RubyGems - mihari - Versions diffs - 3.12.0 → 4.0.0 - Mend

mihari 3.12.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (160) hide show

checksums.yaml +4 -4
data/lib/mihari/analyzers/base.rb +6 -6
data/lib/mihari/analyzers/binaryedge.rb +3 -5
data/lib/mihari/analyzers/censys.rb +1 -3
data/lib/mihari/analyzers/circl.rb +0 -3
data/lib/mihari/analyzers/crtsh.rb +7 -5
data/lib/mihari/analyzers/dnpedia.rb +4 -4
data/lib/mihari/analyzers/dnstwister.rb +1 -4
data/lib/mihari/analyzers/feed.rb +0 -3
data/lib/mihari/analyzers/greynoise.rb +1 -3
data/lib/mihari/analyzers/onyphe.rb +1 -3
data/lib/mihari/analyzers/otx.rb +0 -3
data/lib/mihari/analyzers/passivetotal.rb +8 -9
data/lib/mihari/analyzers/pulsedive.rb +7 -5
data/lib/mihari/analyzers/rule.rb +5 -6
data/lib/mihari/analyzers/securitytrails.rb +10 -7
data/lib/mihari/analyzers/shodan.rb +2 -4
data/lib/mihari/analyzers/spyse.rb +10 -11
data/lib/mihari/analyzers/urlscan.rb +5 -6
data/lib/mihari/analyzers/virustotal.rb +8 -9
data/lib/mihari/analyzers/virustotal_intelligence.rb +4 -5
data/lib/mihari/analyzers/zoomeye.rb +4 -5
data/lib/mihari/cli/base.rb +0 -5
data/lib/mihari/cli/init.rb +0 -2
data/lib/mihari/cli/main.rb +4 -6
data/lib/mihari/cli/mixins/utils.rb +2 -18
data/lib/mihari/commands/init.rb +0 -18
data/lib/mihari/commands/search.rb +20 -15
data/lib/mihari/commands/validator.rb +7 -19
data/lib/mihari/commands/web.rb +0 -3
data/lib/mihari/database.rb +67 -15
data/lib/mihari/emitters/misp.rb +0 -1
data/lib/mihari/emitters/slack.rb +3 -4
data/lib/mihari/emitters/stdout.rb +0 -2
data/lib/mihari/emitters/the_hive.rb +0 -1
data/lib/mihari/emitters/webhook.rb +1 -5
data/lib/mihari/enrichers/ipinfo.rb +0 -2
data/lib/mihari/errors.rb +2 -0
data/lib/mihari/feed/reader.rb +22 -8
data/lib/mihari/mixins/database.rb +14 -0
data/lib/mihari/mixins/disallowed_data_value.rb +1 -4
data/lib/mihari/mixins/rule.rb +34 -31
data/lib/mihari/models/alert.rb +3 -3
data/lib/mihari/models/artifact.rb +0 -5
data/lib/mihari/models/autonomous_system.rb +0 -2
data/lib/mihari/models/dns.rb +0 -3
data/lib/mihari/models/geolocation.rb +0 -1
data/lib/mihari/models/reverse_dns.rb +0 -3
data/lib/mihari/models/rule.rb +73 -0
data/lib/mihari/models/tag.rb +0 -2
data/lib/mihari/models/tagging.rb +0 -2
data/lib/mihari/models/whois.rb +0 -2
data/lib/mihari/notifiers/exception_notifier.rb +0 -2
data/lib/mihari/schemas/analyzer.rb +0 -5
data/lib/mihari/schemas/macros.rb +0 -2
data/lib/mihari/schemas/rule.rb +0 -5
data/lib/mihari/structs/alert.rb +0 -3
data/lib/mihari/structs/censys.rb +3 -4
data/lib/mihari/structs/greynoise.rb +3 -4
data/lib/mihari/structs/ipinfo.rb +0 -3
data/lib/mihari/structs/onyphe.rb +5 -6
data/lib/mihari/structs/rule.rb +121 -0
data/lib/mihari/structs/shodan.rb +3 -4
data/lib/mihari/structs/urlscan.rb +0 -3
data/lib/mihari/structs/virustotal_intelligence.rb +3 -4
data/lib/mihari/type_checker.rb +2 -6
data/lib/mihari/types.rb +0 -2
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/api.rb +4 -0
data/lib/mihari/web/app.rb +5 -7
data/lib/mihari/web/endpoints/alerts.rb +7 -3
data/lib/mihari/web/endpoints/artifacts.rb +6 -3
data/lib/mihari/web/endpoints/command.rb +2 -1
data/lib/mihari/web/endpoints/configs.rb +2 -1
data/lib/mihari/web/endpoints/ip_addresses.rb +2 -1
data/lib/mihari/web/endpoints/rules.rb +140 -0
data/lib/mihari/web/endpoints/sources.rb +2 -1
data/lib/mihari/web/endpoints/tags.rb +4 -2
data/lib/mihari/web/entities/artifact.rb +2 -0
data/lib/mihari/web/entities/rule.rb +35 -0
data/lib/mihari/web/middleware/connection_adapter.rb +19 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +35 -21
data/lib/mihari/web/public/static/js/app.49ab738a.js +21 -0
data/lib/mihari/web/public/static/js/app.49ab738a.js.map +1 -0
data/lib/mihari.rb +40 -34
data/mihari.gemspec +3 -5
data/sig/lib/mihari/analyzers/binaryedge.rbs +0 -3
data/sig/lib/mihari/analyzers/censys.rbs +0 -3
data/sig/lib/mihari/analyzers/circl.rbs +1 -3
data/sig/lib/mihari/analyzers/crtsh.rbs +1 -3
data/sig/lib/mihari/analyzers/dnpedia.rbs +1 -4
data/sig/lib/mihari/analyzers/dnstwister.rbs +1 -3
data/sig/lib/mihari/analyzers/feed.rbs +0 -3
data/sig/lib/mihari/analyzers/onyphe.rbs +0 -3
data/sig/lib/mihari/analyzers/otx.rbs +1 -3
data/sig/lib/mihari/analyzers/passivetotal.rbs +3 -5
data/sig/lib/mihari/analyzers/pulsedive.rbs +2 -4
data/sig/lib/mihari/analyzers/securitytrails.rbs +3 -5
data/sig/lib/mihari/analyzers/shodan.rbs +0 -3
data/sig/lib/mihari/analyzers/spyse.rbs +4 -6
data/sig/lib/mihari/analyzers/urlscan.rbs +1 -3
data/sig/lib/mihari/analyzers/virustotal.rbs +4 -6
data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs +0 -3
data/sig/lib/mihari/analyzers/zoomeye.rbs +2 -4
data/sig/lib/mihari/commands/init.rbs +0 -2
data/sig/lib/mihari/commands/validator.rbs +0 -2
data/sig/lib/mihari/emitters/slack.rbs +0 -1
data/sig/lib/mihari/feed/reader.rbs +1 -1
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +0 -2
data/sig/lib/mihari/mixins/rule.rbs +5 -12
data/sig/lib/mihari/models/alert.rbs +1 -1
data/sig/lib/mihari/models/artifact.rbs +2 -0
data/sig/lib/mihari/models/rule.rbs +14 -0
data/sig/lib/mihari/structs/rule.rbs +56 -0
data/sig/lib/mihari.rbs +0 -2
metadata +18 -79
data/lib/mihari/cli/analyzer.rb +0 -55
data/lib/mihari/commands/binaryedge.rb +0 -21
data/lib/mihari/commands/censys.rb +0 -22
data/lib/mihari/commands/circl.rb +0 -21
data/lib/mihari/commands/crtsh.rb +0 -22
data/lib/mihari/commands/dnpedia.rb +0 -21
data/lib/mihari/commands/dnstwister.rb +0 -21
data/lib/mihari/commands/feed.rb +0 -26
data/lib/mihari/commands/greynoise.rb +0 -21
data/lib/mihari/commands/json.rb +0 -42
data/lib/mihari/commands/onyphe.rb +0 -21
data/lib/mihari/commands/otx.rb +0 -21
data/lib/mihari/commands/passivetotal.rb +0 -22
data/lib/mihari/commands/pulsedive.rb +0 -21
data/lib/mihari/commands/securitytrails.rb +0 -22
data/lib/mihari/commands/shodan.rb +0 -21
data/lib/mihari/commands/spyse.rb +0 -22
data/lib/mihari/commands/urlscan.rb +0 -22
data/lib/mihari/commands/virustotal.rb +0 -22
data/lib/mihari/commands/virustotal_intelligence.rb +0 -22
data/lib/mihari/commands/zoomeye.rb +0 -22
data/lib/mihari/mixins/configuration.rb +0 -100
data/lib/mihari/mixins/hash.rb +0 -20
data/lib/mihari/schemas/configuration.rb +0 -44
data/lib/mihari/web/public/grape.rb +0 -73
data/sig/lib/mihari/cli/analyzer.rbs +0 -43
data/sig/lib/mihari/commands/binaryedge.rbs +0 -7
data/sig/lib/mihari/commands/censys.rbs +0 -7
data/sig/lib/mihari/commands/circl.rbs +0 -7
data/sig/lib/mihari/commands/crtsh.rbs +0 -7
data/sig/lib/mihari/commands/dnpedia.rbs +0 -7
data/sig/lib/mihari/commands/dnstwister.rbs +0 -7
data/sig/lib/mihari/commands/feed.rbs +0 -7
data/sig/lib/mihari/commands/onyphe.rbs +0 -7
data/sig/lib/mihari/commands/otx.rbs +0 -7
data/sig/lib/mihari/commands/passivetotal.rbs +0 -7
data/sig/lib/mihari/commands/pulsedive.rbs +0 -7
data/sig/lib/mihari/commands/securitytrails.rbs +0 -7
data/sig/lib/mihari/commands/shodan.rbs +0 -7
data/sig/lib/mihari/commands/spyse.rbs +0 -7
data/sig/lib/mihari/commands/urlscan.rbs +0 -7
data/sig/lib/mihari/commands/virustotal.rbs +0 -7
data/sig/lib/mihari/commands/zoomeye.rbs +0 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a17c14dffe68b2f82316858615371036996a3a2b6d31d3c6a5c431294c38634
-  data.tar.gz: 97afaf2f8b20985b0908cc1fe5778fe75ab7d0e1bf13b990a7b4165c92843604
+  metadata.gz: 1a42a8897840d2f2268f88c6734c1633642256ef08667c39f45f5d03ac13874f
+  data.tar.gz: 89bdd5aa38f833e3158464915ec46c05e8c0bb6f17d34fe397d1590c59a57d7c
 SHA512:
-  metadata.gz: 418d7f278536e245196723d2ebbe0d99934b0db3278e8f8178470241c67f25e05d0aacf7bab2b766ce69d0589a79e87eca554a91fe4cfae5cfa12cd52d97fb61
-  data.tar.gz: 9e90193273ee40c9956a138c2c73b713eb610a3ebdc1c9def73a6d354c4124a97e6842e438004956b3edc3206dfee8bae5771a86e964b59a2a7065a1f910891f
+  metadata.gz: f62927fdb96eabffd99106bf03178e6eb573ee5e58b8fa2bb94b6b6b2ea898324fd65656bbb128aab67196ad03da959603dd73108c8840e883560d673c8afa5f
+  data.tar.gz: 2e752fa7ab93691ad6c38ec534af3bab14e27f2b66127dc00fc016f26554ea29fc2c743d2bdaef93d85e816d8a47e54d2d41bb6dafaabf711cfb2c833c3ff0ff

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
-require "dry-initializer"
-require "parallel"
 module Mihari
   module Analyzers
     class Base
@@ -10,6 +7,7 @@ module Mihari
       include Mixins::AutonomousSystem
       include Mixins::Configurable
+      include Mixins::Database
       include Mixins::Retriable
       attr_accessor :ignore_old_artifacts, :ignore_threshold
@@ -52,10 +50,12 @@ module Mihari
       # @return [nil]
       #
       def run
-        set_enriched_artifacts
+        with_db_connection do
+          set_enriched_artifacts
-        Parallel.each(valid_emitters) do |emitter|
-          run_emitter emitter
+          Parallel.each(valid_emitters) do |emitter|
+            run_emitter emitter
+          end
         end
       end

data/lib/mihari/analyzers/binaryedge.rb CHANGED Viewed

@@ -6,9 +6,6 @@ module Mihari
   module Analyzers
     class BinaryEdge < Base
       param :query
-      option :title, default: proc { "BinaryEdge search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :interval, default: proc { 0 }
@@ -19,9 +16,10 @@ module Mihari
         results.map do |result|
           events = result["events"] || []
           events.filter_map do |event|
-            event.dig "target", "ip"
+            data = event.dig("target", "ip")
+            data.nil? ? nil : Artifact.new(data: data, source: source, metadata: event)
           end
-        end.flatten.compact.uniq
+        end.flatten
       end
       private

data/lib/mihari/analyzers/censys.rb CHANGED Viewed

@@ -6,9 +6,6 @@ module Mihari
   module Analyzers
     class Censys < Base
       param :query
-      option :title, default: proc { "Censys search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :interval, default: proc { 0 }
@@ -77,6 +74,7 @@ module Mihari
         Artifact.new(
           data: hit.ip,
           source: source,
+          metadata: hit.metadata,
           autonomous_system: as,
           geolocation: geolocation
         )

data/lib/mihari/analyzers/circl.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "CIRCL passive DNS/SSL search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       attr_reader :type

data/lib/mihari/analyzers/crtsh.rb CHANGED Viewed

@@ -6,15 +6,17 @@ module Mihari
   module Analyzers
     class Crtsh < Base
       param :query
-      option :title, default: proc { "crt.sh search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :exclude_expired, default: proc { true }
       def artifacts
         results = search
-        name_values = results.filter_map { |result| result["name_value"] }
-        name_values.map(&:lines).flatten.uniq.map(&:chomp)
+        results.map do |result|
+          values = result["name_value"].to_s.lines.map(&:chomp)
+          values.map do |value|
+            Artifact.new(data: value, source: source, metadata: result)
+          end
+        end.flatten
       end
       private

data/lib/mihari/analyzers/dnpedia.rb CHANGED Viewed

@@ -6,8 +6,7 @@ module Mihari
   module Analyzers
     class DNPedia < Base
       param :query
-      option :title, default: proc { "DNPedia domain search" }
-      option :description, default: proc { "query = #{query}" }
       option :tags, default: proc { [] }
       def artifacts
@@ -23,13 +22,14 @@ module Mihari
       #
       # Search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def search
         res = api.search(query)
         rows = res["rows"] || []
         rows.map do |row|
-          [row["name"], row["zoneid"]].join(".")
+          data = [row["name"], row["zoneid"]].join(".")
+          Artifact.new(data: data, source: source, metadata: row)
         end
       end
     end

data/lib/mihari/analyzers/dnstwister.rb CHANGED Viewed

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 require "dnstwister"
-require "resolv"
-require "parallel"
 module Mihari
   module Analyzers
@@ -10,8 +8,7 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "dnstwister domain search" }
-      option :description, default: proc { "query = #{query}" }
       option :tags, default: proc { [] }
       attr_reader :type

data/lib/mihari/analyzers/feed.rb CHANGED Viewed

@@ -7,9 +7,6 @@ module Mihari
   module Analyzers
     class Feed < Base
       param :query
-      option :title, default: proc { "Feed" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :http_request_method, default: proc { "GET" }
       option :http_request_headers, default: proc { {} }

data/lib/mihari/analyzers/greynoise.rb CHANGED Viewed

@@ -6,9 +6,6 @@ module Mihari
   module Analyzers
     class GreyNoise < Base
       param :query
-      option :title, default: proc { "GreyNoise search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       def artifacts
         res = Structs::GreyNoise::Response.from_dynamic!(search)
@@ -56,6 +53,7 @@ module Mihari
         Artifact.new(
           data: datum.ip,
           source: source,
+          metadata: datum.metadata_,
           autonomous_system: as,
           geolocation: geolocation
         )

data/lib/mihari/analyzers/onyphe.rb CHANGED Viewed

@@ -7,9 +7,6 @@ module Mihari
   module Analyzers
     class Onyphe < Base
       param :query
-      option :title, default: proc { "Onyphe search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :interval, default: proc { 0 }
@@ -89,6 +86,7 @@ module Mihari
         Artifact.new(
           data: result.ip,
           source: source,
+          metadata: result.metadata,
           autonomous_system: as,
           geolocation: geolocation
         )

data/lib/mihari/analyzers/otx.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "OTX search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       attr_reader :type

data/lib/mihari/analyzers/passivetotal.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "PassiveTotal search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       attr_reader :type
@@ -75,27 +72,29 @@ module Mihari
       #
       # Reverse whois search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def reverse_whois_search
         res = api.whois.search(query: query, field: "email")
         results = res["results"] || []
         results.map do |result|
-          result["domain"]
-        end.flatten.compact.uniq
+          data = result["domain"]
+          Artifact.new(data: data, source: source, metadata: result)
+        end.flatten
       end
       #
       # Passive SSL search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def ssl_search
         res = api.ssl.history(query)
         results = res["results"] || []
         results.map do |result|
-          result["ipAddresses"]
-        end.flatten.compact.uniq
+          data = result["ipAddresses"]
+          Artifact.new(data: data, source: source, metadata: result)
+        end.flatten
       end
     end
   end

data/lib/mihari/analyzers/pulsedive.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "Pulsedive search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       attr_reader :type
@@ -47,7 +44,7 @@ module Mihari
       #
       # Search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
@@ -57,7 +54,12 @@ module Mihari
         properties = api.indicator.get_properties_by_id(iid)
         (properties["dns"] || []).filter_map do |property|
-          property["value"] if ["A", "PTR"].include?(property["name"])
+          if ["A", "PTR"].include?(property["name"])
+            nil
+          else
+            data = property["value"]
+            Artifact.new(data: data, source: source, metadata: property)
+          end
         end
       end
     end

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
-require "uuidtools"
 module Mihari
   module Analyzers
     ANALYZER_TO_CLASS = {
@@ -31,13 +29,14 @@ module Mihari
     }.freeze
     class Rule < Base
-      include Mihari::Mixins::DisallowedDataValue
+      include Mixins::DisallowedDataValue
+      include Mixins::Rule
       option :title
       option :description
       option :queries
-      option :id, default: proc {}
+      option :id, default: proc { "" }
       option :tags, default: proc { [] }
       option :allowed_data_types, default: proc { ALLOWED_DATA_TYPES }
       option :disallowed_data_values, default: proc { [] }
@@ -47,7 +46,7 @@ module Mihari
       def initialize(**kwargs)
         super(**kwargs)
-        @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s
+        @source = id
         validate_analyzer_configurations
       end
@@ -69,7 +68,7 @@ module Mihari
           # set interval in the top level
           options = params[:options] || {}
           interval = options[:interval]
-          params[:interval] = interval
+          params[:interval] = interval if interval
           analyzer = klass.new(query, **params)

data/lib/mihari/analyzers/securitytrails.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "SecurityTrails search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       attr_reader :type
@@ -47,7 +44,7 @@ module Mihari
       #
       # IP/domain/mail search
       #
-      # @return [Array<String>]
+      # @return [Array<String>, Array<Mihari::Artifact>]
       #
       def search
         case type
@@ -78,12 +75,15 @@ module Mihari
       #
       # IP search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def ip_search
         result = api.domains.search(filter: { ipv4: query })
         records = result["records"] || []
-        records.filter_map { |record| record["hostname"] }.uniq
+        records.filter_map do |record|
+          data = record["hostname"]
+          Artifact.new(data: data, source: source, metadata: record)
+        end
       end
       #
@@ -94,7 +94,10 @@ module Mihari
       def mail_search
         result = api.domains.search(filter: { whois_email: query })
         records = result["records"] || []
-        records.filter_map { |record| record["hostname"] }.uniq
+        records.filter_map do |record|
+          data = record["hostname"]
+          Artifact.new(data: data, source: source, metadata: record)
+        end
       end
     end
   end

data/lib/mihari/analyzers/shodan.rb CHANGED Viewed

@@ -6,9 +6,6 @@ module Mihari
   module Analyzers
     class Shodan < Base
       param :query
-      option :title, default: proc { "Shodan search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :interval, default: proc { 0 }
@@ -20,7 +17,7 @@ module Mihari
         results.map do |result|
           matches = result.matches || []
           matches.map { |match| build_artifact match }
-        end.flatten.compact.uniq(&:data)
+        end.flatten.uniq(&:data)
       end
       private
@@ -98,6 +95,7 @@ module Mihari
         Artifact.new(
           data: match.ip_str,
           source: source,
+          metadata: match.metadata,
           autonomous_system: as,
           geolocation: geolocation
         )

data/lib/mihari/analyzers/spyse.rb CHANGED Viewed

@@ -1,16 +1,13 @@
 # frozen_string_literal: true
 require "spyse"
-require "json"
 module Mihari
   module Analyzers
     class Spyse < Base
       param :query
-      option :title, default: proc { "Spyse search" }
-      option :description, default: proc { "query = #{query}" }
       option :type, default: proc { "domain" }
-      option :tags, default: proc { [] }
       def artifacts
         search || []
@@ -42,33 +39,35 @@ module Mihari
       #
       # Domain search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def domain_search
         res = api.domain.search(search_params, limit: 100)
         items = res.dig("data", "items") || []
         items.map do |item|
-          item["name"]
-        end.uniq.compact
+          data = item["name"]
+          Artifact.new(data: data, source: source, metadata: item)
+        end
       end
       #
       # IP search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def ip_search
         res = api.ip.search(search_params, limit: 100)
         items = res.dig("data", "items") || []
         items.map do |item|
-          item["ip"]
-        end.uniq.compact
+          data = item["ip"]
+          Artifact.new(data: data, source: source, metadata: item)
+        end
       end
       #
       # IP/domain search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def search
         case type

data/lib/mihari/analyzers/urlscan.rb CHANGED Viewed

@@ -6,9 +6,7 @@ module Mihari
   module Analyzers
     class Urlscan < Base
       param :query
-      option :title, default: proc { "urlscan search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :allowed_data_types, default: proc { SUPPORTED_DATA_TYPES }
       option :interval, default: proc { 0 }
@@ -29,9 +27,10 @@ module Mihari
         allowed_data_types.map do |type|
           results.filter_map do |result|
             page = result.page
-            page.send(type.to_sym)
-          end.uniq
-        end.flatten.compact
+            data = page.send(type.to_sym)
+            data.nil? ? nil : Artifact.new(data: data, source: source, metadata: result)
+          end
+        end.flatten
       end
       private

data/lib/mihari/analyzers/virustotal.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Mihari
       include Mixins::Refang
       param :query
-      option :title, default: proc { "VirusTotal search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       attr_reader :type
@@ -47,7 +44,7 @@ module Mihari
       #
       # Search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def search
         case type
@@ -63,28 +60,30 @@ module Mihari
       #
       # Domain search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def domain_search
         res = api.domain.resolutions(query)
         data = res["data"] || []
         data.filter_map do |item|
-          item.dig("attributes", "ip_address")
-        end.uniq
+          data = item.dig("attributes", "ip_address")
+          data.nil? ? nil : Artifact.new(data: data, source: source, metadata: item)
+        end
       end
       #
       # IP search
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def ip_search
         res = api.ip_address.resolutions(query)
         data = res["data"] || []
         data.filter_map do |item|
-          item.dig("attributes", "host_name")
+          data = item.dig("attributes", "host_name")
+          Artifact.new(data: data, source: source, metadata: item)
         end.uniq
       end
     end

data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED Viewed

@@ -6,9 +6,6 @@ module Mihari
   module Analyzers
     class VirusTotalIntelligence < Base
       param :query
-      option :title, default: proc { "VirusTotal Intelligence search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :interval, default: proc { 0 }
@@ -21,8 +18,10 @@ module Mihari
       def artifacts
         responses = search_witgh_cursor
         responses.map do |response|
-          response.data.map(&:value)
-        end.flatten.compact.uniq
+          response.data.map do |datum|
+            Artifact.new(data: datum.value, source: source, metadata: datum.metadata)
+          end
+        end.flatten
       end
       private

data/lib/mihari/analyzers/zoomeye.rb CHANGED Viewed

@@ -6,9 +6,7 @@ module Mihari
   module Analyzers
     class ZoomEye < Base
       param :query
-      option :title, default: proc { "ZoomEye search" }
-      option :description, default: proc { "query = #{query}" }
-      option :tags, default: proc { [] }
       option :type, default: proc { "host" }
       option :interval, default: proc { 0 }
@@ -50,13 +48,14 @@ module Mihari
       #
       # @param [Array<Hash>] responses
       #
-      # @return [Array<String>]
+      # @return [Array<Mihari::Artifact>]
       #
       def convert_responses(responses)
         responses.map do |res|
           matches = res["matches"] || []
           matches.map do |match|
-            match["ip"]
+            data = match["ip"]
+            Artifact.new(data: data, source: source, metadata: match)
           end
         end.flatten.compact.uniq
       end

data/lib/mihari/cli/base.rb CHANGED Viewed

@@ -1,15 +1,10 @@
 # frozen_string_literal: true
-require "thor"
-require "mihari/mixins/hash"
 require "mihari/cli/mixins/utils"
 module Mihari
   module CLI
     class Base < Thor
-      include Mihari::Mixins::Hash
       include Mixins::Utils
       class << self

data/lib/mihari/cli/init.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
-require "thor"
 require "mihari/commands/init"
 module Mihari

data/lib/mihari/cli/main.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "thor"
 # Commands
 require "mihari/commands/search"
 require "mihari/commands/web"
@@ -7,7 +9,6 @@ require "mihari/commands/web"
 # CLIs
 require "mihari/cli/base"
-require "mihari/cli/analyzer"
 require "mihari/cli/init"
 require "mihari/cli/validator"
@@ -17,13 +18,10 @@ module Mihari
       include Mihari::Commands::Search
       include Mihari::Commands::Web
-      desc "analyze", "Sub commands to run an analyzer"
-      subcommand "analyze", Analyzer
-      desc "init", "Sub commands to initialize config & rule"
+      desc "init", "Sub commands to initialize a rule"
       subcommand "init", Initialization
-      desc "validate", "Sub commands to validate format of config & rule"
+      desc "validate", "Sub commands to validate format of a rule"
       subcommand "validate", Validator
     end
   end