miteru 0.10.2 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +12 -0
- data/docker/Dockerfile +7 -0
- data/lib/miteru/feeds.rb +9 -3
- data/lib/miteru/feeds/ayashige.rb +35 -0
- data/lib/miteru/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d868b4b59c518eafe81396a1b99749b4eae3902064b04a793bfebd430ff1f439
|
|
4
|
+
data.tar.gz: 168da4c83289e570e5c52d8d9177af13459d6598900c8396d7276c472c014a3d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c38d39f868a469b6ef62949f4905e8ae038c833ec1745446cf6ef06a3c206e2996d49b48b8b991ab2a63f7ec0a3c224e435d8cd36dc3232194e45eb0997abc7d
|
|
7
|
+
data.tar.gz: 0c019fc0ba2e3037522cb5fb0f262e830e169f9bef6d522812c66ec16cffa770c2b1c81b7cdd3543bb2bfb8f4b406f5d4470dc191429522fa8b61e1b7dadb081
|
data/README.md
CHANGED
|
@@ -13,6 +13,7 @@ Miteru is an experimental phishing kit detection tool.
|
|
|
13
13
|
- [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
|
|
14
14
|
- [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
|
|
15
15
|
- [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
|
|
16
|
+
- [Ayashige feed](https://github.com/ninoseki/ayashige)
|
|
16
17
|
- It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
|
17
18
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
|
18
19
|
|
|
@@ -67,6 +68,17 @@ https://dummy3.com: it doesn't contain a phishing kit.
|
|
|
67
68
|
https://dummy4.com: it might contain a phishing kit (dummy.zip).
|
|
68
69
|
```
|
|
69
70
|
|
|
71
|
+
## Using Docker (alternative if you don't install Ruby)
|
|
72
|
+
|
|
73
|
+
```sh
|
|
74
|
+
$ git clone https://github.com/ninoseki/miteru.git
|
|
75
|
+
$ cd miteru/docker
|
|
76
|
+
$ docker build -t miteru .
|
|
77
|
+
$ docker run miteru
|
|
78
|
+
# ex. auto-download detected phishing kit(s) into host machines's /tmp directory
|
|
79
|
+
$ docker run -v /tmp:/tmp miteru execute --auto-download
|
|
80
|
+
```
|
|
81
|
+
|
|
70
82
|
## Aasciinema cast
|
|
71
83
|
|
|
72
84
|
[](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
|
data/docker/Dockerfile
ADDED
data/lib/miteru/feeds.rb
CHANGED
|
@@ -1,21 +1,27 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative "./feeds/feed"
|
|
4
|
+
require_relative "./feeds/ayashige"
|
|
4
5
|
require_relative "./feeds/urlscan"
|
|
5
6
|
|
|
6
7
|
module Miteru
|
|
7
8
|
class Feeds
|
|
8
|
-
attr_reader :openphish, :phishtank, :urlscan
|
|
9
9
|
attr_reader :directory_traveling
|
|
10
10
|
|
|
11
11
|
def initialize(urlscan_size = 100, directory_traveling: false)
|
|
12
|
-
@
|
|
12
|
+
@feeds = [
|
|
13
|
+
Ayashige.new,
|
|
14
|
+
UrlScan.new(urlscan_size)
|
|
15
|
+
]
|
|
13
16
|
@directory_traveling = directory_traveling
|
|
14
17
|
end
|
|
15
18
|
|
|
16
19
|
def suspicious_urls
|
|
17
20
|
@suspicious_urls ||= [].tap do |arr|
|
|
18
|
-
urls =
|
|
21
|
+
urls = @feeds.map do |feed|
|
|
22
|
+
feed.urls.select { |url| url.start_with?("http://", "https://") }
|
|
23
|
+
end.flatten
|
|
24
|
+
|
|
19
25
|
urls.map { |url| breakdown(url) }.flatten.uniq.sort.each { |url| arr << url }
|
|
20
26
|
end
|
|
21
27
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "json"
|
|
4
|
+
require "uri"
|
|
5
|
+
|
|
6
|
+
module Miteru
|
|
7
|
+
class Feeds
|
|
8
|
+
class Ayashige < Feed
|
|
9
|
+
HOST = "ayashige.herokuapp.com"
|
|
10
|
+
URL = "https://#{HOST}/"
|
|
11
|
+
|
|
12
|
+
def urls
|
|
13
|
+
url = url_for("/feed")
|
|
14
|
+
res = JSON.parse(get(url))
|
|
15
|
+
|
|
16
|
+
domains = res.map { |item| item["domain"]}
|
|
17
|
+
domains.map do |domain|
|
|
18
|
+
[
|
|
19
|
+
"https://#{domain}",
|
|
20
|
+
"http://#{domain}"
|
|
21
|
+
]
|
|
22
|
+
end.flatten
|
|
23
|
+
rescue HTTPResponseError => e
|
|
24
|
+
puts "Failed to load ayashige feed (#{e})"
|
|
25
|
+
[]
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def url_for(path)
|
|
31
|
+
URI(URL + path)
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
data/lib/miteru/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miteru
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-12-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -209,6 +209,7 @@ files:
|
|
|
209
209
|
- Rakefile
|
|
210
210
|
- bin/console
|
|
211
211
|
- bin/setup
|
|
212
|
+
- docker/Dockerfile
|
|
212
213
|
- exe/miteru
|
|
213
214
|
- lib/miteru.rb
|
|
214
215
|
- lib/miteru/cli.rb
|
|
@@ -216,6 +217,7 @@ files:
|
|
|
216
217
|
- lib/miteru/downloader.rb
|
|
217
218
|
- lib/miteru/error.rb
|
|
218
219
|
- lib/miteru/feeds.rb
|
|
220
|
+
- lib/miteru/feeds/ayashige.rb
|
|
219
221
|
- lib/miteru/feeds/feed.rb
|
|
220
222
|
- lib/miteru/feeds/urlscan.rb
|
|
221
223
|
- lib/miteru/http_client.rb
|