mihari
Tools
HTML
mihari
Mihari is a tool for OSINT based threat hunting.
How it works
- Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs or hashes).
-
Mihari checks whether the database (SQLite3, PostgreSQL or MySQL) contains the artifacts or not.
-
If it doesn’t contain the artifacts:
- Mihari saves artifacts in the database.
- Mihari creates an alert on TheHive.
- Mihari sends a notification to Slack.
- Mihari creates an event on MISP.
-
If it doesn’t contain the artifacts:
Also, you can check the alerts on a built-in web app.
Supported services
Mihari supports the following services by default.
- BinaryEdge
- Censys
- CIRCL passive DNS / passive SSL
- crt.sh
- DN Pedia
- dnstwister
- GreyNoise
- Onyphe
- OTX
- PassiveTotal
- Pulsedive
- SecurityTrails
- Shodan
- urlscan.io
- VirusTotal & VirusTotal Intelligence
- ZoomEye
Docs
Presentations
License
The gem is available as open source under the terms of the MIT License.
Acknowledgement
Mihari is proudly supported by Tines.io, The SOAR Platform for Enterprise Security Teams.