mihari 0.17.2 → 0.17.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -6
- data/lib/mihari/cli.rb +1 -1
- data/lib/mihari/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4cb8eb51d1aeff148fce824719c4c6b7730a19cc4c69434318cef07c26cf6b81
|
|
4
|
+
data.tar.gz: 8442809cef20850e40f203ee1dd91a448846c372d3595fae0c35429b4209795a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5b772bace499921b8ddd53f09a9a908e143cfff6ac21604c31656f8313d850c2a5b588048e913ef8d51cb0c8efacc1a5babcca8b649f73b729a324565d2543a4
|
|
7
|
+
data.tar.gz: db0c6ef09b91a6fe15be0412f0b980246bbe049c58f19e2bc79ce17f8ed7956e027e6d072983db7fe49581083821a2728a27e5df1c42c723c69618bdc4ac0792
|
data/README.md
CHANGED
|
@@ -6,12 +6,12 @@
|
|
|
6
6
|
[](https://coveralls.io/github/ninoseki/mihari?branch=master)
|
|
7
7
|
[](https://www.codefactor.io/repository/github/ninoseki/mihari)
|
|
8
8
|
|
|
9
|
-
Mihari is a
|
|
9
|
+
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting.
|
|
10
10
|
|
|
11
11
|
## How it works
|
|
12
12
|
|
|
13
13
|
- Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts from the results.
|
|
14
|
-
- Mihari checks whether TheHive contains the artifacts or not.
|
|
14
|
+
- Mihari checks whether [TheHive](https://thehive-project.org/) contains the artifacts or not.
|
|
15
15
|
- If it doesn't contain the artifacts:
|
|
16
16
|
- Mihari creates an alert on TheHive.
|
|
17
17
|
- Mihari sends a notification to Slack. (Optional)
|
|
@@ -229,10 +229,10 @@ The input is a JSON data should have `title`, `description` and `artifacts` key.
|
|
|
229
229
|
|
|
230
230
|
Configuration can be done via environment variables or a YAML file.
|
|
231
231
|
|
|
232
|
-
| Key | Desc. |
|
|
232
|
+
| Key | Desc. | Recommended or optional |
|
|
233
233
|
|------------------------|--------------------------------|--------------------------------|
|
|
234
|
-
| THEHIVE_API_ENDPOINT | TheHive URL |
|
|
235
|
-
| THEHIVE_API_KEY | TheHive API key |
|
|
234
|
+
| THEHIVE_API_ENDPOINT | TheHive URL | Recommended |
|
|
235
|
+
| THEHIVE_API_KEY | TheHive API key | Recommended |
|
|
236
236
|
| MISP_API_ENDPOINT | MISP URL | Optional |
|
|
237
237
|
| MISP_API_KEY | MISP API key | Optional |
|
|
238
238
|
| SLACK_WEBHOOK_URL | Slack Webhook URL | Optional |
|
|
@@ -258,7 +258,7 @@ Instead of using environment variables, you can use a YAML file for configuratio
|
|
|
258
258
|
mihari virustotal 1.1.1.1 --config /path/to/yaml.yml
|
|
259
259
|
```
|
|
260
260
|
|
|
261
|
-
The YAML file should be a hash like below:
|
|
261
|
+
The YAML file should be a YAML hash like below:
|
|
262
262
|
|
|
263
263
|
```yaml
|
|
264
264
|
thehive_api_endpoint: https://localhost
|
data/lib/mihari/cli.rb
CHANGED
|
@@ -247,7 +247,7 @@ module Mihari
|
|
|
247
247
|
end
|
|
248
248
|
|
|
249
249
|
desc "alerts", "Show the alerts on TheHive"
|
|
250
|
-
method_option :limit, default: 5, desc: "Number of alerts to show (or 'all' to show all the alerts)"
|
|
250
|
+
method_option :limit, type: :string, default: "5", desc: "Number of alerts to show (or 'all' to show all the alerts)"
|
|
251
251
|
def alerts
|
|
252
252
|
with_error_handling do
|
|
253
253
|
viewer = AlertViewer.new(limit: options["limit"])
|
data/lib/mihari/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.17.
|
|
4
|
+
version: 0.17.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-01-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|