mihari 0.5.2 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d0d889b6f04bff599f1dbb8eac861469500061e5ef4c3f48e4e4624d0c4ce57a
-  data.tar.gz: 0201ba42b96271982b78d28ac7f8c01f0e34a398d5f897b5e5b1e7f0fb1573cb
+  metadata.gz: 487e9fb5b564d2f9edfdd225c5188dd8505e282a106ffd6434c159f1a05bf6b5
+  data.tar.gz: 2149a69537d25d65cd7a036190351d0d89e8bf5a6fe99f79076f8328445f21b1
 SHA512:
-  metadata.gz: b32e5330ba7f77c9c2a6411de65ef91bd49a7798bef817c0ed2ae76ee8818c81dd4e3b24970361017ba60dbb9c629b508bb13abf0ffa81978c0bca8d1c9fc1df
-  data.tar.gz: 9ec9fc6d441b83f0e337f4af7647ddd7a15600c7cfb371e4a05dba066e3a6bf8933a43261b27b76f24ea474a69b1da48e98b4cf22edd2ffdf5cc7697b7e6b69b
+  metadata.gz: 437dc50a254afd8a0f444224665a47fab6bd0314ad403df2f83f2bca719ac5172064348306146e97647e41b7bb87502845e4459480660500763f8fe63126c4ed
+  data.tar.gz: 704c26e0a0a62e7481bb185a6e0af2823dcf528bb49224ab6620215b66f7bec082d8fa52aa1d0d093470fb5b1e0a2afe6f81c25e181071eb73fede734b144106

data/README.md

@@ -39,13 +39,16 @@ mihari supports Censys, Shodan, Onyphe, urlscan and VirusTotal by default.
 ```bash
 $ mihari
 Commands:
+  mihari alerts                  # Show the alerts on TheHive
   mihari censys [QUERY]          # Censys IPv4 lookup by a given query
   mihari help [COMMAND]          # Describe available commands or one specific command
   mihari import_from_json        # Give a JSON input via STDIN
   mihari onyphe [QUERY]          # Onyphe datascan lookup by a given query
   mihari shodan [QUERY]          # Shodan host lookup by a given query
+  mihari status                  # Show the current configuration status
   mihari urlscan [QUERY]         # urlscan lookup by a given query
   mihari virustotal [IP|DOMAIN]  # VirusTotal resolutions lookup by a given ip or domain
+
 ```
 
 ### Import from JSON

data/lib/mihari.rb

@@ -44,4 +44,6 @@ require "mihari/emitters/the_hive"
 
 require "mihari/alert_viewer"
 
+require "mihari/status"
+
 require "mihari/cli"

data/lib/mihari/analyzers/urlscan.rb

@@ -10,8 +10,9 @@ module Mihari
       attr_reader :description
       attr_reader :query
       attr_reader :tags
+      attr_reader :target_type
 
-      def initialize(query, title: nil, description: nil, tags: [])
+      def initialize(query, title: nil, description: nil, tags: [], target_type: "url")
         super()
 
         @api = ::UrlScan::API.new
@@ -19,6 +20,9 @@ module Mihari
         @title = title || "urlscan lookup"
         @description = description || "query = #{query}"
         @tags = tags
+        @target_type = target_type
+
+        raise ArgumentError, "type should be url, domain or ip." unless valid_target_type?
       end
 
       def artifacts
@@ -27,7 +31,7 @@ module Mihari
 
         results = result.dig("results") || []
         results.map do |match|
-          match.dig "task", "url"
+          match.dig "page", target_type
         end.compact.uniq
       end
 
@@ -38,6 +42,10 @@ module Mihari
       rescue ::UrlScan::ResponseError => _e
         nil
       end
+
+      def valid_target_type?
+        %w(url domain ip).include? target_type
+      end
     end
   end
 end

data/lib/mihari/cli.rb

@@ -39,6 +39,7 @@ module Mihari
     method_option :title, type: :string, desc: "title"
     method_option :description, type: :string, desc: "description"
     method_option :tags, type: :array, desc: "tags"
+    method_option :target_type, type: :string, default: "url", desc: "target type to fetch from lookup results (target type should be 'url', 'domain' or 'ip')"
     def urlscan(query)
       with_error_handling do
         run_analyzer Analyzers::Urlscan, query: query, options: options
@@ -84,6 +85,13 @@ module Mihari
       end
     end
 
+    desc "status", "Show the current configuration status"
+    def status
+      with_error_handling do
+        puts JSON.pretty_generate(Status.check)
+      end
+    end
+
     no_commands do
       def with_error_handling
         yield
@@ -104,13 +112,15 @@ module Mihari
       end
 
       def run_analyzer(analyzer_class, query:, options:)
-        title = options.dig("title")
-        description = options.dig("description")
-        tags = options.dig("tags") || []
+        options = symbolize_hash_keys(options)
 
-        analyzer = analyzer_class.new(query, title: title, description: description, tags: tags)
+        analyzer = analyzer_class.new(query, **options)
         analyzer.run
       end
+
+      def symbolize_hash_keys(hash)
+        hash.map{ |k, v| [k.to_sym, v] }.to_h
+      end
     end
   end
 end

data/lib/mihari/status.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module Mihari
+  class Status
+    def check
+      {
+        shodan: { status: shodan?, message: shodan },
+        slack: { status: slack?, message: slack },
+        censys: { status: censys?, message: censys },
+        virustotal: { status: virustotal?, message: virustotal },
+        onyphe: { status: onyphe?, message: onyphe },
+        the_hive: { status: the_hive?, message: the_hive },
+      }.map do |key, value|
+        [key, convert(value)]
+      end.to_h
+    end
+
+    def self.check
+      new.check
+    end
+
+    private
+
+    def convert(status:, message:)
+      {
+        status: status ? "OK" : "Bad",
+        message: message
+      }
+    end
+
+    def virustotal?
+      ENV.key?("VIRUSTOTAL_API_KEY")
+    end
+
+    def virustotal
+      virustotal? ? "VIRUSTOTAL_API_KEY is found" : "VIRUSTOTAL_API_KEY is missing"
+    end
+
+    def onyphe?
+      ENV.key? "ONYPHE_API_KEY"
+    end
+
+    def onyphe
+      onyphe? ? "ONYPHE_API_KEY is found" : "ONYPHE_API_KEY is missing"
+    end
+
+    def censys?
+      ENV.key?("CENSYS_ID") && ENV.key?("CENSYS_SECRET")
+    end
+
+    def censys
+      censys? ? "CENSYS_ID and CENSYS_SECRET are found" : "CENSYS_ID and CENSYS_SECRET are missing"
+    end
+
+    def shodan?
+      ENV.key? "SHODAN_API_KEY"
+    end
+
+    def shodan
+      shodan? ? "SHODAN_API_KEY is found" : "SHODAN_API_KEY is missing"
+    end
+
+    def slack?
+      ENV.key? "SLACK_WEBHOOK_URL"
+    end
+
+    def slack
+      slack? ? "SLACK_WEBHOOK_URL is found" : "SLACK_WEBHOOK_URL is missing"
+    end
+
+    def the_hive?
+      ENV.key?("THEHIVE_API_ENDPOINT") && ENV.key?("THEHIVE_API_KEY")
+    end
+
+    def the_hive
+      the_hive? ? "THEHIVE_API_ENDPOINT and THEHIVE_API_KEY are found" : "THEHIVE_API_ENDPOINT and THEHIVE_API_KEY are are missing"
+    end
+  end
+end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "0.5.2"
+  VERSION = "0.6.0"
 end

data/mihari.gemspec

@@ -29,9 +29,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "rspec", "~> 3.8"
   spec.add_development_dependency "vcr", "~> 5.0"
-  spec.add_development_dependency "webmock", "~> 3.6"
+  spec.add_development_dependency "webmock", "~> 3.7"
 
-  spec.add_dependency "addressable", "~> 2.6"
+  spec.add_dependency "addressable", "~> 2.7"
   spec.add_dependency "censu", "~> 0.2"
   spec.add_dependency "email_address", "~> 0.1"
   spec.add_dependency "hachi", "~> 0.2"
@@ -42,6 +42,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "shodanx", "~> 0.1"
   spec.add_dependency "slack-notifier", "~> 2.3"
   spec.add_dependency "thor", "~> 0.20"
-  spec.add_dependency "urlscan", "~> 0.2"
+  spec.add_dependency "urlscan", "~> 0.3"
   spec.add_dependency "virustotalx", "~> 0.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.6.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-08-17 00:00:00.000000000 Z
+date: 2019-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -86,28 +86,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: censu
   requirement: !ruby/object:Gem::Requirement
@@ -254,14 +254,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: virustotalx
   requirement: !ruby/object:Gem::Requirement
@@ -315,6 +315,7 @@ files:
 - lib/mihari/notifiers/base.rb
 - lib/mihari/notifiers/exception_notifier.rb
 - lib/mihari/notifiers/slack.rb
+- lib/mihari/status.rb
 - lib/mihari/the_hive.rb
 - lib/mihari/the_hive/alert.rb
 - lib/mihari/the_hive/artifact.rb