miteru 0.10.2 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -0
- data/docker/Dockerfile +7 -0
- data/lib/miteru/feeds.rb +9 -3
- data/lib/miteru/feeds/ayashige.rb +35 -0
- data/lib/miteru/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d868b4b59c518eafe81396a1b99749b4eae3902064b04a793bfebd430ff1f439
|
|
4
|
+
data.tar.gz: 168da4c83289e570e5c52d8d9177af13459d6598900c8396d7276c472c014a3d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c38d39f868a469b6ef62949f4905e8ae038c833ec1745446cf6ef06a3c206e2996d49b48b8b991ab2a63f7ec0a3c224e435d8cd36dc3232194e45eb0997abc7d
|
|
7
|
+
data.tar.gz: 0c019fc0ba2e3037522cb5fb0f262e830e169f9bef6d522812c66ec16cffa770c2b1c81b7cdd3543bb2bfb8f4b406f5d4470dc191429522fa8b61e1b7dadb081
|
data/README.md
CHANGED
|
@@ -13,6 +13,7 @@ Miteru is an experimental phishing kit detection tool.
|
|
|
13
13
|
- [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
|
|
14
14
|
- [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
|
|
15
15
|
- [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
|
|
16
|
+
- [Ayashige feed](https://github.com/ninoseki/ayashige)
|
|
16
17
|
- It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
|
17
18
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
|
18
19
|
|
|
@@ -67,6 +68,17 @@ https://dummy3.com: it doesn't contain a phishing kit.
|
|
|
67
68
|
https://dummy4.com: it might contain a phishing kit (dummy.zip).
|
|
68
69
|
```
|
|
69
70
|
|
|
71
|
+
## Using Docker (alternative if you don't install Ruby)
|
|
72
|
+
|
|
73
|
+
```sh
|
|
74
|
+
$ git clone https://github.com/ninoseki/miteru.git
|
|
75
|
+
$ cd miteru/docker
|
|
76
|
+
$ docker build -t miteru .
|
|
77
|
+
$ docker run miteru
|
|
78
|
+
# ex. auto-download detected phishing kit(s) into host machines's /tmp directory
|
|
79
|
+
$ docker run -v /tmp:/tmp miteru execute --auto-download
|
|
80
|
+
```
|
|
81
|
+
|
|
70
82
|
## Aasciinema cast
|
|
71
83
|
|
|
72
84
|
[](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
|
data/docker/Dockerfile
ADDED
data/lib/miteru/feeds.rb
CHANGED
|
@@ -1,21 +1,27 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative "./feeds/feed"
|
|
4
|
+
require_relative "./feeds/ayashige"
|
|
4
5
|
require_relative "./feeds/urlscan"
|
|
5
6
|
|
|
6
7
|
module Miteru
|
|
7
8
|
class Feeds
|
|
8
|
-
attr_reader :openphish, :phishtank, :urlscan
|
|
9
9
|
attr_reader :directory_traveling
|
|
10
10
|
|
|
11
11
|
def initialize(urlscan_size = 100, directory_traveling: false)
|
|
12
|
-
@
|
|
12
|
+
@feeds = [
|
|
13
|
+
Ayashige.new,
|
|
14
|
+
UrlScan.new(urlscan_size)
|
|
15
|
+
]
|
|
13
16
|
@directory_traveling = directory_traveling
|
|
14
17
|
end
|
|
15
18
|
|
|
16
19
|
def suspicious_urls
|
|
17
20
|
@suspicious_urls ||= [].tap do |arr|
|
|
18
|
-
urls =
|
|
21
|
+
urls = @feeds.map do |feed|
|
|
22
|
+
feed.urls.select { |url| url.start_with?("http://", "https://") }
|
|
23
|
+
end.flatten
|
|
24
|
+
|
|
19
25
|
urls.map { |url| breakdown(url) }.flatten.uniq.sort.each { |url| arr << url }
|
|
20
26
|
end
|
|
21
27
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "json"
|
|
4
|
+
require "uri"
|
|
5
|
+
|
|
6
|
+
module Miteru
|
|
7
|
+
class Feeds
|
|
8
|
+
class Ayashige < Feed
|
|
9
|
+
HOST = "ayashige.herokuapp.com"
|
|
10
|
+
URL = "https://#{HOST}/"
|
|
11
|
+
|
|
12
|
+
def urls
|
|
13
|
+
url = url_for("/feed")
|
|
14
|
+
res = JSON.parse(get(url))
|
|
15
|
+
|
|
16
|
+
domains = res.map { |item| item["domain"]}
|
|
17
|
+
domains.map do |domain|
|
|
18
|
+
[
|
|
19
|
+
"https://#{domain}",
|
|
20
|
+
"http://#{domain}"
|
|
21
|
+
]
|
|
22
|
+
end.flatten
|
|
23
|
+
rescue HTTPResponseError => e
|
|
24
|
+
puts "Failed to load ayashige feed (#{e})"
|
|
25
|
+
[]
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def url_for(path)
|
|
31
|
+
URI(URL + path)
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
data/lib/miteru/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miteru
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-12-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -209,6 +209,7 @@ files:
|
|
|
209
209
|
- Rakefile
|
|
210
210
|
- bin/console
|
|
211
211
|
- bin/setup
|
|
212
|
+
- docker/Dockerfile
|
|
212
213
|
- exe/miteru
|
|
213
214
|
- lib/miteru.rb
|
|
214
215
|
- lib/miteru/cli.rb
|
|
@@ -216,6 +217,7 @@ files:
|
|
|
216
217
|
- lib/miteru/downloader.rb
|
|
217
218
|
- lib/miteru/error.rb
|
|
218
219
|
- lib/miteru/feeds.rb
|
|
220
|
+
- lib/miteru/feeds/ayashige.rb
|
|
219
221
|
- lib/miteru/feeds/feed.rb
|
|
220
222
|
- lib/miteru/feeds/urlscan.rb
|
|
221
223
|
- lib/miteru/http_client.rb
|