miteru 0.11.1 → 0.11.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -3
- data/lib/miteru/downloader.rb +7 -4
- data/lib/miteru/version.rb +1 -1
- data/miteru.gemspec +1 -1
- metadata +5 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a839c5a380dbc9678c0c56cf9e3e5b08c3fe6bde787be8564a6e011c75e98e7
|
4
|
+
data.tar.gz: 9ceba3911baeaf65d77e9ecf4cb442a8082ae7529b6996ec26b03350d87ae853
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 27239dd2ae663db07b0f21e5cf91eafd9afacaf98efa19303a56b1f2fa03d5b2a7ee25e13df356152eca8ae309508f81347db05aec0792e27377ff27915d29df
|
7
|
+
data.tar.gz: 64866a271d0db4832f4b40b3d8797905204d626808ce44c39c1130dd364cba389f17cceb4207e9eb5ebd10c0ca6a2cdd4129a7f969cd89252f262d44062c033a
|
data/README.md
CHANGED
@@ -9,12 +9,12 @@ Miteru is an experimental phishing kit detection tool.
|
|
9
9
|
|
10
10
|
## How it works
|
11
11
|
|
12
|
-
- It collects
|
12
|
+
- It collects phishy URLs from the following feeds:
|
13
13
|
- [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
|
14
14
|
- [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
|
15
15
|
- [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
|
16
16
|
- [Ayashige feed](https://github.com/ninoseki/ayashige)
|
17
|
-
- It checks
|
17
|
+
- It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
18
18
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
19
19
|
|
20
20
|
## Features
|
@@ -83,7 +83,7 @@ $ docker run -v /tmp:/tmp miteru execute --auto-download
|
|
83
83
|
|
84
84
|
[![asciicast](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP.svg)](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
|
85
85
|
|
86
|
-
Note:
|
86
|
+
Note: In this demo, I stopped the process during the execution because it takes minutes to finish.
|
87
87
|
|
88
88
|
## Note
|
89
89
|
|
@@ -96,3 +96,4 @@ For using `--post-to-slack` feature, you should set the following environment va
|
|
96
96
|
|
97
97
|
- [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
|
98
98
|
- [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
|
99
|
+
- [leunammejii/analyst_arsenal](https://github.com/leunammejii/analyst_arsenal): A tool belt for analysts to continue fighting the good fight.
|
data/lib/miteru/downloader.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require "digest"
|
4
4
|
require "fileutils"
|
5
|
+
require "uri"
|
5
6
|
|
6
7
|
module Miteru
|
7
8
|
class Downloader
|
@@ -15,12 +16,12 @@ module Miteru
|
|
15
16
|
def download_compressed_files(url, compressed_files)
|
16
17
|
compressed_files.each do |path|
|
17
18
|
target_url = "#{url}/#{path}"
|
18
|
-
filename =
|
19
|
+
filename = download_filename(target_url)
|
19
20
|
destination = filepath_to_download(filename)
|
20
21
|
begin
|
21
22
|
download_filepath = HTTPClient.download(target_url, destination)
|
22
23
|
if duplicated?(download_filepath)
|
23
|
-
puts "Do not download #{target_url} because there is a same hash
|
24
|
+
puts "Do not download #{target_url} because there is a file that has a same hash value in the directory (SHA256: #{sha256(download_filepath)})."
|
24
25
|
FileUtils.rm download_filepath
|
25
26
|
else
|
26
27
|
puts "Download #{target_url} as #{download_filepath}"
|
@@ -33,10 +34,12 @@ module Miteru
|
|
33
34
|
|
34
35
|
private
|
35
36
|
|
36
|
-
def
|
37
|
+
def download_filename(url)
|
37
38
|
filename = url.split("/").last
|
38
39
|
extname = File.extname(filename)
|
39
|
-
|
40
|
+
domain = URI(url).hostname
|
41
|
+
|
42
|
+
"#{domain}_#{filename}_#{SecureRandom.alphanumeric(10)}#{extname}"
|
40
43
|
end
|
41
44
|
|
42
45
|
def filepath_to_download(filename)
|
data/lib/miteru/version.rb
CHANGED
data/miteru.gemspec
CHANGED
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
|
|
30
30
|
spec.add_development_dependency "rake", "~> 12.3"
|
31
31
|
spec.add_development_dependency "rspec", "~> 3.8"
|
32
32
|
spec.add_development_dependency "vcr", "~> 4.0"
|
33
|
-
spec.add_development_dependency "webmock", "~> 3.
|
33
|
+
spec.add_development_dependency "webmock", "~> 3.5"
|
34
34
|
|
35
35
|
spec.add_dependency "colorize", "~> 0.8"
|
36
36
|
spec.add_dependency "down", "~> 4.7"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: miteru
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.11.
|
4
|
+
version: 0.11.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-02-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '3.
|
103
|
+
version: '3.5'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: '3.
|
110
|
+
version: '3.5'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: colorize
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -243,8 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
243
243
|
- !ruby/object:Gem::Version
|
244
244
|
version: '0'
|
245
245
|
requirements: []
|
246
|
-
|
247
|
-
rubygems_version: 2.7.6
|
246
|
+
rubygems_version: 3.0.2
|
248
247
|
signing_key:
|
249
248
|
specification_version: 4
|
250
249
|
summary: An experimental phishing kit detector
|