miteru 0.13.0 → 0.14.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16f41a7076d910face109e154bbc1a90b3d5a5e1e964be7236b8c798939dee7b
-  data.tar.gz: d16c59e0e78897c96d78a2e51f84903449c53355eb2436b4e700ba7eb4a07887
+  metadata.gz: 89102143e9e405545e94b50da7b81b90c85ae9612c8c914d4b50b6d09ca2e023
+  data.tar.gz: 2d6e60e6301425b9ceb8ed7cf103caab144f2ddab4fdd3872ef3f332a6667e37
 SHA512:
-  metadata.gz: e83f7f493b2f1015ccfed05b8b1acde61fc093a3e75f29dcb6a1be8f20203f10ccbddbfd4f770277821821bf0ec31eab4e1bcf5587d77c435510a3b583302fc9
-  data.tar.gz: c9b68154de357f2563fc80ca0059e476e1c919cffa6b67ff4d1a2658d317b6ce7277c168717a26be2b020716da94c0b751dc1e9a6ebac085dc3e2729847c7b0e
+  metadata.gz: 3df145d910400efc069d07c718943560a064b5d9fff849fb695795bf49b1d30681e6c31946172f2cd0e7508ca46ded7ff93d2935e48fc6dc970e1817d6e6348c
+  data.tar.gz: 70057c7c2451f4631bfda279431e40dfc86bc4931caa555141e607d0a2d73e5308bd0458ddc9046b1e0ccbe0329829ab8568202e8671c68146e5b6b4b6688705

data/.travis.yml

@@ -3,4 +3,5 @@ language: ruby
 cache: bundler
 rvm:
   - 2.6
+  - 2.7
 before_install: gem install bundler -v 2.1

data/README.md

@@ -17,6 +17,8 @@ Miteru is an experimental phishing kit detection tool.
   - [URLhaus feed via urlscan.io](https://urlscan.io/search/#URLHaus)
   - urlscan.io phish feed (available for Pro users)
   - [Ayashige feed](https://github.com/ninoseki/ayashige)
+  - [Phishing Database feed](https://github.com/mitchellkrogza/Phishing.Database)
+  - [PhishStats feed](https://phishstats.info/)
 - It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
   - Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
 

data/lib/miteru/configuration.rb

@@ -28,6 +28,8 @@ module Miteru
     # @return [Boolean]
     attr_accessor :verbose
 
+    attr_reader :valid_extensions
+
     def initialize
       @auto_download = false
       @ayashige = false
@@ -37,6 +39,8 @@ module Miteru
       @size = 100
       @threads = Parallel.processor_count
       @verbose = false
+
+      @valid_extensions = [".zip", ".rar", ".7z", ".tar", ".gz"].freeze
     end
 
     def auto_download?

data/lib/miteru/feeds.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require_relative "./feeds/feed"
+require_relative "./feeds/phishing_database"
+require_relative "./feeds/phishstats"
 require_relative "./feeds/ayashige"
 require_relative "./feeds/urlscan"
 require_relative "./feeds/urlscan_pro"
@@ -11,6 +13,8 @@ module Miteru
 
     def initialize
       @feeds = [
+        PhishingDatabase.new,
+        PhishStats.new,
         UrlScan.new(Miteru.configuration.size),
         UrlScanPro.new,
         Miteru.configuration.ayashige? ? Ayashige.new : nil
@@ -45,6 +49,7 @@ module Miteru
       return [base] if segments.length.zero?
 
       urls = (0...segments.length).map { |idx| "#{base}#{segments[0..idx].join('/')}" }
+
       urls.reject do |breakdowned_url|
         # Reject a url which ends with specific extension names
         invalid_extension? breakdowned_url

data/lib/miteru/feeds/phishing_database.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "json"
+require "uri"
+
+module Miteru
+  class Feeds
+    class PhishingDatabase < Feed
+      URL = "https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-links-NEW-today.txt"
+
+      def urls
+        body = get(URL)
+        body.to_s.lines.map(&:chomp)
+      rescue HTTPResponseError, HTTP::Error, JSON::ParserError => e
+        puts "Failed to load phishing database feed (#{e})"
+        []
+      end
+    end
+  end
+end

data/lib/miteru/feeds/phishstats.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require "json"
+require "uri"
+
+module Miteru
+  class Feeds
+    class PhishStats < Feed
+      URL = "https://phishstats.info:2096/api/phishing?_sort=-id&size=100"
+
+      def urls
+        json = JSON.parse(get(URL))
+        json.map do |entry|
+          entry.dig("url")
+        end
+      rescue HTTPResponseError, HTTP::Error, JSON::ParserError => e
+        puts "Failed to load PhishStats feed (#{e})"
+        []
+      end
+
+      private
+
+      def url_for(path)
+        URI(URL + path)
+      end
+    end
+  end
+end

data/lib/miteru/http_client.rb

@@ -18,11 +18,20 @@ module Miteru
     end
 
     def download(url, destination)
-      down = Down::Http.new(default_options) { |client| client.headers(default_headers) }
+      down = Down::Http.new(**default_options) { |client| client.headers(**default_headers) }
       down.download(url, destination: destination)
       destination
     end
 
+    def head(url, options = {})
+      options = options.merge default_options
+
+      HTTP.follow
+          .timeout(3)
+          .headers(urlscan_url?(url) ? urlscan_headers : default_headers)
+          .head(url, options)
+    end
+
     def get(url, options = {})
       options = options.merge default_options
 
@@ -48,6 +57,10 @@ module Miteru
       def post(url, options = {})
         new.post url, options
       end
+
+      def head(url, options = {})
+        new.head url, options
+      end
     end
 
     private

data/lib/miteru/kit.rb

@@ -5,37 +5,32 @@ require "securerandom"
 
 module Miteru
   class Kit
-    VALID_EXTENSIONS = [".zip", ".rar", ".7z", ".tar", ".gz"].freeze
+    VALID_EXTENSIONS = Miteru.configuration.valid_extensions
 
-    attr_reader :base_url, :link
+    attr_reader :url
 
-    def initialize(base_url:, link:)
-      @base_url = base_url
-      @link = link.start_with?("/") ? link[1..-1] : link
+    def initialize(url)
+      @url = url
     end
 
-    def valid?
-      VALID_EXTENSIONS.include? extname
+    def valid?;
+      valid_ext? && reachable_and_archive_file?
     end
 
     def extname
-      return ".tar.gz" if link.end_with?("tar.gz")
+      return ".tar.gz" if url.end_with?("tar.gz")
 
-      File.extname(link)
+      File.extname(url)
     end
 
     def basename
-      File.basename(link)
+      File.basename(url)
     end
 
     def filename
       CGI.unescape basename
     end
 
-    def url
-      "#{base_url}/#{basename}"
-    end
-
     def download_filepath
       "#{base_dir}/#{download_filename}"
     end
@@ -59,7 +54,7 @@ module Miteru
     end
 
     def hostname
-      URI(base_url).hostname
+      URI(url).hostname
     end
 
     def download_filename
@@ -69,5 +64,24 @@ module Miteru
     def base_dir
       @base_dir ||= Miteru.configuration.download_to
     end
+
+    def valid_ext?
+      VALID_EXTENSIONS.include? extname
+    end
+
+    def reachable?(response)
+      response.status.success?
+    end
+
+    def archive_file?(response)
+      !response.content_type.mime_type.to_s.start_with? "text/"
+    end
+
+    def reachable_and_archive_file?
+      res = HTTPClient.head(url)
+      reachable?(res) && archive_file?(res)
+    rescue StandardError
+      false
+    end
   end
 end

data/lib/miteru/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Miteru
-  VERSION = "0.13.0"
+  VERSION = "0.14.4"
 end

data/lib/miteru/website.rb

@@ -4,7 +4,10 @@ require "oga"
 
 module Miteru
   class Website
+    VALID_EXTENSIONS = Miteru.configuration.valid_extensions
+
     attr_reader :url
+
     def initialize(url)
       @url = url
     end
@@ -15,7 +18,7 @@ module Miteru
 
     def kits
       @kits ||= links.map do |link|
-        kit = Kit.new(base_url: url, link: link.to_s)
+        kit = Kit.new(link)
         kit.valid? ? kit : nil
       end.compact
     end
@@ -33,7 +36,7 @@ module Miteru
     end
 
     def has_kits?
-      ok? && index? && kits?
+      kits?
     rescue Addressable::URI::InvalidURIError, ArgumentError, Encoding::CompatibilityError, HTTP::Error, LL::ParserError, OpenSSL::SSL::SSLError => _e
       false
     end
@@ -46,6 +49,10 @@ module Miteru
       "It might contain #{noun}: #{filename_with_sizes}."
     end
 
+    def links
+      (href_links + possible_file_links).compact.uniq
+    end
+
     private
 
     def response
@@ -66,12 +73,31 @@ module Miteru
       nil
     end
 
-    def links
-      if doc
-        doc.css("a").map { |a| a.get("href") }.compact
+    def href_links
+      if doc && ok? && index?
+        doc.css("a").map { |a| a.get("href") }.compact.map do |href|
+          href = href.start_with?("/") ? href : "/#{href}"
+          url + href
+        end
       else
         []
       end
+    rescue Addressable::URI::InvalidURIError, ArgumentError, Encoding::CompatibilityError, HTTP::Error, LL::ParserError, OpenSSL::SSL::SSLError => _e
+      []
+    end
+
+    def possible_file_links
+      uri = URI.parse(url)
+
+      segments = uri.path.split("/")
+      return [] if segments.length.zero?
+
+      last = segments.last
+      VALID_EXTENSIONS.map do |ext|
+        new_segments = segments[0..-2] + ["#{last}#{ext}"]
+        uri.path = new_segments.join("/")
+        uri.to_s
+      end
     end
   end
 end

data/miteru.gemspec

@@ -24,18 +24,18 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "bundler", "~> 2.1"
   spec.add_development_dependency "coveralls", "~> 0.8"
   spec.add_development_dependency "glint", "~> 0.1"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.9"
-  spec.add_development_dependency "vcr", "~> 5.0"
-  spec.add_development_dependency "webmock", "~> 3.7"
+  spec.add_development_dependency "vcr", "~> 6.0"
+  spec.add_development_dependency "webmock", "~> 3.8"
 
   spec.add_dependency "colorize", "~> 0.8"
-  spec.add_dependency "down", "~> 5.0"
-  spec.add_dependency "http", "~> 4.2"
-  spec.add_dependency "oga", "~> 3.0"
+  spec.add_dependency "down", "~> 5.1"
+  spec.add_dependency "http", "~> 4.4"
+  spec.add_dependency "oga", "~> 3.2"
   spec.add_dependency "parallel", "~> 1.19"
   spec.add_dependency "slack-notifier", "~> 2.3"
   spec.add_dependency "thor", "~> 1.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: miteru
 version: !ruby/object:Gem::Version
-  version: 0.13.0
+  version: 0.14.4
 platform: ruby
 authors:
 - Manabu Niseki
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-12-17 00:00:00.000000000 Z
+date: 2020-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -86,28 +86,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.8'
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
@@ -128,42 +128,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.1'
 - !ruby/object:Gem::Dependency
   name: http
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '4.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '4.4'
 - !ruby/object:Gem::Dependency
   name: oga
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.2'
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -249,6 +249,8 @@ files:
 - lib/miteru/feeds.rb
 - lib/miteru/feeds/ayashige.rb
 - lib/miteru/feeds/feed.rb
+- lib/miteru/feeds/phishing_database.rb
+- lib/miteru/feeds/phishstats.rb
 - lib/miteru/feeds/urlscan.rb
 - lib/miteru/feeds/urlscan_pro.rb
 - lib/miteru/http_client.rb
@@ -262,7 +264,7 @@ homepage: https://github.com/ninoseki/miteru
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -277,8 +279,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: An experimental phishing kit detector
 test_files: []