miteru 0.9.3 → 0.9.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89ed6dea77f4809ef7cacfd7543a35d96f8032807d6cc93fe5e6aa52e752d5d1
4
- data.tar.gz: 812d51bdbc1c245c87f7a3fcc7e70577536cc8eacd0cfc9d10b6be3b146b96d9
3
+ metadata.gz: e11aca7b7b5b2222d5733afd3b155420475635d3b4f09b02a70e3017fb9e68cf
4
+ data.tar.gz: 0e0d8b5b4acb5033f1e2639563e6dbd5ec2f6dfabb4421315f18ed45648076f8
5
5
  SHA512:
6
- metadata.gz: cb94419c132e650a1e57f3bccd134b91be5847ab9197ceb69c71a08b8bfec3667a5e63f504892ef4d08a74f049f4bc979de4ac7c145a2a30502ed92b91f73c78
7
- data.tar.gz: 60b012761f7eced3acf58a7acf4487b2d0466a9ebc2fa1b9fe9b23e3b315b3ed4d5bb798e1786788c904691656c989f7ddda962a52ca307abe4e762d7281ad65
6
+ metadata.gz: '08d110df3c96cc33c0e9fefefb95f1dff64c8482c423ec8a725497add862d648464c6a5a164371e0f664b38c83fcf0becc8d3ee53f7d233f9776e3ab1aea12a0'
7
+ data.tar.gz: 2e45e1ae4d80c032abeef6287d705f970847f8f6bc237f82ea7749492cf4fc7e07eba8e37daf1275d5656a04212deb5cba2e5de5ca75b2c4e5ad49bb72d2efba
data/README.md CHANGED
@@ -10,12 +10,18 @@ Miteru is an experimental phishing kit detection tool.
10
10
  ## How it works
11
11
 
12
12
  - It collects phishing suspicious URLs from the following feeds:
13
- - [urlscan.io](https://urlscan.io/search/#certstream-suspicious)
13
+ - [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
14
14
  - [OpenPhish community feed](https://openphish.com/feed.txt)
15
15
  - [PhishTank feed](http://data.phishtank.com/data/online-valid.csv)
16
- - It checks a suspicious URL whether it has a directory listing and contains a phishing kit (compressed file) or not.
16
+ - It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
17
17
  - Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
18
18
 
19
+ ## Features
20
+
21
+ - [x] Phishing kit detection & collection.
22
+ - [x] Slack integration. (Posting a message to Slack if the tool detects a phishing kit.)
23
+ - [x] Threading.
24
+
19
25
  ## Installation
20
26
 
21
27
  ```sh
@@ -61,9 +67,20 @@ https://dummy3.com: it doesn't contain a phishing kit.
61
67
  https://dummy4.com: it might contain a phishing kit (dummy.zip).
62
68
  ```
63
69
 
70
+ ## Aasciinema cast
71
+
72
+ [![asciicast](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP.svg)](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
73
+
74
+ Note: Stoped the process during the execution because it takes minutes to finish.
75
+
64
76
  ## Note
65
77
 
66
78
  For using `--post-to-slack` feature, you should set the following environment variables:
67
79
 
68
80
  - `SLACK_WEBHOOK_URL`: Your Slack Webhook URL.
69
81
  - `SLACK_CHANNEL`: Slack channel to post a message (default: "#general").
82
+
83
+ ## Alternatives
84
+
85
+ - [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
86
+ - [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
@@ -75,7 +75,5 @@ module Miteru
75
75
  def valid_slack_setting?
76
76
  ENV["SLACK_WEBHOOK_URL"] != nil
77
77
  end
78
-
79
-
80
78
  end
81
79
  end
@@ -17,6 +17,7 @@ module Miteru
17
17
  target_url = "#{url}/#{path}"
18
18
  begin
19
19
  download_file_path = HTTPClient.download(target_url, base_dir)
20
+ puts download_file_path
20
21
  if duplicated?(download_file_path, base_dir)
21
22
  puts "Do not download #{target_url} because there is a same hash file in the directory (SHA256: #{sha256(download_file_path)})."
22
23
  FileUtils.rm download_file_path
@@ -38,7 +39,7 @@ module Miteru
38
39
 
39
40
  def duplicated?(file_path, base_dir)
40
41
  base = sha256(file_path)
41
- sha256s = Dir.glob("#{base_dir}/*.zip").map { |path| sha256(path) }
42
+ sha256s = Dir.glob("#{base_dir}/*.{zip,rar,7z,tar,gz}").map { |path| sha256(path) }
42
43
  sha256s.select { |sha256| sha256 == base }.length > 1
43
44
  end
44
45
  end
@@ -15,7 +15,7 @@ module Miteru
15
15
  end
16
16
 
17
17
  def download(url, base_dir)
18
- destination = download_to(base_dir, save_filename)
18
+ destination = download_path(base_dir, filename_to_save(url))
19
19
  down = Down::Http.new(default_options) { |client| client.headers(default_headers) }
20
20
  down.download(url, destination: destination)
21
21
  destination
@@ -52,12 +52,14 @@ module Miteru
52
52
  { ssl_context: ssl_context }
53
53
  end
54
54
 
55
- def save_filename
56
- "#{SecureRandom.alphanumeric}.zip"
55
+ def filename_to_save(url)
56
+ filename = url.split("/").last
57
+ extname = File.extname(filename)
58
+ "#{SecureRandom.alphanumeric}.#{extname}"
57
59
  end
58
60
 
59
- def download_to(base_dir, save_filename)
60
- "#{base_dir}/#{save_filename}"
61
+ def download_path(base_dir, filename)
62
+ "#{base_dir}/#{filename}"
61
63
  end
62
64
  end
63
65
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Miteru
4
- VERSION = "0.9.3"
4
+ VERSION = "0.9.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miteru
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.3
4
+ version: 0.9.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-10-27 00:00:00.000000000 Z
11
+ date: 2018-11-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler