gr00T0x/mihari

A tool for OSINT based threat hunting

mihari

---

---

Mihari is a tool for OSINT based threat hunting.

How it works

• Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs or hashes).
• Mihari checks whether the database (SQLite3, PostgreSQL or MySQL) contains the artifacts or not.
  • If it doesn't contain the artifacts:
    • Mihari saves artifacts in the database.
    • Mihari creates an alert on TheHive.
    • Mihari sends a notification to Slack.
    • Mihari creates an event on MISP.

Also, you can check the alerts on a built-in web app.

Supported services

Mihari supports the following services by default.

• BinaryEdge
• Censys
• CIRCL passive DNS / passive SSL
• crt.sh
• dnstwister
• GreyNoise
• Onyphe
• OTX
• PassiveTotal
• Pulsedive
• SecurityTrails
• Shodan
• urlscan.io
• VirusTotal & VirusTotal Intelligence
• ZoomEye

Docs

• Mihari Knowledge Base

Presentations

• Adversary Infrastructure Tracking with Mihari

License

The gem is available as open source under the terms of the MIT License.