mihari 4.8.0 → 4.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e827da38142045be9b680636eb69b61d18e465b83f33d3a2a435c251041c7fc
4
- data.tar.gz: 91d0c1fa7e50512c9a2bb8aceb914f69bec149c3fd7dc16f136a4b391a086e56
3
+ metadata.gz: 85756e55047ef3bde95c50c1ac3c474adbd29828bf1f95618f3aac85638a1752
4
+ data.tar.gz: babe64cf74a96f659057b06ac3b5864b6faa2c3ec9b7e3f0f9b57bce7dd635a8
5
5
  SHA512:
6
- metadata.gz: c6c06c7d217091158d3fc354ccf3e0640494cfcd26b38cf5927d4d2a43f961ce8d2bf7d87bc965037554e745bf54b7dcf06e02b96d93962e6b0948bff11119d7
7
- data.tar.gz: 5dd97d8c4a4d9ae9eac0e3823e8da97210de5dae87c448f48f6df565a12c99e7f0620d0477862762465aa77b0727912ccc935cd941e9a291a48a763fbf9ab8f3
6
+ metadata.gz: 5c15c65a8952c1fbcf695feba8add8a7fc962eaac9ca426a18dd510663573dc9fe6b27472ca0edcd1ff9fb86b68a49ce8c459e3a7d90eabe9dbbe1e4506181d8
7
+ data.tar.gz: aceb04f0f6e78af7f0df2293d78a4d4d20bcf1827e70d45e3f425e38b128c5f9194dbdac608b29b44852af77b626ccbdd03583e7170d5330a2b584c7cbdca55b
data/README.md CHANGED
@@ -44,7 +44,6 @@ Mihari supports the following services by default.
44
44
  - [Pulsedive](https://pulsedive.com/)
45
45
  - [SecurityTrails](https://securitytrails.com/)
46
46
  - [Shodan](https://shodan.io)
47
- - [Spyse](https://spyse.com)
48
47
  - [urlscan.io](https://urlscan.io)
49
48
  - [VirusTotal](http://virustotal.com) & [VirusTotal Intelligence](https://www.virustotal.com/gui/intelligence-overview)
50
49
  - [ZoomEye](https://zoomeye.org)
@@ -18,7 +18,6 @@ module Mihari
18
18
  "pulsedive" => Pulsedive,
19
19
  "securitytrails" => SecurityTrails,
20
20
  "shodan" => Shodan,
21
- "spyse" => Spyse,
22
21
  "st" => SecurityTrails,
23
22
  "urlscan" => Urlscan,
24
23
  "virustotal_intelligence" => VirusTotalIntelligence,
@@ -14,7 +14,11 @@ module Mihari
14
14
  rule = Structs::Rule.from_path_or_id path_or_id
15
15
 
16
16
  # validate
17
- rule.validate!
17
+ begin
18
+ rule.validate!
19
+ rescue RuleValidationError
20
+ return
21
+ end
18
22
 
19
23
  # check update
20
24
  id = rule.id
@@ -23,7 +27,9 @@ module Mihari
23
27
  with_db_connection do
24
28
  rule_ = Mihari::Rule.find(id)
25
29
  next if rule.yaml == rule_.yaml
26
- return unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
30
+ unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
31
+ return
32
+ end
27
33
  rescue ActiveRecord::RecordNotFound
28
34
  next
29
35
  end
@@ -58,13 +58,6 @@ module Mihari
58
58
  optional(:options).hash(AnalyzerOptions)
59
59
  end
60
60
 
61
- Spyse = Dry::Schema.Params do
62
- required(:analyzer).value(Types::String.enum("spyse"))
63
- required(:query).value(:string)
64
- required(:type).value(Types::String.enum("ip", "domain"))
65
- optional(:options).hash(AnalyzerOptions)
66
- end
67
-
68
61
  ZoomEye = Dry::Schema.Params do
69
62
  required(:analyzer).value(Types::String.enum("zoomeye"))
70
63
  required(:query).value(:string)
@@ -22,7 +22,9 @@ module Mihari
22
22
  optional(:created_on).value(:date)
23
23
  optional(:updated_on).value(:date)
24
24
 
25
- required(:queries).value(:array).each { AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | Spyse | ZoomEye | Urlscan | Crtsh | Feed }
25
+ required(:queries).value(:array).each do
26
+ AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed
27
+ end
26
28
 
27
29
  optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
28
30
 
@@ -57,9 +59,7 @@ module Mihari
57
59
 
58
60
  rule(:disallowed_data_values) do
59
61
  value.each do |v|
60
- unless valid_disallowed_data_value?(v)
61
- key.failure("#{v} is not a valid format.")
62
- end
62
+ key.failure("#{v} is not a valid format.") unless valid_disallowed_data_value?(v)
63
63
  end
64
64
  end
65
65
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "4.8.0"
4
+ VERSION = "4.9.0"
5
5
  end
data/lib/mihari.rb CHANGED
@@ -235,7 +235,6 @@ require "mihari/analyzers/passivetotal"
235
235
  require "mihari/analyzers/pulsedive"
236
236
  require "mihari/analyzers/securitytrails"
237
237
  require "mihari/analyzers/shodan"
238
- require "mihari/analyzers/spyse"
239
238
  require "mihari/analyzers/urlscan"
240
239
  require "mihari/analyzers/virustotal_intelligence"
241
240
  require "mihari/analyzers/virustotal"
data/mihari.gemspec CHANGED
@@ -45,7 +45,7 @@ Gem::Specification.new do |spec|
45
45
  spec.add_development_dependency "vcr", "~> 6.1"
46
46
  spec.add_development_dependency "webmock", "~> 3.18"
47
47
 
48
- spec.add_dependency "activerecord", "7.0.3.1"
48
+ spec.add_dependency "activerecord", "7.0.4"
49
49
  spec.add_dependency "addressable", "2.8.1"
50
50
  spec.add_dependency "awrence", "2.0.1"
51
51
  spec.add_dependency "binaryedge", "0.1.0"
@@ -55,10 +55,10 @@ Gem::Specification.new do |spec|
55
55
  spec.add_dependency "dnstwister", "0.1.0"
56
56
  spec.add_dependency "dotenv", "2.8.1"
57
57
  spec.add_dependency "dry-configurable", "0.15.0"
58
- spec.add_dependency "dry-container", "0.10.1"
59
- spec.add_dependency "dry-files", "0.2.0"
58
+ spec.add_dependency "dry-container", "0.11.0"
59
+ spec.add_dependency "dry-files", "0.3.0"
60
60
  spec.add_dependency "dry-initializer", "3.1.1"
61
- spec.add_dependency "dry-schema", "1.10.2"
61
+ spec.add_dependency "dry-schema", "1.10.5"
62
62
  spec.add_dependency "dry-struct", "1.4.0"
63
63
  spec.add_dependency "dry-validation", "1.8.1"
64
64
  spec.add_dependency "email_address", "0.2.4"
@@ -92,12 +92,12 @@ Gem::Specification.new do |spec|
92
92
  spec.add_dependency "shodanx", "0.2.1"
93
93
  spec.add_dependency "slack-notifier", "2.4.0"
94
94
  spec.add_dependency "spysex", "0.2.0"
95
- spec.add_dependency "sqlite3", "1.4.4"
95
+ spec.add_dependency "sqlite3", "1.5.0"
96
96
  spec.add_dependency "thor", "1.2.1"
97
97
  spec.add_dependency "urlscan", "0.8.0"
98
98
  spec.add_dependency "uuidtools", "2.2.0"
99
99
  spec.add_dependency "virustotalx", "1.2.0"
100
100
  spec.add_dependency "whois", "5.1.0"
101
- spec.add_dependency "whois-parser", "1.2.0"
101
+ spec.add_dependency "whois-parser", "2.0.0"
102
102
  spec.add_dependency "zoomeye-rb", "0.2.0"
103
103
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.8.0
4
+ version: 4.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-08-28 00:00:00.000000000 Z
11
+ date: 2022-10-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -254,14 +254,14 @@ dependencies:
254
254
  requirements:
255
255
  - - '='
256
256
  - !ruby/object:Gem::Version
257
- version: 7.0.3.1
257
+ version: 7.0.4
258
258
  type: :runtime
259
259
  prerelease: false
260
260
  version_requirements: !ruby/object:Gem::Requirement
261
261
  requirements:
262
262
  - - '='
263
263
  - !ruby/object:Gem::Version
264
- version: 7.0.3.1
264
+ version: 7.0.4
265
265
  - !ruby/object:Gem::Dependency
266
266
  name: addressable
267
267
  requirement: !ruby/object:Gem::Requirement
@@ -394,28 +394,28 @@ dependencies:
394
394
  requirements:
395
395
  - - '='
396
396
  - !ruby/object:Gem::Version
397
- version: 0.10.1
397
+ version: 0.11.0
398
398
  type: :runtime
399
399
  prerelease: false
400
400
  version_requirements: !ruby/object:Gem::Requirement
401
401
  requirements:
402
402
  - - '='
403
403
  - !ruby/object:Gem::Version
404
- version: 0.10.1
404
+ version: 0.11.0
405
405
  - !ruby/object:Gem::Dependency
406
406
  name: dry-files
407
407
  requirement: !ruby/object:Gem::Requirement
408
408
  requirements:
409
409
  - - '='
410
410
  - !ruby/object:Gem::Version
411
- version: 0.2.0
411
+ version: 0.3.0
412
412
  type: :runtime
413
413
  prerelease: false
414
414
  version_requirements: !ruby/object:Gem::Requirement
415
415
  requirements:
416
416
  - - '='
417
417
  - !ruby/object:Gem::Version
418
- version: 0.2.0
418
+ version: 0.3.0
419
419
  - !ruby/object:Gem::Dependency
420
420
  name: dry-initializer
421
421
  requirement: !ruby/object:Gem::Requirement
@@ -436,14 +436,14 @@ dependencies:
436
436
  requirements:
437
437
  - - '='
438
438
  - !ruby/object:Gem::Version
439
- version: 1.10.2
439
+ version: 1.10.5
440
440
  type: :runtime
441
441
  prerelease: false
442
442
  version_requirements: !ruby/object:Gem::Requirement
443
443
  requirements:
444
444
  - - '='
445
445
  - !ruby/object:Gem::Version
446
- version: 1.10.2
446
+ version: 1.10.5
447
447
  - !ruby/object:Gem::Dependency
448
448
  name: dry-struct
449
449
  requirement: !ruby/object:Gem::Requirement
@@ -912,14 +912,14 @@ dependencies:
912
912
  requirements:
913
913
  - - '='
914
914
  - !ruby/object:Gem::Version
915
- version: 1.4.4
915
+ version: 1.5.0
916
916
  type: :runtime
917
917
  prerelease: false
918
918
  version_requirements: !ruby/object:Gem::Requirement
919
919
  requirements:
920
920
  - - '='
921
921
  - !ruby/object:Gem::Version
922
- version: 1.4.4
922
+ version: 1.5.0
923
923
  - !ruby/object:Gem::Dependency
924
924
  name: thor
925
925
  requirement: !ruby/object:Gem::Requirement
@@ -996,14 +996,14 @@ dependencies:
996
996
  requirements:
997
997
  - - '='
998
998
  - !ruby/object:Gem::Version
999
- version: 1.2.0
999
+ version: 2.0.0
1000
1000
  type: :runtime
1001
1001
  prerelease: false
1002
1002
  version_requirements: !ruby/object:Gem::Requirement
1003
1003
  requirements:
1004
1004
  - - '='
1005
1005
  - !ruby/object:Gem::Version
1006
- version: 1.2.0
1006
+ version: 2.0.0
1007
1007
  - !ruby/object:Gem::Dependency
1008
1008
  name: zoomeye-rb
1009
1009
  requirement: !ruby/object:Gem::Requirement
@@ -1074,7 +1074,6 @@ files:
1074
1074
  - lib/mihari/analyzers/rule.rb
1075
1075
  - lib/mihari/analyzers/securitytrails.rb
1076
1076
  - lib/mihari/analyzers/shodan.rb
1077
- - lib/mihari/analyzers/spyse.rb
1078
1077
  - lib/mihari/analyzers/urlscan.rb
1079
1078
  - lib/mihari/analyzers/virustotal.rb
1080
1079
  - lib/mihari/analyzers/virustotal_intelligence.rb
@@ -1,93 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spyse"
4
-
5
- module Mihari
6
- module Analyzers
7
- class Spyse < Base
8
- param :query
9
-
10
- option :type, default: proc { "domain" }
11
-
12
- # @return [String, nil]
13
- attr_reader :api_key
14
-
15
- def initialize(*args, **kwargs)
16
- super(*args, **kwargs)
17
-
18
- @api_key = kwargs[:api_key] || Mihari.config.spyse_api_key
19
- end
20
-
21
- def artifacts
22
- search || []
23
- end
24
-
25
- private
26
-
27
- def search_params
28
- @search_params ||= JSON.parse(query)
29
- end
30
-
31
- def configuration_keys
32
- %w[spyse_api_key]
33
- end
34
-
35
- def api
36
- @api ||= ::Spyse::API.new(api_key)
37
- end
38
-
39
- #
40
- # Check whether a type is valid or not
41
- #
42
- # @return [Boolean]
43
- #
44
- def valid_type?
45
- %w[ip domain cert].include? type
46
- end
47
-
48
- #
49
- # Domain search
50
- #
51
- # @return [Array<Mihari::Artifact>]
52
- #
53
- def domain_search
54
- res = api.domain.search(search_params, limit: 100)
55
- items = res.dig("data", "items") || []
56
- items.map do |item|
57
- data = item["name"]
58
- Artifact.new(data: data, source: source, metadata: item)
59
- end
60
- end
61
-
62
- #
63
- # IP search
64
- #
65
- # @return [Array<Mihari::Artifact>]
66
- #
67
- def ip_search
68
- res = api.ip.search(search_params, limit: 100)
69
- items = res.dig("data", "items") || []
70
- items.map do |item|
71
- data = item["ip"]
72
- Artifact.new(data: data, source: source, metadata: item)
73
- end
74
- end
75
-
76
- #
77
- # IP/domain search
78
- #
79
- # @return [Array<Mihari::Artifact>]
80
- #
81
- def search
82
- case type
83
- when "domain"
84
- domain_search
85
- when "ip"
86
- ip_search
87
- else
88
- raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
89
- end
90
- end
91
- end
92
- end
93
- end