mihari 4.8.0 → 4.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +0 -1
- data/lib/mihari/analyzers/rule.rb +0 -1
- data/lib/mihari/commands/search.rb +8 -2
- data/lib/mihari/schemas/analyzer.rb +0 -7
- data/lib/mihari/schemas/rule.rb +4 -4
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari.rb +0 -1
- data/mihari.gemspec +6 -6
- metadata +14 -15
- data/lib/mihari/analyzers/spyse.rb +0 -93
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 85756e55047ef3bde95c50c1ac3c474adbd29828bf1f95618f3aac85638a1752
|
|
4
|
+
data.tar.gz: babe64cf74a96f659057b06ac3b5864b6faa2c3ec9b7e3f0f9b57bce7dd635a8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5c15c65a8952c1fbcf695feba8add8a7fc962eaac9ca426a18dd510663573dc9fe6b27472ca0edcd1ff9fb86b68a49ce8c459e3a7d90eabe9dbbe1e4506181d8
|
|
7
|
+
data.tar.gz: aceb04f0f6e78af7f0df2293d78a4d4d20bcf1827e70d45e3f425e38b128c5f9194dbdac608b29b44852af77b626ccbdd03583e7170d5330a2b584c7cbdca55b
|
data/README.md
CHANGED
|
@@ -44,7 +44,6 @@ Mihari supports the following services by default.
|
|
|
44
44
|
- [Pulsedive](https://pulsedive.com/)
|
|
45
45
|
- [SecurityTrails](https://securitytrails.com/)
|
|
46
46
|
- [Shodan](https://shodan.io)
|
|
47
|
-
- [Spyse](https://spyse.com)
|
|
48
47
|
- [urlscan.io](https://urlscan.io)
|
|
49
48
|
- [VirusTotal](http://virustotal.com) & [VirusTotal Intelligence](https://www.virustotal.com/gui/intelligence-overview)
|
|
50
49
|
- [ZoomEye](https://zoomeye.org)
|
|
@@ -14,7 +14,11 @@ module Mihari
|
|
|
14
14
|
rule = Structs::Rule.from_path_or_id path_or_id
|
|
15
15
|
|
|
16
16
|
# validate
|
|
17
|
-
|
|
17
|
+
begin
|
|
18
|
+
rule.validate!
|
|
19
|
+
rescue RuleValidationError
|
|
20
|
+
return
|
|
21
|
+
end
|
|
18
22
|
|
|
19
23
|
# check update
|
|
20
24
|
id = rule.id
|
|
@@ -23,7 +27,9 @@ module Mihari
|
|
|
23
27
|
with_db_connection do
|
|
24
28
|
rule_ = Mihari::Rule.find(id)
|
|
25
29
|
next if rule.yaml == rule_.yaml
|
|
26
|
-
|
|
30
|
+
unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
|
|
31
|
+
return
|
|
32
|
+
end
|
|
27
33
|
rescue ActiveRecord::RecordNotFound
|
|
28
34
|
next
|
|
29
35
|
end
|
|
@@ -58,13 +58,6 @@ module Mihari
|
|
|
58
58
|
optional(:options).hash(AnalyzerOptions)
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
Spyse = Dry::Schema.Params do
|
|
62
|
-
required(:analyzer).value(Types::String.enum("spyse"))
|
|
63
|
-
required(:query).value(:string)
|
|
64
|
-
required(:type).value(Types::String.enum("ip", "domain"))
|
|
65
|
-
optional(:options).hash(AnalyzerOptions)
|
|
66
|
-
end
|
|
67
|
-
|
|
68
61
|
ZoomEye = Dry::Schema.Params do
|
|
69
62
|
required(:analyzer).value(Types::String.enum("zoomeye"))
|
|
70
63
|
required(:query).value(:string)
|
data/lib/mihari/schemas/rule.rb
CHANGED
|
@@ -22,7 +22,9 @@ module Mihari
|
|
|
22
22
|
optional(:created_on).value(:date)
|
|
23
23
|
optional(:updated_on).value(:date)
|
|
24
24
|
|
|
25
|
-
required(:queries).value(:array).each
|
|
25
|
+
required(:queries).value(:array).each do
|
|
26
|
+
AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed
|
|
27
|
+
end
|
|
26
28
|
|
|
27
29
|
optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
|
|
28
30
|
|
|
@@ -57,9 +59,7 @@ module Mihari
|
|
|
57
59
|
|
|
58
60
|
rule(:disallowed_data_values) do
|
|
59
61
|
value.each do |v|
|
|
60
|
-
unless valid_disallowed_data_value?(v)
|
|
61
|
-
key.failure("#{v} is not a valid format.")
|
|
62
|
-
end
|
|
62
|
+
key.failure("#{v} is not a valid format.") unless valid_disallowed_data_value?(v)
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
end
|
data/lib/mihari/version.rb
CHANGED
data/lib/mihari.rb
CHANGED
|
@@ -235,7 +235,6 @@ require "mihari/analyzers/passivetotal"
|
|
|
235
235
|
require "mihari/analyzers/pulsedive"
|
|
236
236
|
require "mihari/analyzers/securitytrails"
|
|
237
237
|
require "mihari/analyzers/shodan"
|
|
238
|
-
require "mihari/analyzers/spyse"
|
|
239
238
|
require "mihari/analyzers/urlscan"
|
|
240
239
|
require "mihari/analyzers/virustotal_intelligence"
|
|
241
240
|
require "mihari/analyzers/virustotal"
|
data/mihari.gemspec
CHANGED
|
@@ -45,7 +45,7 @@ Gem::Specification.new do |spec|
|
|
|
45
45
|
spec.add_development_dependency "vcr", "~> 6.1"
|
|
46
46
|
spec.add_development_dependency "webmock", "~> 3.18"
|
|
47
47
|
|
|
48
|
-
spec.add_dependency "activerecord", "7.0.
|
|
48
|
+
spec.add_dependency "activerecord", "7.0.4"
|
|
49
49
|
spec.add_dependency "addressable", "2.8.1"
|
|
50
50
|
spec.add_dependency "awrence", "2.0.1"
|
|
51
51
|
spec.add_dependency "binaryedge", "0.1.0"
|
|
@@ -55,10 +55,10 @@ Gem::Specification.new do |spec|
|
|
|
55
55
|
spec.add_dependency "dnstwister", "0.1.0"
|
|
56
56
|
spec.add_dependency "dotenv", "2.8.1"
|
|
57
57
|
spec.add_dependency "dry-configurable", "0.15.0"
|
|
58
|
-
spec.add_dependency "dry-container", "0.
|
|
59
|
-
spec.add_dependency "dry-files", "0.
|
|
58
|
+
spec.add_dependency "dry-container", "0.11.0"
|
|
59
|
+
spec.add_dependency "dry-files", "0.3.0"
|
|
60
60
|
spec.add_dependency "dry-initializer", "3.1.1"
|
|
61
|
-
spec.add_dependency "dry-schema", "1.10.
|
|
61
|
+
spec.add_dependency "dry-schema", "1.10.5"
|
|
62
62
|
spec.add_dependency "dry-struct", "1.4.0"
|
|
63
63
|
spec.add_dependency "dry-validation", "1.8.1"
|
|
64
64
|
spec.add_dependency "email_address", "0.2.4"
|
|
@@ -92,12 +92,12 @@ Gem::Specification.new do |spec|
|
|
|
92
92
|
spec.add_dependency "shodanx", "0.2.1"
|
|
93
93
|
spec.add_dependency "slack-notifier", "2.4.0"
|
|
94
94
|
spec.add_dependency "spysex", "0.2.0"
|
|
95
|
-
spec.add_dependency "sqlite3", "1.
|
|
95
|
+
spec.add_dependency "sqlite3", "1.5.0"
|
|
96
96
|
spec.add_dependency "thor", "1.2.1"
|
|
97
97
|
spec.add_dependency "urlscan", "0.8.0"
|
|
98
98
|
spec.add_dependency "uuidtools", "2.2.0"
|
|
99
99
|
spec.add_dependency "virustotalx", "1.2.0"
|
|
100
100
|
spec.add_dependency "whois", "5.1.0"
|
|
101
|
-
spec.add_dependency "whois-parser", "
|
|
101
|
+
spec.add_dependency "whois-parser", "2.0.0"
|
|
102
102
|
spec.add_dependency "zoomeye-rb", "0.2.0"
|
|
103
103
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -254,14 +254,14 @@ dependencies:
|
|
|
254
254
|
requirements:
|
|
255
255
|
- - '='
|
|
256
256
|
- !ruby/object:Gem::Version
|
|
257
|
-
version: 7.0.
|
|
257
|
+
version: 7.0.4
|
|
258
258
|
type: :runtime
|
|
259
259
|
prerelease: false
|
|
260
260
|
version_requirements: !ruby/object:Gem::Requirement
|
|
261
261
|
requirements:
|
|
262
262
|
- - '='
|
|
263
263
|
- !ruby/object:Gem::Version
|
|
264
|
-
version: 7.0.
|
|
264
|
+
version: 7.0.4
|
|
265
265
|
- !ruby/object:Gem::Dependency
|
|
266
266
|
name: addressable
|
|
267
267
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -394,28 +394,28 @@ dependencies:
|
|
|
394
394
|
requirements:
|
|
395
395
|
- - '='
|
|
396
396
|
- !ruby/object:Gem::Version
|
|
397
|
-
version: 0.
|
|
397
|
+
version: 0.11.0
|
|
398
398
|
type: :runtime
|
|
399
399
|
prerelease: false
|
|
400
400
|
version_requirements: !ruby/object:Gem::Requirement
|
|
401
401
|
requirements:
|
|
402
402
|
- - '='
|
|
403
403
|
- !ruby/object:Gem::Version
|
|
404
|
-
version: 0.
|
|
404
|
+
version: 0.11.0
|
|
405
405
|
- !ruby/object:Gem::Dependency
|
|
406
406
|
name: dry-files
|
|
407
407
|
requirement: !ruby/object:Gem::Requirement
|
|
408
408
|
requirements:
|
|
409
409
|
- - '='
|
|
410
410
|
- !ruby/object:Gem::Version
|
|
411
|
-
version: 0.
|
|
411
|
+
version: 0.3.0
|
|
412
412
|
type: :runtime
|
|
413
413
|
prerelease: false
|
|
414
414
|
version_requirements: !ruby/object:Gem::Requirement
|
|
415
415
|
requirements:
|
|
416
416
|
- - '='
|
|
417
417
|
- !ruby/object:Gem::Version
|
|
418
|
-
version: 0.
|
|
418
|
+
version: 0.3.0
|
|
419
419
|
- !ruby/object:Gem::Dependency
|
|
420
420
|
name: dry-initializer
|
|
421
421
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -436,14 +436,14 @@ dependencies:
|
|
|
436
436
|
requirements:
|
|
437
437
|
- - '='
|
|
438
438
|
- !ruby/object:Gem::Version
|
|
439
|
-
version: 1.10.
|
|
439
|
+
version: 1.10.5
|
|
440
440
|
type: :runtime
|
|
441
441
|
prerelease: false
|
|
442
442
|
version_requirements: !ruby/object:Gem::Requirement
|
|
443
443
|
requirements:
|
|
444
444
|
- - '='
|
|
445
445
|
- !ruby/object:Gem::Version
|
|
446
|
-
version: 1.10.
|
|
446
|
+
version: 1.10.5
|
|
447
447
|
- !ruby/object:Gem::Dependency
|
|
448
448
|
name: dry-struct
|
|
449
449
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -912,14 +912,14 @@ dependencies:
|
|
|
912
912
|
requirements:
|
|
913
913
|
- - '='
|
|
914
914
|
- !ruby/object:Gem::Version
|
|
915
|
-
version: 1.
|
|
915
|
+
version: 1.5.0
|
|
916
916
|
type: :runtime
|
|
917
917
|
prerelease: false
|
|
918
918
|
version_requirements: !ruby/object:Gem::Requirement
|
|
919
919
|
requirements:
|
|
920
920
|
- - '='
|
|
921
921
|
- !ruby/object:Gem::Version
|
|
922
|
-
version: 1.
|
|
922
|
+
version: 1.5.0
|
|
923
923
|
- !ruby/object:Gem::Dependency
|
|
924
924
|
name: thor
|
|
925
925
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -996,14 +996,14 @@ dependencies:
|
|
|
996
996
|
requirements:
|
|
997
997
|
- - '='
|
|
998
998
|
- !ruby/object:Gem::Version
|
|
999
|
-
version:
|
|
999
|
+
version: 2.0.0
|
|
1000
1000
|
type: :runtime
|
|
1001
1001
|
prerelease: false
|
|
1002
1002
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1003
1003
|
requirements:
|
|
1004
1004
|
- - '='
|
|
1005
1005
|
- !ruby/object:Gem::Version
|
|
1006
|
-
version:
|
|
1006
|
+
version: 2.0.0
|
|
1007
1007
|
- !ruby/object:Gem::Dependency
|
|
1008
1008
|
name: zoomeye-rb
|
|
1009
1009
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -1074,7 +1074,6 @@ files:
|
|
|
1074
1074
|
- lib/mihari/analyzers/rule.rb
|
|
1075
1075
|
- lib/mihari/analyzers/securitytrails.rb
|
|
1076
1076
|
- lib/mihari/analyzers/shodan.rb
|
|
1077
|
-
- lib/mihari/analyzers/spyse.rb
|
|
1078
1077
|
- lib/mihari/analyzers/urlscan.rb
|
|
1079
1078
|
- lib/mihari/analyzers/virustotal.rb
|
|
1080
1079
|
- lib/mihari/analyzers/virustotal_intelligence.rb
|
|
@@ -1,93 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spyse"
|
|
4
|
-
|
|
5
|
-
module Mihari
|
|
6
|
-
module Analyzers
|
|
7
|
-
class Spyse < Base
|
|
8
|
-
param :query
|
|
9
|
-
|
|
10
|
-
option :type, default: proc { "domain" }
|
|
11
|
-
|
|
12
|
-
# @return [String, nil]
|
|
13
|
-
attr_reader :api_key
|
|
14
|
-
|
|
15
|
-
def initialize(*args, **kwargs)
|
|
16
|
-
super(*args, **kwargs)
|
|
17
|
-
|
|
18
|
-
@api_key = kwargs[:api_key] || Mihari.config.spyse_api_key
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def artifacts
|
|
22
|
-
search || []
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
private
|
|
26
|
-
|
|
27
|
-
def search_params
|
|
28
|
-
@search_params ||= JSON.parse(query)
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def configuration_keys
|
|
32
|
-
%w[spyse_api_key]
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def api
|
|
36
|
-
@api ||= ::Spyse::API.new(api_key)
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
#
|
|
40
|
-
# Check whether a type is valid or not
|
|
41
|
-
#
|
|
42
|
-
# @return [Boolean]
|
|
43
|
-
#
|
|
44
|
-
def valid_type?
|
|
45
|
-
%w[ip domain cert].include? type
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
#
|
|
49
|
-
# Domain search
|
|
50
|
-
#
|
|
51
|
-
# @return [Array<Mihari::Artifact>]
|
|
52
|
-
#
|
|
53
|
-
def domain_search
|
|
54
|
-
res = api.domain.search(search_params, limit: 100)
|
|
55
|
-
items = res.dig("data", "items") || []
|
|
56
|
-
items.map do |item|
|
|
57
|
-
data = item["name"]
|
|
58
|
-
Artifact.new(data: data, source: source, metadata: item)
|
|
59
|
-
end
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
#
|
|
63
|
-
# IP search
|
|
64
|
-
#
|
|
65
|
-
# @return [Array<Mihari::Artifact>]
|
|
66
|
-
#
|
|
67
|
-
def ip_search
|
|
68
|
-
res = api.ip.search(search_params, limit: 100)
|
|
69
|
-
items = res.dig("data", "items") || []
|
|
70
|
-
items.map do |item|
|
|
71
|
-
data = item["ip"]
|
|
72
|
-
Artifact.new(data: data, source: source, metadata: item)
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
#
|
|
77
|
-
# IP/domain search
|
|
78
|
-
#
|
|
79
|
-
# @return [Array<Mihari::Artifact>]
|
|
80
|
-
#
|
|
81
|
-
def search
|
|
82
|
-
case type
|
|
83
|
-
when "domain"
|
|
84
|
-
domain_search
|
|
85
|
-
when "ip"
|
|
86
|
-
ip_search
|
|
87
|
-
else
|
|
88
|
-
raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
|
|
89
|
-
end
|
|
90
|
-
end
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
end
|