mihari

Mihari is a tool for OSINT based threat hunting.

How it works

Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs or hashes).
Mihari checks whether the database (SQLite3, PostgreSQL or MySQL) contains the artifacts or not.
- If it doesn't contain the artifacts:
  - Mihari saves artifacts in the database.
  - Mihari creates an alert on TheHive.
  - Mihari sends a notification to Slack.
  - Mihari creates an event on MISP.

Also, you can check the alerts on a built-in web app.

Mihari supports the following services by default.

The gem is available as open source under the terms of the MIT License.

Mihari is proudly supported by Tines.io, The SOAR Platform for Enterprise Security Teams.

Name		Name	Last commit message	Last commit date
Latest commit History 1,108 Commits
.github		.github
bin		bin
config		config
docker		docker
examples		examples
exe		exe
images		images
lib		lib
sig/lib		sig/lib
spec		spec
vendor/rbs		vendor/rbs
.gitignore		.gitignore
.gitmodules		.gitmodules
.overcommit.yml		.overcommit.yml
.rspec		.rspec
.rubocop.yml		.rubocop.yml
.standard.yml		.standard.yml
Gemfile		Gemfile
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
Steepfile		Steepfile
build_frontend.sh		build_frontend.sh
config.ru		config.ru
mihari.gemspec		mihari.gemspec
renovate.json		renovate.json