miteru 0.9.3 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +19 -2
- data/lib/miteru/crawler.rb +0 -2
- data/lib/miteru/downloader.rb +2 -1
- data/lib/miteru/http_client.rb +7 -5
- data/lib/miteru/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e11aca7b7b5b2222d5733afd3b155420475635d3b4f09b02a70e3017fb9e68cf
|
|
4
|
+
data.tar.gz: 0e0d8b5b4acb5033f1e2639563e6dbd5ec2f6dfabb4421315f18ed45648076f8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '08d110df3c96cc33c0e9fefefb95f1dff64c8482c423ec8a725497add862d648464c6a5a164371e0f664b38c83fcf0becc8d3ee53f7d233f9776e3ab1aea12a0'
|
|
7
|
+
data.tar.gz: 2e45e1ae4d80c032abeef6287d705f970847f8f6bc237f82ea7749492cf4fc7e07eba8e37daf1275d5656a04212deb5cba2e5de5ca75b2c4e5ad49bb72d2efba
|
data/README.md
CHANGED
|
@@ -10,12 +10,18 @@ Miteru is an experimental phishing kit detection tool.
|
|
|
10
10
|
## How it works
|
|
11
11
|
|
|
12
12
|
- It collects phishing suspicious URLs from the following feeds:
|
|
13
|
-
- [urlscan.io](https://urlscan.io/search/#certstream-suspicious)
|
|
13
|
+
- [urlscan.io certstream-suspicious feed](https://urlscan.io/search/#certstream-suspicious)
|
|
14
14
|
- [OpenPhish community feed](https://openphish.com/feed.txt)
|
|
15
15
|
- [PhishTank feed](http://data.phishtank.com/data/online-valid.csv)
|
|
16
|
-
- It checks a suspicious URL whether it
|
|
16
|
+
- It checks a suspicious URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
|
|
17
17
|
- Note: compressed file = `*.zip`, `*.rar`, `*.7z`, `*.tar` and `*.gz`.
|
|
18
18
|
|
|
19
|
+
## Features
|
|
20
|
+
|
|
21
|
+
- [x] Phishing kit detection & collection.
|
|
22
|
+
- [x] Slack integration. (Posting a message to Slack if the tool detects a phishing kit.)
|
|
23
|
+
- [x] Threading.
|
|
24
|
+
|
|
19
25
|
## Installation
|
|
20
26
|
|
|
21
27
|
```sh
|
|
@@ -61,9 +67,20 @@ https://dummy3.com: it doesn't contain a phishing kit.
|
|
|
61
67
|
https://dummy4.com: it might contain a phishing kit (dummy.zip).
|
|
62
68
|
```
|
|
63
69
|
|
|
70
|
+
## Aasciinema cast
|
|
71
|
+
|
|
72
|
+
[](https://asciinema.org/a/ga6ZbwuK1HOLOyELb23QrSvJP)
|
|
73
|
+
|
|
74
|
+
Note: Stoped the process during the execution because it takes minutes to finish.
|
|
75
|
+
|
|
64
76
|
## Note
|
|
65
77
|
|
|
66
78
|
For using `--post-to-slack` feature, you should set the following environment variables:
|
|
67
79
|
|
|
68
80
|
- `SLACK_WEBHOOK_URL`: Your Slack Webhook URL.
|
|
69
81
|
- `SLACK_CHANNEL`: Slack channel to post a message (default: "#general").
|
|
82
|
+
|
|
83
|
+
## Alternatives
|
|
84
|
+
|
|
85
|
+
- [t4d/StalkPhish](https://github.com/t4d/StalkPhish): The Phishing kits stalker, harvesting phishing kits for investigations.
|
|
86
|
+
- [duo-labs/phish-collect](https://github.com/duo-labs/phish-collect): Python script to hunt phishing kits.
|
data/lib/miteru/crawler.rb
CHANGED
data/lib/miteru/downloader.rb
CHANGED
|
@@ -17,6 +17,7 @@ module Miteru
|
|
|
17
17
|
target_url = "#{url}/#{path}"
|
|
18
18
|
begin
|
|
19
19
|
download_file_path = HTTPClient.download(target_url, base_dir)
|
|
20
|
+
puts download_file_path
|
|
20
21
|
if duplicated?(download_file_path, base_dir)
|
|
21
22
|
puts "Do not download #{target_url} because there is a same hash file in the directory (SHA256: #{sha256(download_file_path)})."
|
|
22
23
|
FileUtils.rm download_file_path
|
|
@@ -38,7 +39,7 @@ module Miteru
|
|
|
38
39
|
|
|
39
40
|
def duplicated?(file_path, base_dir)
|
|
40
41
|
base = sha256(file_path)
|
|
41
|
-
sha256s = Dir.glob("#{base_dir}/*.zip").map { |path| sha256(path) }
|
|
42
|
+
sha256s = Dir.glob("#{base_dir}/*.{zip,rar,7z,tar,gz}").map { |path| sha256(path) }
|
|
42
43
|
sha256s.select { |sha256| sha256 == base }.length > 1
|
|
43
44
|
end
|
|
44
45
|
end
|
data/lib/miteru/http_client.rb
CHANGED
|
@@ -15,7 +15,7 @@ module Miteru
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def download(url, base_dir)
|
|
18
|
-
destination =
|
|
18
|
+
destination = download_path(base_dir, filename_to_save(url))
|
|
19
19
|
down = Down::Http.new(default_options) { |client| client.headers(default_headers) }
|
|
20
20
|
down.download(url, destination: destination)
|
|
21
21
|
destination
|
|
@@ -52,12 +52,14 @@ module Miteru
|
|
|
52
52
|
{ ssl_context: ssl_context }
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
def
|
|
56
|
-
"
|
|
55
|
+
def filename_to_save(url)
|
|
56
|
+
filename = url.split("/").last
|
|
57
|
+
extname = File.extname(filename)
|
|
58
|
+
"#{SecureRandom.alphanumeric}.#{extname}"
|
|
57
59
|
end
|
|
58
60
|
|
|
59
|
-
def
|
|
60
|
-
"#{base_dir}/#{
|
|
61
|
+
def download_path(base_dir, filename)
|
|
62
|
+
"#{base_dir}/#{filename}"
|
|
61
63
|
end
|
|
62
64
|
end
|
|
63
65
|
end
|
data/lib/miteru/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miteru
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|