mihari 0.5.1 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6409ca38527e133337f4dbe174615e3c84aff5d4d82effcc40d57e63c0a6f80c
-  data.tar.gz: 6814631990a33c3c3363863d7e9c00d8d3d1ca4f48f0862226cc5416e7be1a14
+  metadata.gz: d0d889b6f04bff599f1dbb8eac861469500061e5ef4c3f48e4e4624d0c4ce57a
+  data.tar.gz: 0201ba42b96271982b78d28ac7f8c01f0e34a398d5f897b5e5b1e7f0fb1573cb
 SHA512:
-  metadata.gz: 5693f87250cd3f23047932adc24a781074038ebaf34c3a2a4aabc921446053df0f426a259b1cc51d49f0dae5e9f6fdf64a8391dcb45f7c323267051b8b2823fd
-  data.tar.gz: d5337291e107b38a69ef4d70900b3c90a2c8f5eba13cdc96efb30ded29ff90fa6f0eec08595045fb3407d094f37d9572a458292686088b74b29a3f8e96888c69
+  metadata.gz: b32e5330ba7f77c9c2a6411de65ef91bd49a7798bef817c0ed2ae76ee8818c81dd4e3b24970361017ba60dbb9c629b508bb13abf0ffa81978c0bca8d1c9fc1df
+  data.tar.gz: 9ec9fc6d441b83f0e337f4af7647ddd7a15600c7cfb371e4a05dba066e3a6bf8933a43261b27b76f24ea474a69b1da48e98b4cf22edd2ffdf5cc7697b7e6b69b

data/lib/mihari/analyzers/censys.rb

@@ -14,15 +14,15 @@ module Mihari
       CENSYS_ID_KEY = "CENSYS_ID"
       CENSYS_SECRET_KEY = "CENSYS_SECRET"
 
-      def initialize(query, tags: [])
+      def initialize(query, title: nil, description: nil, tags: [])
         super()
 
         raise ArgumentError, "#{CENSYS_ID_KEY} and #{CENSYS_SECRET_KEY} are required" unless valid?
 
         @api = ::Censys::API.new
         @query = query
-        @title = "Censys lookup"
-        @description = "query = #{query}"
+        @title = title || "Censys lookup"
+        @description = description || "query = #{query}"
         @tags = tags
       end
 

data/lib/mihari/analyzers/onyphe.rb

@@ -11,13 +11,13 @@ module Mihari
       attr_reader :query
       attr_reader :tags
 
-      def initialize(query, tags: [])
+      def initialize(query, title: nil, description: nil, tags: [])
         super()
 
         @api = ::Onyphe::API.new
         @query = query
-        @title = "Onyphe lookup"
-        @description = "query = #{query}"
+        @title = title || "Onyphe lookup"
+        @description = description || "query = #{query}"
         @tags = tags
       end
 

data/lib/mihari/analyzers/shodan.rb

@@ -11,13 +11,13 @@ module Mihari
       attr_reader :query
       attr_reader :tags
 
-      def initialize(query, tags: [])
+      def initialize(query, title: nil, description: nil, tags: [])
         super()
 
         @api = ::Shodan::API.new
         @query = query
-        @title = "Shodan lookup"
-        @description = "query = #{query}"
+        @title = title || "Shodan lookup"
+        @description = description || "query = #{query}"
         @tags = tags
       end
 

data/lib/mihari/analyzers/urlscan.rb

@@ -11,13 +11,13 @@ module Mihari
       attr_reader :query
       attr_reader :tags
 
-      def initialize(query, tags: [])
+      def initialize(query, title: nil, description: nil, tags: [])
         super()
 
         @api = ::UrlScan::API.new
         @query = query
-        @title = "urlscan lookup"
-        @description = "query = #{query}"
+        @title = title || "urlscan lookup"
+        @description = description || "query = #{query}"
         @tags = tags
       end
 

data/lib/mihari/analyzers/virustotal.rb

@@ -13,15 +13,15 @@ module Mihari
       attr_reader :description
       attr_reader :tags
 
-      def initialize(indicator, tags: [])
+      def initialize(indicator, title: nil, description: nil, tags: [])
         super()
 
         @api = ::VirusTotal::API.new
         @indicator = indicator
         @type = TypeChecker.type(indicator)
 
-        @title = "VirusTotal lookup"
-        @description = "indicator = #{indicator}"
+        @title = title || "VirusTotal lookup"
+        @description = description || "indicator = #{indicator}"
         @tags = tags
       end
 

data/lib/mihari/cli.rb

@@ -6,52 +6,52 @@ require "json"
 module Mihari
   class CLI < Thor
     desc "censys [QUERY]", "Censys IPv4 lookup by a given query"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
     def censys(query)
       with_error_handling do
-        tags = options.dig("tags") || []
-        censys = Analyzers::Censys.new(query, tags: tags)
-        censys.run
+        run_analyzer Analyzers::Censys, query: query, options: options
       end
     end
 
     desc "shodan [QUERY]", "Shodan host lookup by a given query"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
     def shodan(query)
       with_error_handling do
-        tags = options.dig("tags") || []
-        shodan = Analyzers::Shodan.new(query, tags: tags)
-        shodan.run
+        run_analyzer Analyzers::Shodan, query: query, options: options
       end
     end
 
     desc "onyphe [QUERY]", "Onyphe datascan lookup by a given query"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
     def onyphe(query)
       with_error_handling do
-        tags = options.dig("tags") || []
-        onyphe = Analyzers::Onyphe.new(query, tags: tags)
-        onyphe.run
+        run_analyzer Analyzers::Onyphe, query: query, options: options
       end
     end
 
     desc "urlscan [QUERY]", "urlscan lookup by a given query"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
     def urlscan(query)
       with_error_handling do
-        tags = options.dig("tags") || []
-        urlscan = Analyzers::Urlscan.new(query, tags: tags)
-        urlscan.run
+        run_analyzer Analyzers::Urlscan, query: query, options: options
       end
     end
 
     desc "virustotal [IP|DOMAIN]", "VirusTotal resolutions lookup by a given ip or domain"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
     def virustotal(indiactor)
       with_error_handling do
-        tags = options.dig("tags") || []
-        virustotal = Analyzers::VirusTotal.new(indiactor, tags: tags)
-        virustotal.run
+        run_analyzer Analyzers::VirusTotal, query: indiactor, options: options
       end
     end
 
@@ -102,6 +102,15 @@ module Mihari
       def valid_json?(json)
         %w(title description artifacts).all? { |key| json.key? key }
       end
+
+      def run_analyzer(analyzer_class, query:, options:)
+        title = options.dig("title")
+        description = options.dig("description")
+        tags = options.dig("tags") || []
+
+        analyzer = analyzer_class.new(query, title: title, description: description, tags: tags)
+        analyzer.run
+      end
     end
   end
 end

data/lib/mihari/emitters/slack.rb

@@ -16,32 +16,26 @@ module Mihari
         @data_type = data_type
       end
 
-      def fields
-        [vt_link, urlscan_link].compact
-      end
-
       def actions
-        [vt_link, urlscan_link].compact
+        [vt_link, urlscan_link, censys_link].compact
       end
 
       def vt_link
         return nil unless _vt_link
 
-        {
-          type: "button",
-          text: "Lookup on VirusTotal",
-          url: _vt_link,
-        }
+        { type: "button", text: "Lookup on VirusTotal", url: _vt_link, }
       end
 
       def urlscan_link
         return nil unless _urlscan_link
 
-        {
-          type: "button",
-          text: "Lookup on urlscan.io",
-          url: _urlscan_link,
-        }
+        { type: "button", text: "Lookup on urlscan.io", url: _urlscan_link, }
+      end
+
+      def censys_link
+        return nil unless _censys_link
+
+        { type: "button", text: "Lookup on Censys", url: _censys_link, }
       end
 
       # @return [Array]
@@ -88,6 +82,11 @@ module Mihari
       end
       memoize :_vt_link
 
+      def _censys_link
+        data_type == "ip" ? "https://censys.io/ipv4/#{data}" : nil
+      end
+      memoize :_censys_link
+
       # @return [String]
       def sha256
         Digest::SHA256.hexdigest data

data/lib/mihari/notifiers/exception_notifier.rb

@@ -7,7 +7,7 @@ module Mihari
     class ExceptionNotifier
       def initialize
         @backtrace_lines = 10
-        @color = 'danger'
+        @color = "danger"
 
         @slack = Notifiers::Slack.new
       end
@@ -44,20 +44,20 @@ module Mihari
       end
 
       def to_text(exception_class)
-        measure_word = /^[aeiou]/i.match?(exception_class.to_s) ? 'An' : 'A'
+        measure_word = /^[aeiou]/i.match?(exception_class.to_s) ? "An" : "A"
         exception_name = "*#{measure_word}* `#{exception_class}`"
         "#{exception_name} *occured in background*\n"
       end
 
       def to_fields(clean_message, backtrace)
         fields = [
-          { title: 'exception', value: clean_message },
-          { title: 'Hostname', value: hostname }
+          { title: "Exception", value: clean_message },
+          { title: "Hostname", value: hostname }
         ]
 
         if backtrace
           formatted_backtrace = format_backtrace(backtrace)
-          fields << { title: 'Backtrace', value: formatted_backtrace }
+          fields << { title: "Backtrace", value: formatted_backtrace }
         end
         fields
       end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "0.5.1"
+  VERSION = "0.5.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.2
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-08-16 00:00:00.000000000 Z
+date: 2019-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler