|
38
|
+
dns_history_search
|
|
39
|
+
when "ip"
|
|
40
|
+
reverse_ip_search
|
|
41
|
+
else
|
|
42
|
+
raise ValueError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
private
|
|
47
|
+
|
|
48
|
+
def dns_history_search
|
|
49
|
+
res = client.dns_history_search(query)
|
|
50
|
+
(res.dig("records", "A") || []).filter_map do |r|
|
|
51
|
+
r["value"]
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def reverse_ip_search
|
|
56
|
+
res = client.dns_history_search(query)
|
|
57
|
+
(res.dig("records", "A") || []).filter_map do |r|
|
|
58
|
+
r["value"]
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def client
|
|
63
|
+
Clients::Validin.new(api_key:, timeout:)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
#
|
|
67
|
+
# Check whether a type is valid or not
|
|
68
|
+
#
|
|
69
|
+
# @return [Boolean]
|
|
70
|
+
#
|
|
71
|
+
def valid_type?
|
|
72
|
+
%w[ip domain].include? type
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mihari
|
|
4
|
+
module Clients
|
|
5
|
+
#
|
|
6
|
+
# Validin API client
|
|
7
|
+
#
|
|
8
|
+
class Validin < Base
|
|
9
|
+
#
|
|
10
|
+
# @param [String] base_url
|
|
11
|
+
# @param [String, nil] api_key
|
|
12
|
+
# @param [Hash] headers
|
|
13
|
+
# @param [Integer, nil] timeout
|
|
14
|
+
#
|
|
15
|
+
def initialize(
|
|
16
|
+
base_url = "https://app.validin.com",
|
|
17
|
+
api_key:,
|
|
18
|
+
headers: {},
|
|
19
|
+
timeout: nil
|
|
20
|
+
)
|
|
21
|
+
raise(ArgumentError, "api_key is required") if api_key.nil?
|
|
22
|
+
|
|
23
|
+
headers["Authorization"] = "Bearer #{api_key}"
|
|
24
|
+
|
|
25
|
+
super(base_url, headers:, timeout:)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
#
|
|
29
|
+
# @param [String] domain
|
|
30
|
+
#
|
|
31
|
+
# @return [Hash]
|
|
32
|
+
#
|
|
33
|
+
def dns_history_search(domain)
|
|
34
|
+
get_json "/api/axon/domain/dns/history/#{domain}/A"
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
#
|
|
38
|
+
# @param [String] ip
|
|
39
|
+
#
|
|
40
|
+
# @return [Hash]
|
|
41
|
+
#
|
|
42
|
+
def search_reverse_ip(ip)
|
|
43
|
+
get_json "/api/axon/ip/dns/history/#{ip}"
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
data/lib/mihari/config.rb
CHANGED
|
@@ -33,6 +33,7 @@ module Mihari
|
|
|
33
33
|
thehive_api_key: nil,
|
|
34
34
|
thehive_url: nil,
|
|
35
35
|
urlscan_api_key: nil,
|
|
36
|
+
validin_api_key: nil,
|
|
36
37
|
virustotal_api_key: nil,
|
|
37
38
|
yeti_api_key: nil,
|
|
38
39
|
yeti_url: nil,
|
|
@@ -122,6 +123,9 @@ module Mihari
|
|
|
122
123
|
# @!attribute [r] urlscan_api_key
|
|
123
124
|
# @return [String, nil]
|
|
124
125
|
|
|
126
|
+
# @!attribute [r] validin_api_key
|
|
127
|
+
# @return [String, nil]
|
|
128
|
+
|
|
125
129
|
# @!attribute [r] virustotal_api_key
|
|
126
130
|
# @return [String, nil]
|
|
127
131
|
|
data/lib/mihari/version.rb
CHANGED
|
@@ -52,7 +52,7 @@ module Mihari
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
desc "Delete an alert", {
|
|
55
|
-
success: {code: 204
|
|
55
|
+
success: {code: 204},
|
|
56
56
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
57
57
|
summary: "Delete an alert"
|
|
58
58
|
}
|
|
@@ -60,11 +60,9 @@ module Mihari
|
|
|
60
60
|
requires :id, type: Integer
|
|
61
61
|
end
|
|
62
62
|
delete "/:id" do
|
|
63
|
-
status 204
|
|
64
|
-
|
|
65
63
|
id = params["id"].to_i
|
|
66
64
|
result = Services::AlertDestroyer.result(id)
|
|
67
|
-
return
|
|
65
|
+
return if result.success?
|
|
68
66
|
|
|
69
67
|
case result.failure
|
|
70
68
|
when ActiveRecord::RecordNotFound
|
|
@@ -87,7 +87,7 @@ module Mihari
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
desc "Delete an artifact", {
|
|
90
|
-
success: {code: 204
|
|
90
|
+
success: {code: 204},
|
|
91
91
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
92
92
|
summary: "Delete an artifact"
|
|
93
93
|
}
|
|
@@ -99,7 +99,7 @@ module Mihari
|
|
|
99
99
|
|
|
100
100
|
id = params["id"].to_i
|
|
101
101
|
result = Services::ArtifactDestroyer.result(id)
|
|
102
|
-
return
|
|
102
|
+
return if result.success?
|
|
103
103
|
|
|
104
104
|
case result.failure
|
|
105
105
|
when ActiveRecord::RecordNotFound
|
|
@@ -167,7 +167,7 @@ module Mihari
|
|
|
167
167
|
end
|
|
168
168
|
|
|
169
169
|
desc "Delete a rule", {
|
|
170
|
-
success: {code: 204
|
|
170
|
+
success: {code: 204},
|
|
171
171
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
172
172
|
summary: "Delete a rule"
|
|
173
173
|
}
|
|
@@ -179,7 +179,7 @@ module Mihari
|
|
|
179
179
|
|
|
180
180
|
id = params[:id].to_s
|
|
181
181
|
result = Services::RuleDestroyer.result(id)
|
|
182
|
-
return
|
|
182
|
+
return if result.success?
|
|
183
183
|
|
|
184
184
|
case result.failure
|
|
185
185
|
when ActiveRecord::RecordNotFound
|
|
@@ -32,7 +32,7 @@ module Mihari
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
desc "Delete a tag", {
|
|
35
|
-
success: {code: 204
|
|
35
|
+
success: {code: 204},
|
|
36
36
|
failure: [{code: 404, model: Entities::ErrorMessage}],
|
|
37
37
|
summary: "Delete a tag"
|
|
38
38
|
}
|
|
@@ -44,7 +44,7 @@ module Mihari
|
|
|
44
44
|
|
|
45
45
|
id = params[:id].to_i
|
|
46
46
|
result = Services::TagDestroyer.result(id)
|
|
47
|
-
return
|
|
47
|
+
return if result.success?
|
|
48
48
|
|
|
49
49
|
case result.failure
|
|
50
50
|
when ActiveRecord::RecordNotFound
|