miteru 0.9.3 → 0.9.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +19 -2
- data/lib/miteru/crawler.rb +0 -2
- data/lib/miteru/downloader.rb +2 -1
- data/lib/miteru/http_client.rb +7 -5
- data/lib/miteru/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e11aca7b7b5b2222d5733afd3b155420475635d3b4f09b02a70e3017fb9e68cf
|
|
4
|
+
data.tar.gz: 0e0d8b5b4acb5033f1e2639563e6dbd5ec2f6dfabb4421315f18ed45648076f8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '08d110df3c96cc33c0e9fefefb95f1dff64c8482c423ec8a725497add862d648464c6a5a164371e0f664b38c83fcf0becc8d3ee53f7d233f9776e3ab1aea12a0'
|
|
7
|
+
data.tar.gz: 2e45e1ae4d80c032abeef6287d705f970847f8f6bc237f82ea7749492cf4fc7e07eba8e37daf1275d5656a04212deb5cba2e5de5ca75b2c4e5ad49bb72d2efba
|
data/README.md
CHANGED
|
@@ -10,12 +10,18 @@ Miteru is an experimental phishing kit detection tool.
|
|
|
10
10
|
## How it works
|
|
11
11
|
|
|
12
12
|
- It collects phishing suspicious URLs from the following feeds:
|
|
13
|
-
- [urlscan.io](https://urlscan.io/search/#certstream-suspicious)
|
|
13
|
+
- [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
|
|
14
14
|
- [OpenPhish community feed](https://openphish.com/feed.txt)
|
|
15
15
|
- [PhishTank feed](http://data.phishtank.com/data/online-valid.csv)
|
|
16
|
-
- It checks a suspicious URL whether it
|
|
16
|
+
- It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
|
17
17
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
|
18
18
|
|
|
19
|
+
## Features
|
|
20
|
+
|
|
21
|
+
- [x] Phishing kit detection & collection.
|
|
22
|
+
- [x] Slack integration. (Posting a message to Slack if the tool detects a phishing kit.)
|
|
23
|
+
- [x] Threading.
|
|
24
|
+
|
|
19
25
|
## Installation
|
|
20
26
|
|
|
21
27
|
```sh
|
|
@@ -61,9 +67,20 @@ https://dummy3.com: it doesn't contain a phishing kit.
|
|
|
61
67
|
https://dummy4.com: it might contain a phishing kit (dummy.zip).
|
|
62
68
|
```
|
|
63
69
|
|
|
70
|
+
## Aasciinema cast
|
|
71
|
+
|
|
72
|
+
[](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
|
|
73
|
+
|
|
74
|
+
Note: Stoped the process during the execution because it takes minutes to finish.
|
|
75
|
+
|
|
64
76
|
## Note
|
|
65
77
|
|
|
66
78
|
For using `--post-to-slack` feature, you should set the following environment variables:
|
|
67
79
|
|
|
68
80
|
- `SLACK_WEBHOOK_URL`: Your Slack Webhook URL.
|
|
69
81
|
- `SLACK_CHANNEL`: Slack channel to post a message (default: "#general").
|
|
82
|
+
|
|
83
|
+
## Alternatives
|
|
84
|
+
|
|
85
|
+
- [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
|
|
86
|
+
- [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
|
data/lib/miteru/crawler.rb
CHANGED
data/lib/miteru/downloader.rb
CHANGED
|
@@ -17,6 +17,7 @@ module Miteru
|
|
|
17
17
|
target_url = "#{url}/#{path}"
|
|
18
18
|
begin
|
|
19
19
|
download_file_path = HTTPClient.download(target_url, base_dir)
|
|
20
|
+
puts download_file_path
|
|
20
21
|
if duplicated?(download_file_path, base_dir)
|
|
21
22
|
puts "Do not download #{target_url} because there is a same hash file in the directory (SHA256: #{sha256(download_file_path)})."
|
|
22
23
|
FileUtils.rm download_file_path
|
|
@@ -38,7 +39,7 @@ module Miteru
|
|
|
38
39
|
|
|
39
40
|
def duplicated?(file_path, base_dir)
|
|
40
41
|
base = sha256(file_path)
|
|
41
|
-
sha256s = Dir.glob("#{base_dir}/*.zip").map { |path| sha256(path) }
|
|
42
|
+
sha256s = Dir.glob("#{base_dir}/*.{zip,rar,7z,tar,gz}").map { |path| sha256(path) }
|
|
42
43
|
sha256s.select { |sha256| sha256 == base }.length > 1
|
|
43
44
|
end
|
|
44
45
|
end
|
data/lib/miteru/http_client.rb
CHANGED
|
@@ -15,7 +15,7 @@ module Miteru
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def download(url, base_dir)
|
|
18
|
-
destination =
|
|
18
|
+
destination = download_path(base_dir, filename_to_save(url))
|
|
19
19
|
down = Down::Http.new(default_options) { |client| client.headers(default_headers) }
|
|
20
20
|
down.download(url, destination: destination)
|
|
21
21
|
destination
|
|
@@ -52,12 +52,14 @@ module Miteru
|
|
|
52
52
|
{ ssl_context: ssl_context }
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
def
|
|
56
|
-
"
|
|
55
|
+
def filename_to_save(url)
|
|
56
|
+
filename = url.split("/").last
|
|
57
|
+
extname = File.extname(filename)
|
|
58
|
+
"#{SecureRandom.alphanumeric}.#{extname}"
|
|
57
59
|
end
|
|
58
60
|
|
|
59
|
-
def
|
|
60
|
-
"#{base_dir}/#{
|
|
61
|
+
def download_path(base_dir, filename)
|
|
62
|
+
"#{base_dir}/#{filename}"
|
|
61
63
|
end
|
|
62
64
|
end
|
|
63
65
|
end
|
data/lib/miteru/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miteru
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|