miteru 0.11.1 → 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6cab38702cb3aaddbaa604419e8bd152203ade037d5717fdcca6931ee107f6fb
4
- data.tar.gz: c3b082bcb05ac1541d7f936b81ad1922531c28417e6c95590ab6e10903e12f80
3
+ metadata.gz: 7a839c5a380dbc9678c0c56cf9e3e5b08c3fe6bde787be8564a6e011c75e98e7
4
+ data.tar.gz: 9ceba3911baeaf65d77e9ecf4cb442a8082ae7529b6996ec26b03350d87ae853
5
5
  SHA512:
6
- metadata.gz: 7cf3776a64efa453afa42fafbdedd12c182beb48a72cab8eaab3258f15fe5198df9b72249276cd5d3069a4f98324062abe081c56355be9a0bb5d4d889bcd7b3f
7
- data.tar.gz: 6bdce0624ae732455d14a260cdc98ba369b0f1ed3e4cb322e8111f94cccba3a8fc26a2b9df4c44caf72ac211c0e0f5d1da0fba22bc5fd50a957f443b08ffc6ae
6
+ metadata.gz: 27239dd2ae663db07b0f21e5cf91eafd9afacaf98efa19303a56b1f2fa03d5b2a7ee25e13df356152eca8ae309508f81347db05aec0792e27377ff27915d29df
7
+ data.tar.gz: 64866a271d0db4832f4b40b3d8797905204d626808ce44c39c1130dd364cba389f17cceb4207e9eb5ebd10c0ca6a2cdd4129a7f969cd89252f262d44062c033a
data/README.md CHANGED
@@ -9,12 +9,12 @@ Miteru is an experimental phishing kit detection tool.
9
9
 
10
10
  ## How it works
11
11
 
12
- - It collects phishing suspicious URLs from the following feeds:
12
+ - It collects phishy URLs from the following feeds:
13
13
  - [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
14
14
  - [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
15
15
  - [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
16
16
  - [Ayashige feed](https://github.com/ninoseki/ayashige)
17
- - It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
17
+ - It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
18
18
  - Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
19
19
 
20
20
  ## Features
@@ -83,7 +83,7 @@ $ docker run -v /tmp:/tmp miteru execute --auto-download
83
83
 
84
84
  [![asciicast](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP.svg)](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
85
85
 
86
- Note: Stoped the process during the execution because it takes minutes to finish.
86
+ Note: In this demo, I stopped the process during the execution because it takes minutes to finish.
87
87
 
88
88
  ## Note
89
89
 
@@ -96,3 +96,4 @@ For using `--post-to-slack` feature, you should set the following environment va
96
96
 
97
97
  - [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
98
98
  - [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
99
+ - [leunammejii/analyst_arsenal](https://github.com/leunammejii/analyst_arsenal): A tool belt for analysts to continue fighting the good fight.
@@ -2,6 +2,7 @@
2
2
 
3
3
  require "digest"
4
4
  require "fileutils"
5
+ require "uri"
5
6
 
6
7
  module Miteru
7
8
  class Downloader
@@ -15,12 +16,12 @@ module Miteru
15
16
  def download_compressed_files(url, compressed_files)
16
17
  compressed_files.each do |path|
17
18
  target_url = "#{url}/#{path}"
18
- filename = filename_to_save(target_url)
19
+ filename = download_filename(target_url)
19
20
  destination = filepath_to_download(filename)
20
21
  begin
21
22
  download_filepath = HTTPClient.download(target_url, destination)
22
23
  if duplicated?(download_filepath)
23
- puts "Do not download #{target_url} because there is a same hash file in the directory (SHA256: #{sha256(download_filepath)})."
24
+ puts "Do not download #{target_url} because there is a file that has a same hash value in the directory (SHA256: #{sha256(download_filepath)})."
24
25
  FileUtils.rm download_filepath
25
26
  else
26
27
  puts "Download #{target_url} as #{download_filepath}"
@@ -33,10 +34,12 @@ module Miteru
33
34
 
34
35
  private
35
36
 
36
- def filename_to_save(url)
37
+ def download_filename(url)
37
38
  filename = url.split("/").last
38
39
  extname = File.extname(filename)
39
- "#{SecureRandom.alphanumeric}#{extname}"
40
+ domain = URI(url).hostname
41
+
42
+ "#{domain}_#{filename}_#{SecureRandom.alphanumeric(10)}#{extname}"
40
43
  end
41
44
 
42
45
  def filepath_to_download(filename)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Miteru
4
- VERSION = "0.11.1"
4
+ VERSION = "0.11.2"
5
5
  end
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
30
30
  spec.add_development_dependency "rake", "~> 12.3"
31
31
  spec.add_development_dependency "rspec", "~> 3.8"
32
32
  spec.add_development_dependency "vcr", "~> 4.0"
33
- spec.add_development_dependency "webmock", "~> 3.4"
33
+ spec.add_development_dependency "webmock", "~> 3.5"
34
34
 
35
35
  spec.add_dependency "colorize", "~> 0.8"
36
36
  spec.add_dependency "down", "~> 4.7"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miteru
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.1
4
+ version: 0.11.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-19 00:00:00.000000000 Z
11
+ date: 2019-02-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '3.4'
103
+ version: '3.5'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '3.4'
110
+ version: '3.5'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: colorize
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -243,8 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
243
243
  - !ruby/object:Gem::Version
244
244
  version: '0'
245
245
  requirements: []
246
- rubyforge_project:
247
- rubygems_version: 2.7.6
246
+ rubygems_version: 3.0.2
248
247
  signing_key:
249
248
  specification_version: 4
250
249
  summary: An experimental phishing kit detector