mihari v2.3 releases: run OSINT queries & manage results continuously
mihari
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting.
How it works
- mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts from the query results.
- mihari checks whether a TheHive instance contains the artifacts or not.
- If it doesn’t contain the artifacts:
- mihari creates an alert with the artifacts on the TheHive instance.
- mihari sends a notification to Slack. (Optional)
- mihari creates an event on MISP. (Optional)
- If it doesn’t contain the artifacts:
You can use mihari without TheHive. But note that mihari depends on TheHive to manage artifacts. It means mihari might make duplications when without TheHive.
Installation
gem install mihari
Or you can use this tool with Docker.
docker pull ninoseki/mihari
Use
mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh and VirusTotal by default.
Copyright (c) 2019 Manabu Niseki