mihari 2.3.1 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mihari.rb +1 -0
- data/lib/mihari/config.rb +3 -1
- data/lib/mihari/emitters/slack.rb +0 -3
- data/lib/mihari/emitters/webhook.rb +60 -0
- data/lib/mihari/notifiers/slack.rb +0 -1
- data/lib/mihari/version.rb +1 -1
- data/mihari.gemspec +4 -4
- metadata +11 -11
- data/lib/mihari/slack_monkeypatch.rb +0 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 388f48a9001d38fd83f4a6d527d7c5826a490be1d339596d174a9f619a78cb0c
|
|
4
|
+
data.tar.gz: 7e0a6e2fcbe9ad1792c21472b8be7706a86b09fbbce951edb1829a76493aaedc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dfcde6c4fa80ae12c56606157c6800c7e321cef71ed3e4aa9250805ea51126c74a19b3f73040630d169966fb17d834d8c45b37cc6f7baa808d7eea3e7c585fb9
|
|
7
|
+
data.tar.gz: d477cdcc4b4075e7671263f32ed5e81daad42e499eded5dffcecfba2d7568b779e99010a64a271a652db3f928800506cb6a4c7cf4060816742d4bb8d5bbec86a
|
data/lib/mihari.rb
CHANGED
data/lib/mihari/config.rb
CHANGED
|
@@ -4,7 +4,7 @@ require "yaml"
|
|
|
4
4
|
|
|
5
5
|
module Mihari
|
|
6
6
|
class Config
|
|
7
|
-
attr_accessor :binaryedge_api_key, :censys_id, :censys_secret, :circl_passive_password, :circl_passive_username, :misp_api_endpoint, :misp_api_key, :onyphe_api_key, :otx_api_key, :passivetotal_api_key, :passivetotal_username, :pulsedive_api_key, :securitytrails_api_key, :shodan_api_key, :slack_channel, :slack_webhook_url, :spyse_api_key, :thehive_api_endpoint, :thehive_api_key, :urlscan_api_key, :virustotal_api_key, :zoomeye_api_key, :database
|
|
7
|
+
attr_accessor :binaryedge_api_key, :censys_id, :censys_secret, :circl_passive_password, :circl_passive_username, :misp_api_endpoint, :misp_api_key, :onyphe_api_key, :otx_api_key, :passivetotal_api_key, :passivetotal_username, :pulsedive_api_key, :securitytrails_api_key, :shodan_api_key, :slack_channel, :slack_webhook_url, :spyse_api_key, :thehive_api_endpoint, :thehive_api_key, :urlscan_api_key, :virustotal_api_key, :zoomeye_api_key, :webhook_url, :webhook_use_json_body, :database
|
|
8
8
|
|
|
9
9
|
def initialize
|
|
10
10
|
load_from_env
|
|
@@ -33,6 +33,8 @@ module Mihari
|
|
|
33
33
|
@urlscan_api_key = ENV["URLSCAN_API_KEY"]
|
|
34
34
|
@virustotal_api_key = ENV["VIRUSTOTAL_API_KEY"]
|
|
35
35
|
@zoomeye_api_key = ENV["ZOOMEYE_API_KEY"]
|
|
36
|
+
@webhook_url = ENV["WEBHOOK_URL"]
|
|
37
|
+
@webhook_use_json_body = ENV["WEBHOOK_USE_JSON_BODY"]
|
|
36
38
|
|
|
37
39
|
@database = ENV["DATABASE"] || "mihari.db"
|
|
38
40
|
end
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "json"
|
|
4
|
+
require "net/http"
|
|
5
|
+
require "uri"
|
|
6
|
+
|
|
7
|
+
module Mihari
|
|
8
|
+
module Emitters
|
|
9
|
+
class Webhook < Base
|
|
10
|
+
# @return [true, false]
|
|
11
|
+
def valid?
|
|
12
|
+
webhook_url?
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def emit(title:, description:, artifacts:, source:, tags:)
|
|
16
|
+
return if artifacts.empty?
|
|
17
|
+
|
|
18
|
+
uri = URI(Mihari.config.webhook_url)
|
|
19
|
+
data = {
|
|
20
|
+
title: title,
|
|
21
|
+
description: description,
|
|
22
|
+
artifacts: artifacts.map(&:data),
|
|
23
|
+
source: source,
|
|
24
|
+
tags: tags
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
if use_json_body
|
|
28
|
+
Net::HTTP.post(uri, data.to_json, "Content-Type" => "application/json")
|
|
29
|
+
else
|
|
30
|
+
Net::HTTP.post_form(uri, data)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
|
|
36
|
+
def config_keys
|
|
37
|
+
%w[webhook_url]
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def webhook_url
|
|
41
|
+
@webhook_url ||= Mihari.config.webhook_url
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def webhook_url?
|
|
45
|
+
!webhook_url.nil?
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def use_json_body
|
|
49
|
+
@use_json_body ||= truthy?(Mihari.config.webhook_use_json_body || 'false')
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def truthy?(value)
|
|
53
|
+
return true if value == "true"
|
|
54
|
+
return true if value == true
|
|
55
|
+
|
|
56
|
+
false
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
|
@@ -25,14 +25,14 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
|
|
26
26
|
spec.add_development_dependency "bundler", "~> 2.2"
|
|
27
27
|
spec.add_development_dependency "coveralls", "~> 0.8"
|
|
28
|
-
spec.add_development_dependency "execjs", "~> 2.
|
|
28
|
+
spec.add_development_dependency "execjs", "~> 2.8"
|
|
29
29
|
spec.add_development_dependency "fakefs", "~> 1.3"
|
|
30
30
|
spec.add_development_dependency "mysql2", "~> 0.5"
|
|
31
31
|
spec.add_development_dependency "pg", "~> 1.2"
|
|
32
32
|
spec.add_development_dependency "rack-test", "~> 1.1"
|
|
33
33
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
34
34
|
spec.add_development_dependency "rspec", "~> 3.10"
|
|
35
|
-
spec.add_development_dependency "standard", "~> 1.
|
|
35
|
+
spec.add_development_dependency "standard", "~> 1.1"
|
|
36
36
|
spec.add_development_dependency "timecop", "~> 0.9"
|
|
37
37
|
spec.add_development_dependency "vcr", "~> 6.0"
|
|
38
38
|
spec.add_development_dependency "webmock", "~> 3.12"
|
|
@@ -62,7 +62,7 @@ Gem::Specification.new do |spec|
|
|
|
62
62
|
spec.add_dependency "passivetotalx", "~> 0.1"
|
|
63
63
|
spec.add_dependency "public_suffix", "~> 4.0"
|
|
64
64
|
spec.add_dependency "pulsedive", "~> 0.1"
|
|
65
|
-
spec.add_dependency "puma", "~> 5.
|
|
65
|
+
spec.add_dependency "puma", "~> 5.3"
|
|
66
66
|
spec.add_dependency "rack", "~> 2.2"
|
|
67
67
|
spec.add_dependency "rack-contrib", "~> 2.3"
|
|
68
68
|
spec.add_dependency "safe_shell", "~> 1.1"
|
|
@@ -71,7 +71,7 @@ Gem::Specification.new do |spec|
|
|
|
71
71
|
spec.add_dependency "sinatra", "~> 2.1"
|
|
72
72
|
spec.add_dependency "sinatra-contrib", "~> 2.1"
|
|
73
73
|
spec.add_dependency "sinatra-param", "~> 1.6"
|
|
74
|
-
spec.add_dependency "slack-notifier", "~> 2.
|
|
74
|
+
spec.add_dependency "slack-notifier", "~> 2.4"
|
|
75
75
|
spec.add_dependency "spysex", "~> 0.1"
|
|
76
76
|
spec.add_dependency "sqlite3", "~> 1.4"
|
|
77
77
|
spec.add_dependency "thor", "~> 1.1"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '2.
|
|
47
|
+
version: '2.8'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '2.
|
|
54
|
+
version: '2.8'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: fakefs
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,14 +142,14 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: '1.
|
|
145
|
+
version: '1.1'
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: '1.
|
|
152
|
+
version: '1.1'
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: timecop
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -548,14 +548,14 @@ dependencies:
|
|
|
548
548
|
requirements:
|
|
549
549
|
- - "~>"
|
|
550
550
|
- !ruby/object:Gem::Version
|
|
551
|
-
version: '5.
|
|
551
|
+
version: '5.3'
|
|
552
552
|
type: :runtime
|
|
553
553
|
prerelease: false
|
|
554
554
|
version_requirements: !ruby/object:Gem::Requirement
|
|
555
555
|
requirements:
|
|
556
556
|
- - "~>"
|
|
557
557
|
- !ruby/object:Gem::Version
|
|
558
|
-
version: '5.
|
|
558
|
+
version: '5.3'
|
|
559
559
|
- !ruby/object:Gem::Dependency
|
|
560
560
|
name: rack
|
|
561
561
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -674,14 +674,14 @@ dependencies:
|
|
|
674
674
|
requirements:
|
|
675
675
|
- - "~>"
|
|
676
676
|
- !ruby/object:Gem::Version
|
|
677
|
-
version: '2.
|
|
677
|
+
version: '2.4'
|
|
678
678
|
type: :runtime
|
|
679
679
|
prerelease: false
|
|
680
680
|
version_requirements: !ruby/object:Gem::Requirement
|
|
681
681
|
requirements:
|
|
682
682
|
- - "~>"
|
|
683
683
|
- !ruby/object:Gem::Version
|
|
684
|
-
version: '2.
|
|
684
|
+
version: '2.4'
|
|
685
685
|
- !ruby/object:Gem::Dependency
|
|
686
686
|
name: spysex
|
|
687
687
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -876,6 +876,7 @@ files:
|
|
|
876
876
|
- lib/mihari/emitters/slack.rb
|
|
877
877
|
- lib/mihari/emitters/stdout.rb
|
|
878
878
|
- lib/mihari/emitters/the_hive.rb
|
|
879
|
+
- lib/mihari/emitters/webhook.rb
|
|
879
880
|
- lib/mihari/errors.rb
|
|
880
881
|
- lib/mihari/html.rb
|
|
881
882
|
- lib/mihari/models/alert.rb
|
|
@@ -889,7 +890,6 @@ files:
|
|
|
889
890
|
- lib/mihari/serializers/alert.rb
|
|
890
891
|
- lib/mihari/serializers/artifact.rb
|
|
891
892
|
- lib/mihari/serializers/tag.rb
|
|
892
|
-
- lib/mihari/slack_monkeypatch.rb
|
|
893
893
|
- lib/mihari/status.rb
|
|
894
894
|
- lib/mihari/type_checker.rb
|
|
895
895
|
- lib/mihari/version.rb
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Slack
|
|
4
|
-
class Notifier
|
|
5
|
-
module Util
|
|
6
|
-
class LinkFormatter
|
|
7
|
-
class << self
|
|
8
|
-
def format(string, opts = {})
|
|
9
|
-
# Resolve warning in Ruby 2.7
|
|
10
|
-
LinkFormatter.new(string, **opts).formatted
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|