AI Summary: Mihari is an OSINT query aggregator designed for threat hunting, enabling users to perform multiple searches across various data services using a single rule and store the findings in a database. It supports numerous services, including Censys, VirusTotal, and Shodan, facilitating comprehensive data collection and analysis for enhanced cybersecurity investigations. Notable features include support for diverse OSINT sources, integrated persistence for findings, and robust documentation for user guidance.

README

mihari

A query aggregator for OSINT based threat hunting.

Mihari can aggregate multiple searches across multiple services in a single rule & persist findings in a database.

Mihari supports the following services by default.

• Censys
• CIRCL passive DNS / passive SSL
• crt.sh
• dnstwister
• Fofa
• GreyNoise
• HunterHow
• Onyphe
• OTX
• PassiveTotal
• Pulsedive
• SecurityTrails
• Shodan
• urlscan.io
• Validin
• VirusTotal & VirusTotal Intelligence
• ZoomEye

See documentation for more details.

You can also refer to JSAC2024 workshop materials to learn how Mihari works through some exercises.

License

The gem is available as open source under the terms of the MIT License.