miteru 0.12.12 → 0.12.13

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5aad882823cf7ae42d80c805f109dcd05d4ec483c7a40354c19d1c2fd17d6466
4
- data.tar.gz: 96bdfc368fe931d1c90a77496ef02491f2697037324d9a38e9b8bbb626c9f8f7
3
+ metadata.gz: feb9c62c511e26e85a86755680ed77ddb34aca15c6d17d8c57dd2c60aa84becf
4
+ data.tar.gz: d9e86a727e12e171b65accb829b07602847986ba81ea6457400ad8527b862324
5
5
  SHA512:
6
- metadata.gz: 11097b5429402c9123404ee3aa02544867d44507dfaf87ca4a09179cc8caf02846f57b6fdc8e9e3c8a65ba90f95b57bdebc7b208c2503e9564c7d3a20439f22e
7
- data.tar.gz: eb9b0f9eb1d05af88e4c520eb1edf64807f3c57e9abb94f0ee0956f68951d87bd18213d11cbe9f83a1150333096556638f9a0352e050bf15fc913a1b77ac7548
6
+ metadata.gz: 8402163c1decbcee1c352a2ca9004f52b8c0262c5adc18d10866abe190151c8bf56d1e7ed03018f33539d1f108a1ccfc265d289dcaeb167606a10217ec112d6a
7
+ data.tar.gz: 6ecde10d8a4d1842995a2281e1b30663cb25c3fdd9edefa5c8f883c94f2da3b973372a84adfa70bd8537c126ab12b870b2bf6046f3021e329129428974fc96c0
data/README.md CHANGED
@@ -2,7 +2,8 @@
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/miteru.svg)](https://badge.fury.io/rb/miteru)
4
4
  [![Build Status](https://travis-ci.com/ninoseki/miteru.svg?branch=master)](https://travis-ci.com/ninoseki/miteru)
5
- [![Maintainability](https://api.codeclimate.com/v1/badges/d90e1b5bbdd9663a17d1/maintainability)](https://codeclimate.com/github/ninoseki/miteru/maintainability)
5
+ ![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/ninoseki/miteru)
6
+ [![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/miteru/badge)](https://www.codefactor.io/repository/github/ninoseki/miteru)
6
7
  [![Coverage Status](https://coveralls.io/repos/github/ninoseki/miteru/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/miteru?branch=master)
7
8
 
8
9
  Miteru is an experimental phishing kit detection tool.
@@ -13,6 +14,7 @@ Miteru is an experimental phishing kit detection tool.
13
14
  - [CertStream-Suspicious feed via urlscan.io](https://urlscan.io/search/#certstream-suspicious)
14
15
  - [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
15
16
  - [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
17
+ - [URLhaus feed via urlscan.io](https://urlscan.io/search/#URLHaus)
16
18
  - [Ayashige feed](https://github.com/ninoseki/ayashige)
17
19
  - It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
18
20
  - Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
@@ -11,7 +11,6 @@ module Miteru
11
11
 
12
12
  def initialize
13
13
  @downloader = Downloader.new(Miteru.configuration.download_to)
14
-
15
14
  @feeds = Feeds.new
16
15
  @notifier = Notifier.new
17
16
  end
@@ -25,7 +24,6 @@ module Miteru
25
24
  end
26
25
 
27
26
  def execute
28
- threads = Miteru.configuration.threads
29
27
  suspicious_urls = feeds.suspicious_urls
30
28
  puts "Loaded #{suspicious_urls.length} URLs to crawl. (crawling in #{threads} threads)" if verbose?
31
29
 
@@ -34,8 +32,8 @@ module Miteru
34
32
  end
35
33
  end
36
34
 
37
- def self.execute
38
- new.execute
35
+ def threads
36
+ @threads ||= Miteru.configuration.threads
39
37
  end
40
38
 
41
39
  def notify(website)
@@ -49,5 +47,11 @@ module Miteru
49
47
  def verbose?
50
48
  Miteru.configuration.verbose?
51
49
  end
50
+
51
+ class << self
52
+ def execute
53
+ new.execute
54
+ end
55
+ end
52
56
  end
53
57
  end
@@ -22,8 +22,7 @@ module Miteru
22
22
  private
23
23
 
24
24
  def download_kit(kit)
25
- filename = download_filename(kit)
26
- destination = filepath_to_download(filename)
25
+ destination = kit.download_filepath
27
26
  begin
28
27
  downloaded_filepath = HTTPClient.download(kit.url, destination)
29
28
  hash = sha256(downloaded_filepath)
@@ -38,12 +37,6 @@ module Miteru
38
37
  end
39
38
  end
40
39
 
41
- def download_filename(kit)
42
- domain = URI(kit.base_url).hostname
43
-
44
- "#{domain}_#{kit.filename}_#{SecureRandom.alphanumeric(10)}#{kit.extname}"
45
- end
46
-
47
40
  def filepath_to_download(filename)
48
41
  "#{base_dir}/#{filename}"
49
42
  end
@@ -6,9 +6,13 @@ require_relative "./feeds/urlscan"
6
6
 
7
7
  module Miteru
8
8
  class Feeds
9
+ IGNORE_EXTENSIONS = %w(.htm .html .php .asp .aspx .exe .txt).freeze
10
+
9
11
  def initialize
10
- @feeds = [UrlScan.new(Miteru.configuration.size)]
11
- @feeds << Ayashige.new if Miteru.configuration.ayashige?
12
+ @feeds = [
13
+ UrlScan.new(Miteru.configuration.size),
14
+ Miteru.configuration.ayashige? ? Ayashige.new : nil
15
+ ].compact
12
16
  end
13
17
 
14
18
  def directory_traveling?
@@ -41,8 +45,12 @@ module Miteru
41
45
  urls = (0...segments.length).map { |idx| "#{base}#{segments[0..idx].join('/')}" }
42
46
  urls.reject do |breakdowned_url|
43
47
  # Reject a url which ends with specific extension names
44
- %w(.htm .html .php .asp .aspx).any? { |ext| breakdowned_url.end_with? ext }
48
+ invalid_extension? breakdowned_url
45
49
  end
46
50
  end
51
+
52
+ def invalid_extension?(url)
53
+ IGNORE_EXTENSIONS.any? { |ext| url.end_with? ext }
54
+ end
47
55
  end
48
56
  end
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "down/http"
4
4
  require "http"
5
- require "securerandom"
6
5
  require "uri"
7
6
 
8
7
  module Miteru
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "cgi"
4
+ require "securerandom"
4
5
 
5
6
  module Miteru
6
7
  class Kit
@@ -34,5 +35,39 @@ module Miteru
34
35
  def url
35
36
  "#{base_url}/#{basename}"
36
37
  end
38
+
39
+ def download_filepath
40
+ "#{base_dir}/#{download_filename}"
41
+ end
42
+
43
+ def filesize
44
+ return nil unless File.exist?(download_filepath)
45
+
46
+ File.size download_filepath
47
+ end
48
+
49
+ def filename_with_size
50
+ return filename unless filesize
51
+
52
+ "#{filename}(#{filesize / 1024}KB)"
53
+ end
54
+
55
+ private
56
+
57
+ def id
58
+ @id ||= SecureRandom.hex(10)
59
+ end
60
+
61
+ def hostname
62
+ URI(base_url).hostname
63
+ end
64
+
65
+ def download_filename
66
+ "#{hostname}_#{filename}_#{id}#{extname}"
67
+ end
68
+
69
+ def base_dir
70
+ @base_dir ||= Miteru.configuration.download_to
71
+ end
37
72
  end
38
73
  end
@@ -7,13 +7,14 @@ module Miteru
7
7
  class Notifier
8
8
  def notify(url:, kits:, message:)
9
9
  attachement = Attachement.new(url)
10
+ kits = kits.select(&:filesize)
10
11
 
11
- if post_to_slack? && !kits.empty?
12
+ if post_to_slack? && kits.any?
12
13
  notifier = Slack::Notifier.new(slack_webhook_url, channel: slack_channel)
13
14
  notifier.post(text: message, attachments: attachement.to_a)
14
15
  end
15
16
 
16
- message = message.colorize(:light_red) unless kits.empty?
17
+ message = message.colorize(:light_red) if kits.any?
17
18
  puts "#{url}: #{message}"
18
19
  end
19
20
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Miteru
4
- VERSION = "0.12.12"
4
+ VERSION = "0.12.13"
5
5
  end
@@ -41,9 +41,9 @@ module Miteru
41
41
  def message
42
42
  return "It doesn't contain a phishing kit." unless kits?
43
43
 
44
- kit_names = kits.map(&:filename).join(", ")
44
+ filename_with_sizes = kits.map(&:filename_with_size).join(", ")
45
45
  noun = kits.length == 1 ? "a phishing kit" : "phishing kits"
46
- "It might contain #{noun}: #{kit_names}."
46
+ "It might contain #{noun}: #{filename_with_sizes}."
47
47
  end
48
48
 
49
49
  private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miteru
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.12
4
+ version: 0.12.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-11-26 00:00:00.000000000 Z
11
+ date: 2019-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler