miteru 0.7.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -1
- data/lib/miteru/crawler.rb +13 -4
- data/lib/miteru/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: efab1503dd6c96a4376d6baed09eadccde40d9a43440604e45c2926bdb301209
|
|
4
|
+
data.tar.gz: fda7418c3101bd3e691bd6cb0af7b3b2a6b3c0cd58da30d7a2171868251468c4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b10ef50e80806ca90386c4da6ae9057e044af58a1975d3c8b4c03942966b09e23386a64d233916610066ded7c7ec59700ddb4b149107cee71acb6a52459d139
|
|
7
|
+
data.tar.gz: a977b070175607fed8a2ec30a331278a6f0cd1f6438c1a3b4accffd2be18f8963f92afac01d0144f0567aabefab19c3ed4af4dd4f83c338a3af9bb22022ea542
|
data/README.md
CHANGED
|
@@ -9,7 +9,10 @@ Miteru is an experimental phishing kit detection tool.
|
|
|
9
9
|
|
|
10
10
|
## How it works
|
|
11
11
|
|
|
12
|
-
- It collects phishing suspicious URLs from
|
|
12
|
+
- It collects phishing suspicious URLs from the following feeds:
|
|
13
|
+
- [urlscan.io](https://urlscan.io/search/#certstream-suspicious)
|
|
14
|
+
- [OpenPhish community feed](https://openphish.com/feed.txt)
|
|
15
|
+
- [PhishTank feed](http://data.phishtank.com/data/online-valid.csv)
|
|
13
16
|
- It checks a suspicious URL whether it has a directory listing and contains a phishing kit (`*.zip` file) or not.
|
|
14
17
|
|
|
15
18
|
## Installation
|
data/lib/miteru/crawler.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "csv"
|
|
3
4
|
require "http"
|
|
4
5
|
require "json"
|
|
5
6
|
require "thread/pool"
|
|
@@ -14,6 +15,7 @@ module Miteru
|
|
|
14
15
|
|
|
15
16
|
URLSCAN_ENDPOINT = "https://urlscan.io/api/v1"
|
|
16
17
|
OPENPHISH_ENDPOINT = "https://openphish.com"
|
|
18
|
+
PHISHTANK_ENDPOINT = "http://data.phishtank.com"
|
|
17
19
|
|
|
18
20
|
def initialize(directory_traveling: false, size: 100, threads: 10, verbose: false)
|
|
19
21
|
@directory_traveling = directory_traveling
|
|
@@ -34,6 +36,12 @@ module Miteru
|
|
|
34
36
|
res.lines.map(&:chomp)
|
|
35
37
|
end
|
|
36
38
|
|
|
39
|
+
def phishtank_feed
|
|
40
|
+
res = get("#{PHISHTANK_ENDPOINT}/data/online-valid.csv")
|
|
41
|
+
table = CSV.parse(res, headers: true)
|
|
42
|
+
table.map { |row| row["url"] }
|
|
43
|
+
end
|
|
44
|
+
|
|
37
45
|
def breakdown(url)
|
|
38
46
|
begin
|
|
39
47
|
uri = URI.parse(url)
|
|
@@ -54,7 +62,7 @@ module Miteru
|
|
|
54
62
|
end
|
|
55
63
|
|
|
56
64
|
def suspicious_urls
|
|
57
|
-
urls = urlscan_feed + openphish_feed
|
|
65
|
+
urls = (urlscan_feed + openphish_feed + phishtank_feed)
|
|
58
66
|
urls.map { |url| breakdown(url) }.flatten.uniq.sort
|
|
59
67
|
end
|
|
60
68
|
|
|
@@ -65,11 +73,12 @@ module Miteru
|
|
|
65
73
|
suspicious_urls.each do |url|
|
|
66
74
|
pool.process do
|
|
67
75
|
website = Website.new(url)
|
|
68
|
-
|
|
76
|
+
if website.has_kit?
|
|
77
|
+
websites << website
|
|
78
|
+
else
|
|
69
79
|
puts "#{website.url}: it doesn't contain a phishing kit." if verbose
|
|
70
80
|
website.unbuild
|
|
71
81
|
end
|
|
72
|
-
websites << website
|
|
73
82
|
end
|
|
74
83
|
end
|
|
75
84
|
pool.shutdown
|
|
@@ -84,7 +93,7 @@ module Miteru
|
|
|
84
93
|
private
|
|
85
94
|
|
|
86
95
|
def get(url)
|
|
87
|
-
res = HTTP.get(url)
|
|
96
|
+
res = HTTP.follow(max_hops: 3).get(url)
|
|
88
97
|
raise HTTPResponseError if res.code != 200
|
|
89
98
|
|
|
90
99
|
res.body.to_s
|
data/lib/miteru/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miteru
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|