mihari 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 288de64c354401afb06966aeff20d8cbf16ad7c2fa7ba16fe3caffc473885a48
-  data.tar.gz: 70416695adc834d0cb3b52410fa9665a163708d2be6e3544dde41f821e37e88b
+  metadata.gz: 6117c49bfadf5c4d263727d684ac3f54f5296860078a8b65e4bdf9274574eaf7
+  data.tar.gz: f06c30c6abc0d61eda4beafa42be1f8034bea0478142fc0e15b36a4f3cde20ad
 SHA512:
-  metadata.gz: a6042c43edc0817d926683694ed98decc52d35b3177b312bd36d2573b818a99add3a3a8317ae08f5a7172249422335f266595382828428fde7e5ea7017205407
-  data.tar.gz: 51135d5070b5f1697e0a51495de13b2e34c4e1eea2f91989ea2ae5301e65d851f52e7a963edaa7d5480f83ef720f893de404ee32ee30c458353fa9a9b1ef392b
+  metadata.gz: e49d5771be75ef6277c3169abccd5cd67e349493c67fee2e1fbcd3e9b08d4c3bbc7855c78d7466017ef8f17b7356205acc1a50c43be83abfd5c3194d02115edc
+  data.tar.gz: f472ece83577e3c3e14297cb6b5b5349f8d9f906f8ba0d27ffbf4d8bf132dd0b3726877fa2a6d7f9770bce9a483d75c8154d0e7b058b3d9bb2ddfb7aa9390196

data/README.md

@@ -34,22 +34,23 @@ gem install mihari
 
 ## Basic usage
 
-mihari supports Censys, Shodan, Onyphe, urlscan and VirusTotal by default.
+mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh and VirusTotal by default.
 
 ```bash
 $ mihari
 Commands:
-  mihari alerts                      # Show the alerts on TheHive
-  mihari censys [QUERY]              # Censys IPv4 lookup by a given query
-  mihari crtsh [QUERY]               # crt.sh lookup by a given query
-  mihari help [COMMAND]              # Describe available commands or one specific command
-  mihari import_from_json            # Give a JSON input via STDIN
-  mihari onyphe [QUERY]              # Onyphe datascan lookup by a given query
-  mihari securitytrails [IP|DOMAIN]  # SecurityTrails resolutions lookup by a given ip or domain
-  mihari shodan [QUERY]              # Shodan host lookup by a given query
-  mihari status                      # Show the current configuration status
-  mihari urlscan [QUERY]             # urlscan lookup by a given query
-  mihari virustotal [IP|DOMAIN]      # VirusTotal resolutions lookup by a given ip or domain
+  mihari alerts                               # Show the alerts on TheHive
+  mihari censys [QUERY]                       # Censys IPv4 lookup by a given query
+  mihari crtsh [QUERY]                        # crt.sh lookup by a given query
+  mihari help [COMMAND]                       # Describe available commands or one specific command
+  mihari import_from_json                     # Give a JSON input via STDIN
+  mihari onyphe [QUERY]                       # Onyphe datascan lookup by a given query
+  mihari securitytrails [IP|DOMAIN]           # SecurityTrails resolutions lookup by a given ip or domain
+  mihari securitytrails_domain_feed [REGEXP]  # SecurityTrails new domain feed lookup by a given regexp
+  mihari shodan [QUERY]                       # Shodan host lookup by a given query
+  mihari status                               # Show the current configuration status
+  mihari urlscan [QUERY]                      # urlscan lookup by a given query
+  mihari virustotal [IP|DOMAIN]               # VirusTotal resolutions lookup by a given ip or domain
 
 ```
 

data/lib/mihari.rb

@@ -31,6 +31,7 @@ require "mihari/analyzers/censys"
 require "mihari/analyzers/crtsh"
 require "mihari/analyzers/onyphe"
 require "mihari/analyzers/securitytrails"
+require "mihari/analyzers/securitytrails_domain_feed"
 require "mihari/analyzers/shodan"
 require "mihari/analyzers/urlscan"
 require "mihari/analyzers/virustotal"

data/lib/mihari/analyzers/securitytrails_domain_feed.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require "securitytrails"
+
+module Mihari
+  module Analyzers
+    class SecurityTrailsDomainFeed < Base
+      attr_reader :api
+      attr_reader :type
+
+      attr_reader :title
+      attr_reader :description
+      attr_reader :tags
+
+      def initialize(regexp, type: "registered", title: nil, description: nil, tags: [])
+        super()
+
+        @api = ::SecurityTrails::API.new
+        @_regexp = regexp
+        @type = type
+
+        raise ArgumentError, "#{@_regexp} is not a valid regexp" unless regexp
+        raise ArgumentError, "#{type} is not a valid type" unless valid_type?
+
+        @title = title || "SecurityTrails domain feed lookup"
+        @description = description || "Regexp = /#{@_regexp}/"
+        @tags = tags
+      end
+
+      def artifacts
+        lookup || []
+      end
+
+      private
+
+      def valid_type?
+        %w(all new registered).include? type
+      end
+
+      def regexp
+        @regexp ||= Regexp.compile(@_regexp)
+      rescue TypeError => _e
+        nil
+      end
+
+      def lookup
+        new_domains.select do |domain|
+          regexp.match? domain
+        end
+      rescue ::SecurityTrails::Error => _e
+        nil
+      end
+
+      def new_domains
+        api.feeds.domains type
+      end
+    end
+  end
+end

data/lib/mihari/cli.rb

@@ -65,6 +65,19 @@ module Mihari
         run_analyzer Analyzers::SecurityTrails, query: indiactor, options: options
       end
     end
+    map "st" => :securitytrails
+
+    desc "securitytrails_domain_feed [REGEXP]", "SecurityTrails new domain feed lookup by a given regexp"
+    method_option :title, type: :string, desc: "title"
+    method_option :description, type: :string, desc: "description"
+    method_option :tags, type: :array, desc: "tags"
+    method_option :type, type: :string, default: "registered", desc: "A type of domain feed ('all', 'new' or 'registered')"
+    def securitytrails_domain_feed(regexp)
+      with_error_handling do
+        run_analyzer Analyzers::SecurityTrailsDomainFeed, query: regexp, options: options
+      end
+    end
+    map "st_domain_feed" => :securitytrails_domain_feed
 
     desc "crtsh [QUERY]", "crt.sh lookup by a given query"
     method_option :title, type: :string, desc: "title"

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "0.7.0"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-09-03 00:00:00.000000000 Z
+date: 2019-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -332,6 +332,7 @@ files:
 - lib/mihari/analyzers/crtsh.rb
 - lib/mihari/analyzers/onyphe.rb
 - lib/mihari/analyzers/securitytrails.rb
+- lib/mihari/analyzers/securitytrails_domain_feed.rb
 - lib/mihari/analyzers/shodan.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb