miteru 0.11.1 → 0.11.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6cab38702cb3aaddbaa604419e8bd152203ade037d5717fdcca6931ee107f6fb
4
- data.tar.gz: c3b082bcb05ac1541d7f936b81ad1922531c28417e6c95590ab6e10903e12f80
3
+ metadata.gz: 7a839c5a380dbc9678c0c56cf9e3e5b08c3fe6bde787be8564a6e011c75e98e7
4
+ data.tar.gz: 9ceba3911baeaf65d77e9ecf4cb442a8082ae7529b6996ec26b03350d87ae853
5
5
  SHA512:
6
- metadata.gz: 7cf3776a64efa453afa42fafbdedd12c182beb48a72cab8eaab3258f15fe5198df9b72249276cd5d3069a4f98324062abe081c56355be9a0bb5d4d889bcd7b3f
7
- data.tar.gz: 6bdce0624ae732455d14a260cdc98ba369b0f1ed3e4cb322e8111f94cccba3a8fc26a2b9df4c44caf72ac211c0e0f5d1da0fba22bc5fd50a957f443b08ffc6ae
6
+ metadata.gz: 27239dd2ae663db07b0f21e5cf91eafd9afacaf98efa19303a56b1f2fa03d5b2a7ee25e13df356152eca8ae309508f81347db05aec0792e27377ff27915d29df
7
+ data.tar.gz: 64866a271d0db4832f4b40b3d8797905204d626808ce44c39c1130dd364cba389f17cceb4207e9eb5ebd10c0ca6a2cdd4129a7f969cd89252f262d44062c033a
data/README.md CHANGED
@@ -9,12 +9,12 @@ Miteru is an experimental phishing kit detection tool.
9
9
 
10
10
  ## How it works
11
11
 
12
- - It collects phishing suspicious URLs from the following feeds:
12
+ - It collects phishy URLs from the following feeds:
13
13
  - [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
14
14
  - [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
15
15
  - [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
16
16
  - [Ayashige feed](https://github.com/ninoseki/ayashige)
17
- - It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
17
+ - It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
18
18
  - Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
19
19
 
20
20
  ## Features
@@ -83,7 +83,7 @@ $ docker run -v /tmp:/tmp miteru execute --auto-download
83
83
 
84
84
  [![asciicast](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP.svg)](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
85
85
 
86
- Note: Stoped the process during the execution because it takes minutes to finish.
86
+ Note: In this demo, I stopped the process during the execution because it takes minutes to finish.
87
87
 
88
88
  ## Note
89
89
 
@@ -96,3 +96,4 @@ For using `--post-to-slack` feature, you should set the following environment va
96
96
 
97
97
  - [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
98
98
  - [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
99
+ - [leunammejii/analyst_arsenal](https://github.com/leunammejii/analyst_arsenal): A tool belt for analysts to continue fighting the good fight.
@@ -2,6 +2,7 @@
2
2
 
3
3
  require "digest"
4
4
  require "fileutils"
5
+ require "uri"
5
6
 
6
7
  module Miteru
7
8
  class Downloader
@@ -15,12 +16,12 @@ module Miteru
15
16
  def download_compressed_files(url, compressed_files)
16
17
  compressed_files.each do |path|
17
18
  target_url = "#{url}/#{path}"
18
- filename = filename_to_save(target_url)
19
+ filename = download_filename(target_url)
19
20
  destination = filepath_to_download(filename)
20
21
  begin
21
22
  download_filepath = HTTPClient.download(target_url, destination)
22
23
  if duplicated?(download_filepath)
23
- puts "Do not download #{target_url} because there is a same hash file in the directory (SHA256: #{sha256(download_filepath)})."
24
+ puts "Do not download #{target_url} because there is a file that has a same hash value in the directory (SHA256: #{sha256(download_filepath)})."
24
25
  FileUtils.rm download_filepath
25
26
  else
26
27
  puts "Download #{target_url} as #{download_filepath}"
@@ -33,10 +34,12 @@ module Miteru
33
34
 
34
35
  private
35
36
 
36
- def filename_to_save(url)
37
+ def download_filename(url)
37
38
  filename = url.split("/").last
38
39
  extname = File.extname(filename)
39
- "#{SecureRandom.alphanumeric}#{extname}"
40
+ domain = URI(url).hostname
41
+
42
+ "#{domain}_#{filename}_#{SecureRandom.alphanumeric(10)}#{extname}"
40
43
  end
41
44
 
42
45
  def filepath_to_download(filename)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Miteru
4
- VERSION = "0.11.1"
4
+ VERSION = "0.11.2"
5
5
  end
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
30
30
  spec.add_development_dependency "rake", "~> 12.3"
31
31
  spec.add_development_dependency "rspec", "~> 3.8"
32
32
  spec.add_development_dependency "vcr", "~> 4.0"
33
- spec.add_development_dependency "webmock", "~> 3.4"
33
+ spec.add_development_dependency "webmock", "~> 3.5"
34
34
 
35
35
  spec.add_dependency "colorize", "~> 0.8"
36
36
  spec.add_dependency "down", "~> 4.7"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miteru
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.1
4
+ version: 0.11.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-19 00:00:00.000000000 Z
11
+ date: 2019-02-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '3.4'
103
+ version: '3.5'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '3.4'
110
+ version: '3.5'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: colorize
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -243,8 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
243
243
  - !ruby/object:Gem::Version
244
244
  version: '0'
245
245
  requirements: []
246
- rubyforge_project:
247
- rubygems_version: 2.7.6
246
+ rubygems_version: 3.0.2
248
247
  signing_key:
249
248
  specification_version: 4
250
249
  summary: An experimental phishing kit detector