miteru 0.12.12 → 0.12.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/lib/miteru/crawler.rb +8 -4
- data/lib/miteru/downloader.rb +1 -8
- data/lib/miteru/feeds.rb +11 -3
- data/lib/miteru/http_client.rb +0 -1
- data/lib/miteru/kit.rb +35 -0
- data/lib/miteru/notifier.rb +3 -2
- data/lib/miteru/version.rb +1 -1
- data/lib/miteru/website.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: feb9c62c511e26e85a86755680ed77ddb34aca15c6d17d8c57dd2c60aa84becf
|
|
4
|
+
data.tar.gz: d9e86a727e12e171b65accb829b07602847986ba81ea6457400ad8527b862324
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8402163c1decbcee1c352a2ca9004f52b8c0262c5adc18d10866abe190151c8bf56d1e7ed03018f33539d1f108a1ccfc265d289dcaeb167606a10217ec112d6a
|
|
7
|
+
data.tar.gz: 6ecde10d8a4d1842995a2281e1b30663cb25c3fdd9edefa5c8f883c94f2da3b973372a84adfa70bd8537c126ab12b870b2bf6046f3021e329129428974fc96c0
|
data/README.md
CHANGED
|
@@ -2,7 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://badge.fury.io/rb/miteru)
|
|
4
4
|
[](https://travis-ci.com/ninoseki/miteru)
|
|
5
|
-
|
|
5
|
+
|
|
6
|
+
[](https://www.codefactor.io/repository/github/ninoseki/miteru)
|
|
6
7
|
[](https://coveralls.io/github/ninoseki/miteru?branch=master)
|
|
7
8
|
|
|
8
9
|
Miteru is an experimental phishing kit detection tool.
|
|
@@ -13,6 +14,7 @@ Miteru is an experimental phishing kit detection tool.
|
|
|
13
14
|
- [CertStream-Suspicious feed via urlscan.io](https://urlscan.io/search/#certstream-suspicious)
|
|
14
15
|
- [OpenPhish feed via urlscan.io](https://urlscan.io/search/#OpenPhish)
|
|
15
16
|
- [PhishTank feed via urlscan.io](https://urlscan.io/search/#PhishTank)
|
|
17
|
+
- [URLhaus feed via urlscan.io](https://urlscan.io/search/#URLHaus)
|
|
16
18
|
- [Ayashige feed](https://github.com/ninoseki/ayashige)
|
|
17
19
|
- It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
|
18
20
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
data/lib/miteru/crawler.rb
CHANGED
|
@@ -11,7 +11,6 @@ module Miteru
|
|
|
11
11
|
|
|
12
12
|
def initialize
|
|
13
13
|
@downloader = Downloader.new(Miteru.configuration.download_to)
|
|
14
|
-
|
|
15
14
|
@feeds = Feeds.new
|
|
16
15
|
@notifier = Notifier.new
|
|
17
16
|
end
|
|
@@ -25,7 +24,6 @@ module Miteru
|
|
|
25
24
|
end
|
|
26
25
|
|
|
27
26
|
def execute
|
|
28
|
-
threads = Miteru.configuration.threads
|
|
29
27
|
suspicious_urls = feeds.suspicious_urls
|
|
30
28
|
puts "Loaded #{suspicious_urls.length} URLs to crawl. (crawling in #{threads} threads)" if verbose?
|
|
31
29
|
|
|
@@ -34,8 +32,8 @@ module Miteru
|
|
|
34
32
|
end
|
|
35
33
|
end
|
|
36
34
|
|
|
37
|
-
def
|
|
38
|
-
|
|
35
|
+
def threads
|
|
36
|
+
@threads ||= Miteru.configuration.threads
|
|
39
37
|
end
|
|
40
38
|
|
|
41
39
|
def notify(website)
|
|
@@ -49,5 +47,11 @@ module Miteru
|
|
|
49
47
|
def verbose?
|
|
50
48
|
Miteru.configuration.verbose?
|
|
51
49
|
end
|
|
50
|
+
|
|
51
|
+
class << self
|
|
52
|
+
def execute
|
|
53
|
+
new.execute
|
|
54
|
+
end
|
|
55
|
+
end
|
|
52
56
|
end
|
|
53
57
|
end
|
data/lib/miteru/downloader.rb
CHANGED
|
@@ -22,8 +22,7 @@ module Miteru
|
|
|
22
22
|
private
|
|
23
23
|
|
|
24
24
|
def download_kit(kit)
|
|
25
|
-
|
|
26
|
-
destination = filepath_to_download(filename)
|
|
25
|
+
destination = kit.download_filepath
|
|
27
26
|
begin
|
|
28
27
|
downloaded_filepath = HTTPClient.download(kit.url, destination)
|
|
29
28
|
hash = sha256(downloaded_filepath)
|
|
@@ -38,12 +37,6 @@ module Miteru
|
|
|
38
37
|
end
|
|
39
38
|
end
|
|
40
39
|
|
|
41
|
-
def download_filename(kit)
|
|
42
|
-
domain = URI(kit.base_url).hostname
|
|
43
|
-
|
|
44
|
-
"#{domain}_#{kit.filename}_#{SecureRandom.alphanumeric(10)}#{kit.extname}"
|
|
45
|
-
end
|
|
46
|
-
|
|
47
40
|
def filepath_to_download(filename)
|
|
48
41
|
"#{base_dir}/#{filename}"
|
|
49
42
|
end
|
data/lib/miteru/feeds.rb
CHANGED
|
@@ -6,9 +6,13 @@ require_relative "./feeds/urlscan"
|
|
|
6
6
|
|
|
7
7
|
module Miteru
|
|
8
8
|
class Feeds
|
|
9
|
+
IGNORE_EXTENSIONS = %w(.htm .html .php .asp .aspx .exe .txt).freeze
|
|
10
|
+
|
|
9
11
|
def initialize
|
|
10
|
-
@feeds = [
|
|
11
|
-
|
|
12
|
+
@feeds = [
|
|
13
|
+
UrlScan.new(Miteru.configuration.size),
|
|
14
|
+
Miteru.configuration.ayashige? ? Ayashige.new : nil
|
|
15
|
+
].compact
|
|
12
16
|
end
|
|
13
17
|
|
|
14
18
|
def directory_traveling?
|
|
@@ -41,8 +45,12 @@ module Miteru
|
|
|
41
45
|
urls = (0...segments.length).map { |idx| "#{base}#{segments[0..idx].join('/')}" }
|
|
42
46
|
urls.reject do |breakdowned_url|
|
|
43
47
|
# Reject a url which ends with specific extension names
|
|
44
|
-
|
|
48
|
+
invalid_extension? breakdowned_url
|
|
45
49
|
end
|
|
46
50
|
end
|
|
51
|
+
|
|
52
|
+
def invalid_extension?(url)
|
|
53
|
+
IGNORE_EXTENSIONS.any? { |ext| url.end_with? ext }
|
|
54
|
+
end
|
|
47
55
|
end
|
|
48
56
|
end
|
data/lib/miteru/http_client.rb
CHANGED
data/lib/miteru/kit.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "cgi"
|
|
4
|
+
require "securerandom"
|
|
4
5
|
|
|
5
6
|
module Miteru
|
|
6
7
|
class Kit
|
|
@@ -34,5 +35,39 @@ module Miteru
|
|
|
34
35
|
def url
|
|
35
36
|
"#{base_url}/#{basename}"
|
|
36
37
|
end
|
|
38
|
+
|
|
39
|
+
def download_filepath
|
|
40
|
+
"#{base_dir}/#{download_filename}"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def filesize
|
|
44
|
+
return nil unless File.exist?(download_filepath)
|
|
45
|
+
|
|
46
|
+
File.size download_filepath
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def filename_with_size
|
|
50
|
+
return filename unless filesize
|
|
51
|
+
|
|
52
|
+
"#{filename}(#{filesize / 1024}KB)"
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
private
|
|
56
|
+
|
|
57
|
+
def id
|
|
58
|
+
@id ||= SecureRandom.hex(10)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def hostname
|
|
62
|
+
URI(base_url).hostname
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def download_filename
|
|
66
|
+
"#{hostname}_#{filename}_#{id}#{extname}"
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def base_dir
|
|
70
|
+
@base_dir ||= Miteru.configuration.download_to
|
|
71
|
+
end
|
|
37
72
|
end
|
|
38
73
|
end
|
data/lib/miteru/notifier.rb
CHANGED
|
@@ -7,13 +7,14 @@ module Miteru
|
|
|
7
7
|
class Notifier
|
|
8
8
|
def notify(url:, kits:, message:)
|
|
9
9
|
attachement = Attachement.new(url)
|
|
10
|
+
kits = kits.select(&:filesize)
|
|
10
11
|
|
|
11
|
-
if post_to_slack? &&
|
|
12
|
+
if post_to_slack? && kits.any?
|
|
12
13
|
notifier = Slack::Notifier.new(slack_webhook_url, channel: slack_channel)
|
|
13
14
|
notifier.post(text: message, attachments: attachement.to_a)
|
|
14
15
|
end
|
|
15
16
|
|
|
16
|
-
message = message.colorize(:light_red)
|
|
17
|
+
message = message.colorize(:light_red) if kits.any?
|
|
17
18
|
puts "#{url}: #{message}"
|
|
18
19
|
end
|
|
19
20
|
|
data/lib/miteru/version.rb
CHANGED
data/lib/miteru/website.rb
CHANGED
|
@@ -41,9 +41,9 @@ module Miteru
|
|
|
41
41
|
def message
|
|
42
42
|
return "It doesn't contain a phishing kit." unless kits?
|
|
43
43
|
|
|
44
|
-
|
|
44
|
+
filename_with_sizes = kits.map(&:filename_with_size).join(", ")
|
|
45
45
|
noun = kits.length == 1 ? "a phishing kit" : "phishing kits"
|
|
46
|
-
"It might contain #{noun}: #{
|
|
46
|
+
"It might contain #{noun}: #{filename_with_sizes}."
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miteru
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.12.
|
|
4
|
+
version: 0.12.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|