ninoseki/mihari ninoseki/mihari

  • Stars
    star
    751
  • Rank 60,419 (Top 2 %)
  • Language
    HTML
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ninoseki/mihari
github

ninoseki

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool for OSINT based threat hunting

mihari

Gem Version Ruby CI Coverage Status CodeFactor

Mihari is a tool for OSINT based threat hunting.

How it works

img

  • Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs or hashes).
  • Mihari checks whether the database (SQLite3, PostgreSQL or MySQL) contains the artifacts or not.
    • If it doesn't contain the artifacts:
      • Mihari saves artifacts in the database.
      • Mihari creates an alert on TheHive.
      • Mihari sends a notification to Slack.
      • Mihari creates an event on MISP.

Also, you can check the alerts on a built-in web app.

img

Supported services

Mihari supports the following services by default.

Docs

Presentations

License

The gem is available as open source under the terms of the MIT License.

More Repositories

1

mitaka

A browser extension for OSINT search
TypeScript
1,074
star
2

shodan-dojo

Learning Shodan through katas
Python
455
star
3

eml_analyzer

An application to analyze the EML file
Python
262
star
4

miteru

An experimental phishing kit detection tool
Ruby
171
star
5

uzen

Website crawler with YARA detection
Python
87
star
6

apullo

A scanner for taking basic fingerprints
Ruby
50
star
7

ioc-extractor

An npm package for extracting common IoC (Indicator of Compromise)
TypeScript
48
star
8

shimon

Calculate fingerprints of a website for OSINT search
Vue
45
star
9

ukemi

A CLI tool for querying passive DNS services
Ruby
41
star
10

pomodoro-daisuki

JavaScript
40
star
11

ayashige

Ayashige provides a list of suspicious newly updated domains as a JSON feed
Python
32
star
12

iocingestor

An extendable tool to extract and aggregate IoCs from threat feeds
Python
32
star
13

arq-dashboard

A dashboard for ARQ built with FastAPI
Python
31
star
14

abuse_whois

Yet another way to find where to report an abuse
Python
31
star
15

rogue_one

A rogue DNS detector
Ruby
23
star
16

vscode-mogami

A VS Code extension for checking the latest version of each dependency
TypeScript
15
star
17

phishing_kits_2021

A dataset of phishing kits in the wild
15
star
18

vscode-pylens

A VS Code extension to show the latest version of a dependency in pyproject.toml or requirements.txt
TypeScript
13
star
19

misp-gateway

API gateway for MISP
Python
12
star
20

osakana

A Swiss army knife tool for my phishing research
Ruby
11
star
21

urlscan

urlscan.io API wrapper for Ruby
Ruby
11
star
22

fanger

An npm package to defang and refang IoC
TypeScript
10
star
23

tansaku

Yet another dirbuster tool
Ruby
10
star
24

kibune

A Sigma based detection pipeline
Python
9
star
25

shodanx

Yet another Shodan API wrapper for Ruby
Ruby
8
star
26

whois-parser

Yet another whois parser for Python
Python
8
star
27

securitytrails

SecurityTrails API wrapper for Ruby
Ruby
8
star
28

playwright-har-tracer

A Python implementation version of Playwright's HAR tracer
Python
8
star
29

rangescan

A CLI tool to scan websites on a specific IP range and filter the results by a regexp
Ruby
7
star
30

mihama

osv.dev API clone
Python
6
star
31

panels

A collection of hashes of an HTTP response of a C2 / admin panel
6
star
32

SimpleWhatWeb

Simplified ver. of WhatWeb
Ruby
6
star
33

virustotalx

Yet another VirusTotal API wrapper for Ruby
Ruby
6
star
34

binaryedge-rb

BinaryEdge API wrapper for Ruby
Ruby
6
star
35

niteru

Compare HTML similarity using structural and style metrics
Python
6
star
36

vscode-gem-lens

A VS Code extension to show the latest version of each gem in a gemspec
TypeScript
5
star
37

ti-config

5
star
38

emailrep-analyzer

Cortex Analyzer for emailrep.io
Python
5
star
39

doh_client

DNS over HTTPS (DoH) client for Ruby
Ruby
5
star
40

ts-jest-chrome-extension-starter

A starter template to create a Chrome extension with TypeScript and Jest
TypeScript
5
star
41

ryo

Yet another website recon tool powered by Ruby
Ruby
5
star
42

spysex

Spyse API wrapper for Ruby
Ruby
4
star
43

whois-rest

A RESTful whois
Python
4
star
44

zoomeye-rb

ZoomEye API wrapper for Ruby
Ruby
4
star
45

digging

A Web API for DNS digging
Ruby
4
star
46

ninoseki.github.io

(●__●)
4
star
47

pycomponents

An experimental tool to generate CycloneDX SBOM from running Python processes
Python
4
star
48

awesome-csirt-jp

A curated list of tools and resources for CSIRT in Japan
4
star
49

jsac2023-sbom-workshop

JSAC2023 SBOM Workshop
Python
3
star
50

browserless-chrome

Dockerfile
3
star
51

yeti-securitytrails

YETI analytics plugins for SecurityTrails
Python
3
star
52

funky_hao

A surface analysis tool for MoqHao
Python
3
star
53

MISP-japanization

MISP Japananization / MISP日本語化プロジェクト
3
star
54

cortex-securitytrails

Cortex analyzer for SecurityTrails
HTML
3
star
55

sleep_warm

A web-based low-interaction honeypot build on Rack
Ruby
3
star
56

ExUrlscan

urlscan.io API wrapper for Elixir
Elixir
3
star
57

aiodnsbl

Async DNSBL lists checker
Python
3
star
58

kokki

Convert a country name / code & IP address to an emoji flag
Ruby
3
star
59

crtsh

crt.sh API wrapper for Ruby
Ruby
3
star
60

misp-rb

MISP API wrapper for Ruby
Ruby
2
star
61

roamingmantis

Python
2
star
62

hash-hush

Smart links for hashes
TypeScript
2
star
63

ruby-the-noises

ザ・ノイジーズのポッドキャスト用Rubyクライアント。
Ruby
2
star
64

highlightjs-yara

A highlight.js plugin for YARA
JavaScript
2
star
65

mihari-frontend

The frontend app for Mihari
Vue
2
star
66

kanshi

Certificate Transparency (CT) logs monitoring with a regex
Elixir
2
star
67

urlhaus_monitor

A monitoring tool for URLhaus feeds
Ruby
2
star
68

baramaki

Dockerfile
2
star
69

itamae_thehive

Automated installation of TheHive/Cortex by using Itamae
Ruby
2
star
70

misc

Ruby
2
star
71

censysx

A Censys Search v2 API wrapper for Ruby
Ruby
2
star
72

zip-image-similarity

2
star
73

rb-mynumber

Check given string/number is a MyNumber or not
Ruby
1
star
74

azuma

Yet another Sigma library for Python
Python
1
star
75

cortex_URLhaus_analyzer

Cortex analyzer for URLhaus
Python
1
star
76

cortex_urlscan_analyzer

Cortex analyzer for urlscan.io.
Python
1
star
77

iw2021_moqhao

A dataset behind my IW2021 talk
1
star
78

hachi

Hachi(蜂) is a dead simple TheHive API wrapper for Ruby.
Ruby
1
star
79

todo-stimulus

TodoMVC with Stimulus + TypeScript
TypeScript
1
star
80

files-downloader

A web extension to download files via your active tab
Vue
1
star
81

rspec-httpbin

An httpbin like Rack app for RSpec
Ruby
1
star
82

fakespy

Python
1
star
83

onyphe-rb

ONYPHE API wrapper for Ruby
Ruby
1
star
84

whistling

Python
1
star
85

daino

daino(大脳) is a dead simple Cortex API wrapper for Ruby.
Ruby
1
star
86

16shop

1
star
87

fushin

A malicious blog posts monitoring tool
Ruby
1
star
88

dnpedia-rb

DNPedia domain search API wrapper for Ruby
Ruby
1
star
89

mihari-action

Dockerfile
1
star
90

ex_tansaku

Elixir version of ninoseki/tansaku
Elixir
1
star
91

uv-dynamic-versioning

1
star
92

greynoise

GreyNoise API wrapper for Ruby
Ruby
1
star
93

tweet_stream

1
star
94

itamae_gosint

Automated installation of GOSINT by using itamae
Ruby
1
star
95

passive_circl

CIRCL Passive DNS/SSL API wrapper for Ruby
Ruby
1
star
96

yara_rules

My hand-made YARA rules
YARA
1
star
97

ipinfo-analyzers

Cortex Analyzer for IPinfo
HTML
1
star
98

first-csirt-basic-course-md

Markdown version of the FIRST CSIRT Basic Course https://www.first.org/education/trainings
1
star
99

ahiru

Yet another Ruby gem for DuckDuckGo Search
Ruby
1
star
100

miniset

A Jinja2 template processor for interacting with an SQL engine
Python
1
star