miteru 0.11.1 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -3
- data/lib/miteru/downloader.rb +7 -4
- data/lib/miteru/version.rb +1 -1
- data/miteru.gemspec +1 -1
- metadata +5 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a839c5a380dbc9678c0c56cf9e3e5b08c3fe6bde787be8564a6e011c75e98e7
|
4
|
+
data.tar.gz: 9ceba3911baeaf65d77e9ecf4cb442a8082ae7529b6996ec26b03350d87ae853
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 27239dd2ae663db07b0f21e5cf91eafd9afacaf98efa19303a56b1f2fa03d5b2a7ee25e13df356152eca8ae309508f81347db05aec0792e27377ff27915d29df
|
7
|
+
data.tar.gz: 64866a271d0db4832f4b40b3d8797905204d626808ce44c39c1130dd364cba389f17cceb4207e9eb5ebd10c0ca6a2cdd4129a7f969cd89252f262d44062c033a
|
data/README.md
CHANGED
@@ -9,12 +9,12 @@ Miteru is an experimental phishing kit detection tool.
|
|
9
9
|
|
10
10
|
## How it works
|
11
11
|
|
12
|
-
- It collects
|
12
|
+
- It collects phishy URLs from the following feeds:
|
13
13
|
- [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
|
14
14
|
- [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
|
15
15
|
- [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
|
16
16
|
- [Ayashige feed](https://github.com/ninoseki/ayashige)
|
17
|
-
- It checks
|
17
|
+
- It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
18
18
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
19
19
|
|
20
20
|
## Features
|
@@ -83,7 +83,7 @@ $ docker run -v /tmp:/tmp miteru execute --auto-download
|
|
83
83
|
|
84
84
|
[](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
|
85
85
|
|
86
|
-
Note:
|
86
|
+
Note: In this demo, I stopped the process during the execution because it takes minutes to finish.
|
87
87
|
|
88
88
|
## Note
|
89
89
|
|
@@ -96,3 +96,4 @@ For using `--post-to-slack` feature, you should set the following environment va
|
|
96
96
|
|
97
97
|
- [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
|
98
98
|
- [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
|
99
|
+
- [leunammejii/analyst_arsenal](https://github.com/leunammejii/analyst_arsenal): A tool belt for analysts to continue fighting the good fight.
|
data/lib/miteru/downloader.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require "digest"
|
4
4
|
require "fileutils"
|
5
|
+
require "uri"
|
5
6
|
|
6
7
|
module Miteru
|
7
8
|
class Downloader
|
@@ -15,12 +16,12 @@ module Miteru
|
|
15
16
|
def download_compressed_files(url, compressed_files)
|
16
17
|
compressed_files.each do |path|
|
17
18
|
target_url = "#{url}/#{path}"
|
18
|
-
filename =
|
19
|
+
filename = download_filename(target_url)
|
19
20
|
destination = filepath_to_download(filename)
|
20
21
|
begin
|
21
22
|
download_filepath = HTTPClient.download(target_url, destination)
|
22
23
|
if duplicated?(download_filepath)
|
23
|
-
puts "Do not download #{target_url} because there is a same hash
|
24
|
+
puts "Do not download #{target_url} because there is a file that has a same hash value in the directory (SHA256: #{sha256(download_filepath)})."
|
24
25
|
FileUtils.rm download_filepath
|
25
26
|
else
|
26
27
|
puts "Download #{target_url} as #{download_filepath}"
|
@@ -33,10 +34,12 @@ module Miteru
|
|
33
34
|
|
34
35
|
private
|
35
36
|
|
36
|
-
def
|
37
|
+
def download_filename(url)
|
37
38
|
filename = url.split("/").last
|
38
39
|
extname = File.extname(filename)
|
39
|
-
|
40
|
+
domain = URI(url).hostname
|
41
|
+
|
42
|
+
"#{domain}_#{filename}_#{SecureRandom.alphanumeric(10)}#{extname}"
|
40
43
|
end
|
41
44
|
|
42
45
|
def filepath_to_download(filename)
|
data/lib/miteru/version.rb
CHANGED
data/miteru.gemspec
CHANGED
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
|
|
30
30
|
spec.add_development_dependency "rake", "~> 12.3"
|
31
31
|
spec.add_development_dependency "rspec", "~> 3.8"
|
32
32
|
spec.add_development_dependency "vcr", "~> 4.0"
|
33
|
-
spec.add_development_dependency "webmock", "~> 3.
|
33
|
+
spec.add_development_dependency "webmock", "~> 3.5"
|
34
34
|
|
35
35
|
spec.add_dependency "colorize", "~> 0.8"
|
36
36
|
spec.add_dependency "down", "~> 4.7"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: miteru
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.11.
|
4
|
+
version: 0.11.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Manabu Niseki
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-02-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '3.
|
103
|
+
version: '3.5'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: '3.
|
110
|
+
version: '3.5'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: colorize
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -243,8 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
243
243
|
- !ruby/object:Gem::Version
|
244
244
|
version: '0'
|
245
245
|
requirements: []
|
246
|
-
|
247
|
-
rubygems_version: 2.7.6
|
246
|
+
rubygems_version: 3.0.2
|
248
247
|
signing_key:
|
249
248
|
specification_version: 4
|
250
249
|
summary: An experimental phishing kit detector
|