mihari 7.6.0 → 7.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa05d5cca592eb276667bc95e7c7a88c12be39bb547ffb4f3bac810f9e5a72a6
-  data.tar.gz: 81a9a73171dbb4c5171893cb23cc47963fcfef38d441cfebd37005e6e6dc6202
+  metadata.gz: c5fff977863ca54dae5b645e3587d8f09f0583df44fca258ac4f1c8f3455a74e
+  data.tar.gz: 3c45cf5405737aaddbd79b42590509f155b3be13c3a0645057cc446666728655
 SHA512:
-  metadata.gz: d6623c5441e14cf967987c2341349e9973922fdb18dc5d9c3473bcc8fbc7aaf813f9a48c8384331e49a4ada370ebd270d3cd68cbc7dcc6481f1bb886b0923109
-  data.tar.gz: 0d112b4740054b7afe79effff48016b8549bf6ef45b337ba43b44fba13f162f7cc8b5f2bfe653bfacf4bb356c2f1b32c7a5964be174d028b877372d642aedfea
+  metadata.gz: d189d79161738b06e2ee970b835b953bd968c4c4500b7cf589fcf3c2ac31a49f46a9d2fcf3581818484f9daf0b72a87a1d3cd39084d39e4a9bcfdf4ab0edc1a4
+  data.tar.gz: 463d12e871297b9d5be403139720fc51d09bd51e0c41855d47cbe889de086f2a5a2d2fe25fa592f81ddec1b6e56195b9878372c1fc8955f23357b72d09bbdce0

data/.rubocop.yml

@@ -1,5 +1,6 @@
-Style/StringLiterals:
-  EnforcedStyle: double_quotes
+AllCops:
+  TargetRubyVersion: 3.2
+  NewCops: enable
 Metrics/BlockLength:
   Max: 150
   Exclude:
@@ -12,13 +13,32 @@ Metrics/MethodLength:
 Metrics/AbcSize:
   Max: 50
 RSpec/MultipleMemoizedHelpers:
-  Max: 10
+  Max: 15
 RSpec/ExampleLength:
   Max: 20
-RSpec/FilePath:
-  SpecSuffixOnly: true
+RSpec/NestedGroups:
+  Max: 5
+RSpec/RepeatedExampleGroupDescription:
+  Enabled: false
+RSpec/ReceiveMessages:
+  Enabled: false
+RSpec/MultipleExpectations:
+  Enabled: false
+RSpec/SpecFilePathFormat:
+  Enabled: false
+FactoryBot/SyntaxMethods:
+  Enabled: false
 require:
+  - rubocop-capybara
   - rubocop-factory_bot
+  - rubocop-performance
   - rubocop-rake
   - rubocop-rspec
   - rubocop-yard
+  - standard
+  - standard-custom
+  - standard-performance
+inherit_gem:
+  standard: config/base.yml
+  standard-custom: config/base.yml
+  standard-performance: config/base.yml

data/.shadowenv.d/000_unset_all.lisp

@@ -35,5 +35,6 @@
 (env/set "THEHIVE_API_KEY" ())
 (env/set "THEHIVE_URL" ())
 (env/set "URLSCAN_API_KEY" ())
+(env/set "VALIDIN_API_KEY" ())
 (env/set "VIRUSTOTAL_API_KEY" ())
 (env/set "ZOOMEYE_API_KEY" ())

data/README.md

@@ -27,6 +27,7 @@ Mihari supports the following services by default.
 - [SecurityTrails](https://securitytrails.com/)
 - [Shodan](https://shodan.io)
 - [urlscan.io](https://urlscan.io)
+- [Validin](https://validin.com)
 - [VirusTotal](http://virustotal.com) & [VirusTotal Intelligence](https://www.virustotal.com/gui/intelligence-overview)
 - [ZoomEye](https://zoomeye.org)
 

data/Rakefile

@@ -3,8 +3,9 @@
 require "time"
 
 require "rspec/core/rake_task"
-require "standard/rake"
+require "rubocop/rake_task"
 
+RuboCop::RakeTask.new
 RSpec::Core::RakeTask.new(:spec)
 
 task default: :spec
@@ -67,6 +68,7 @@ namespace :build do
   end
 end
 
+desc "Build including Swagger doc and frontend assets"
 task :build do
   Rake::Task["build:swagger"].invoke
   Rake::Task["build:frontend"].invoke

data/lefthook.yml

@@ -1,8 +1,8 @@
 pre-commit:
   commands:
-    standard:
+    rubocop:
       glob: "*.rb"
-      run: bundle exec standardrb --fix {staged_files}
+      run: bundle exec rubocop --fix {staged_files}
       stage_fixed: true
     eslint:
       root: "frontend/"
@@ -19,5 +19,5 @@ pre-commit:
       glob: "*.{js,ts,vue}"
       run: npm run type-check
     actionlint:
-      glob: ".github/workflows/*.yaml"
-      run: actionlint
+      glob: ".github/workflows/*.{yaml,yml}"
+      run: actionlint {staged_files}

data/lib/mihari/analyzers/validin.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require "mihari/clients/validin"
+
+module Mihari
+  module Analyzers
+    #
+    # Validin analyzer
+    #
+    class Validin < Base
+      include Concerns::Refangable
+
+      # @return [String, nil]
+      attr_reader :type
+
+      # @return [String, nil]
+      attr_reader :username
+
+      # @return [String, nil]
+      attr_reader :api_key
+
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(refang(query), options:)
+
+        @type = DataType.type(query)
+
+        @api_key = api_key || Mihari.config.validin_api_key
+      end
+
+      def artifacts
+        case type
+        when "domain"
+          dns_history_search
+        when "ip"
+          reverse_ip_search
+        else
+          raise ValueError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+        end
+      end
+
+      private
+
+      def dns_history_search
+        res = client.dns_history_search(query)
+        (res.dig("records", "A") || []).filter_map do |r|
+          r["value"]
+        end
+      end
+
+      def reverse_ip_search
+        res = client.dns_history_search(query)
+        (res.dig("records", "A") || []).filter_map do |r|
+          r["value"]
+        end
+      end
+
+      def client
+        Clients::Validin.new(api_key:, timeout:)
+      end
+
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
+      def valid_type?
+        %w[ip domain].include? type
+      end
+    end
+  end
+end

data/lib/mihari/clients/crtsh.rb

@@ -12,7 +12,7 @@ module Mihari
       # @param [Integer, nil] timeout
       #
       def initialize(base_url = "https://crt.sh", headers: {}, timeout: nil)
-        super(base_url, headers:, timeout:)
+        super
       end
 
       #

data/lib/mihari/clients/dnstwister.rb

@@ -12,7 +12,7 @@ module Mihari
       # @param [Integer, nil] timeout
       #
       def initialize(base_url = "https://dnstwister.report", headers: {}, timeout: nil)
-        super(base_url, headers:, timeout:)
+        super
       end
 
       #

data/lib/mihari/clients/google_public_dns.rb

@@ -12,7 +12,7 @@ module Mihari
       # @param [Integer, nil] timeout
       #
       def initialize(base_url = "https://dns.google", headers: {}, timeout: nil)
-        super(base_url, headers:, timeout:)
+        super
       end
 
       #

data/lib/mihari/clients/mmdb.rb

@@ -12,7 +12,7 @@ module Mihari
       # @param [Integer, nil] timeout
       #
       def initialize(base_url = "https://ip.circl.lu", headers: {}, timeout: nil)
-        super(base_url, headers:, timeout:)
+        super
       end
 
       #

data/lib/mihari/clients/shodan_internet_db.rb

@@ -12,7 +12,7 @@ module Mihari
       # @param [Integer, nil] timeout
       #
       def initialize(base_url = "https://internetdb.shodan.io", headers: {}, timeout: nil)
-        super(base_url, headers:, timeout:)
+        super
       end
 
       #

data/lib/mihari/clients/validin.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Clients
+    #
+    # Validin API client
+    #
+    class Validin < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      # @param [Integer, nil] timeout
+      #
+      def initialize(
+        base_url = "https://app.validin.com",
+        api_key:,
+        headers: {},
+        timeout: nil
+      )
+        raise(ArgumentError, "api_key is required") if api_key.nil?
+
+        headers["Authorization"] = "Bearer #{api_key}"
+
+        super(base_url, headers:, timeout:)
+      end
+
+      #
+      # @param [String] domain
+      #
+      # @return [Hash]
+      #
+      def dns_history_search(domain)
+        get_json "/api/axon/domain/dns/history/#{domain}/A"
+      end
+
+      #
+      # @param [String] ip
+      #
+      # @return [Hash]
+      #
+      def search_reverse_ip(ip)
+        get_json "/api/axon/ip/dns/history/#{ip}"
+      end
+    end
+  end
+end

data/lib/mihari/config.rb

@@ -33,6 +33,7 @@ module Mihari
       thehive_api_key: nil,
       thehive_url: nil,
       urlscan_api_key: nil,
+      validin_api_key: nil,
       virustotal_api_key: nil,
       yeti_api_key: nil,
       yeti_url: nil,
@@ -122,6 +123,9 @@ module Mihari
     # @!attribute [r] urlscan_api_key
     #   @return [String, nil]
 
+    # @!attribute [r] validin_api_key
+    #   @return [String, nil]
+
     # @!attribute [r] virustotal_api_key
     #   @return [String, nil]
 

data/lib/mihari/enrichers/base.rb

@@ -10,7 +10,7 @@ module Mihari
       # @param [Hash, nil] options
       #
       def initialize(options: nil)
-        super(options:)
+        super
       end
 
       #

data/lib/mihari/schemas/analyzer.rb

@@ -15,6 +15,7 @@ module Mihari
         Mihari::Analyzers::Onyphe.keys,
         Mihari::Analyzers::Shodan.keys,
         Mihari::Analyzers::Urlscan.keys,
+        Mihari::Analyzers::Validin.keys,
         Mihari::Analyzers::VirusTotalIntelligence.keys
       ].each do |keys|
         key = keys.first

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "7.6.0"
+  VERSION = "7.6.2"
 end