miteru 0.11.1 → 0.11.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6cab38702cb3aaddbaa604419e8bd152203ade037d5717fdcca6931ee107f6fb
-  data.tar.gz: c3b082bcb05ac1541d7f936b81ad1922531c28417e6c95590ab6e10903e12f80
+  metadata.gz: 7a839c5a380dbc9678c0c56cf9e3e5b08c3fe6bde787be8564a6e011c75e98e7
+  data.tar.gz: 9ceba3911baeaf65d77e9ecf4cb442a8082ae7529b6996ec26b03350d87ae853
 SHA512:
-  metadata.gz: 7cf3776a64efa453afa42fafbdedd12c182beb48a72cab8eaab3258f15fe5198df9b72249276cd5d3069a4f98324062abe081c56355be9a0bb5d4d889bcd7b3f
-  data.tar.gz: 6bdce0624ae732455d14a260cdc98ba369b0f1ed3e4cb322e8111f94cccba3a8fc26a2b9df4c44caf72ac211c0e0f5d1da0fba22bc5fd50a957f443b08ffc6ae
+  metadata.gz: 27239dd2ae663db07b0f21e5cf91eafd9afacaf98efa19303a56b1f2fa03d5b2a7ee25e13df356152eca8ae309508f81347db05aec0792e27377ff27915d29df
+  data.tar.gz: 64866a271d0db4832f4b40b3d8797905204d626808ce44c39c1130dd364cba389f17cceb4207e9eb5ebd10c0ca6a2cdd4129a7f969cd89252f262d44062c033a

data/README.md

@@ -9,12 +9,12 @@ Miteru is an experimental phishing kit detection tool.
 
 ## How it works
 
-- It collects phishing suspicious URLs from the following feeds:
+- It collects phishy URLs from the following feeds:
   - [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
   - [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
   - [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
   - [Ayashige feed](https://github.com/ninoseki/ayashige)
-- It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
+- It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
   - Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
 
 ## Features
@@ -83,7 +83,7 @@ $ docker run -v /tmp:/tmp miteru execute --auto-download
 
 [![asciicast](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP.svg)](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
 
-Note: Stoped the process during the execution because it takes minutes to finish.
+Note: In this demo, I stopped the process during the execution because it takes minutes to finish.
 
 ## Note
 
@@ -96,3 +96,4 @@ For using `--post-to-slack` feature, you should set the following environment va
 
 - [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
 - [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
+- [leunammejii/analyst_arsenal](https://github.com/leunammejii/analyst_arsenal): A tool belt for analysts to continue fighting the good fight.

data/lib/miteru/downloader.rb

@@ -2,6 +2,7 @@
 
 require "digest"
 require "fileutils"
+require "uri"
 
 module Miteru
   class Downloader
@@ -15,12 +16,12 @@ module Miteru
     def download_compressed_files(url, compressed_files)
       compressed_files.each do |path|
         target_url = "#{url}/#{path}"
-        filename = filename_to_save(target_url)
+        filename = download_filename(target_url)
         destination = filepath_to_download(filename)
         begin
           download_filepath = HTTPClient.download(target_url, destination)
           if duplicated?(download_filepath)
-            puts "Do not download #{target_url} because there is a same hash file in the directory (SHA256: #{sha256(download_filepath)})."
+            puts "Do not download #{target_url} because there is a file that has a same hash value in the directory (SHA256: #{sha256(download_filepath)})."
             FileUtils.rm download_filepath
           else
             puts "Download #{target_url} as #{download_filepath}"
@@ -33,10 +34,12 @@ module Miteru
 
     private
 
-    def filename_to_save(url)
+    def download_filename(url)
       filename = url.split("/").last
       extname = File.extname(filename)
-      "#{SecureRandom.alphanumeric}#{extname}"
+      domain = URI(url).hostname
+
+      "#{domain}_#{filename}_#{SecureRandom.alphanumeric(10)}#{extname}"
     end
 
     def filepath_to_download(filename)

data/lib/miteru/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Miteru
-  VERSION = "0.11.1"
+  VERSION = "0.11.2"
 end

data/miteru.gemspec

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "rspec", "~> 3.8"
   spec.add_development_dependency "vcr", "~> 4.0"
-  spec.add_development_dependency "webmock", "~> 3.4"
+  spec.add_development_dependency "webmock", "~> 3.5"
 
   spec.add_dependency "colorize", "~> 0.8"
   spec.add_dependency "down", "~> 4.7"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: miteru
 version: !ruby/object:Gem::Version
-  version: 0.11.1
+  version: 0.11.2
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-12-19 00:00:00.000000000 Z
+date: 2019-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.5'
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
@@ -243,8 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: An experimental phishing kit detector