Project

mihari

0.33
The project is in a healthy, maintained state
A framework for continuous OSINT based threat hunting
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
 Dependencies

Development

~> 2.3
~> 1.8
~> 0.5
~> 1.4
~> 13.0
~> 3.11
~> 0.9
~> 6.1
~> 3.14
~> 2.0
~> 1.14
~> 0.59
~> 0.11
~> 0.13
~> 1.1

Runtime

= 7.0.3.1
= 2.0.1
= 0.1.0
= 0.3.1
= 0.1.0
= 0.1.0
= 2.0.0
= 5.6.4
= 0.2.1
= 1.2.1
= 2.2.4
= 0.8.0
= 0.1.1
= 0.2.0
= 2.2.0
= 1.4.0
= 5.1.0
= 2.0.2
= 2.8.1
= 1.6.2
= 2.0.1
= 1.1.1
= 0.1.1
= 0.10.2
= 1.9.3
= 2.5.0
= 0.1.4
= 2.0.8
= 2.0.0
= 1.22.1
= 0.1.5
= 0.2.0
= 1.4.4
= 0.2.0
= 0.6.0
 Project Readme

mihari

Gem Version Ruby CI Coverage Status CodeFactor

img

Mihari is a tool for OSINT based threat hunting.

How it works

img

  • Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs or hashes).
  • Mihari checks whether the database (SQLite3, PostgreSQL or MySQL) contains the artifacts or not.
    • If it doesn't contain the artifacts:
      • Mihari saves artifacts in the database.
      • Mihari creates an alert on TheHive.
      • Mihari sends a notification to Slack.
      • Mihari creates an event on MISP.

Also, you can check the alerts on a built-in web app.

img

Supported services

Mihari supports the following services by default.

Docs

Presentations

License

The gem is available as open source under the terms of the MIT License.

Acknowledgement

Mihari is proudly supported by Tines.io, The SOAR Platform for Enterprise Security Teams.