mihari
A query aggregator for OSINT based threat hunting.
Mihari can aggregate multiple searches across multiple services in a single rule & persist findings in a database.
Mihari supports the following services by default.
- BinaryEdge
- Censys
- CIRCL passive DNS / passive SSL
- crt.sh
- dnstwister
- Fofa
- GreyNoise
- HunterHow
- Onyphe
- OTX
- PassiveTotal
- Pulsedive
- SecurityTrails
- Shodan
- urlscan.io
- Validin
- VirusTotal & VirusTotal Intelligence
- ZoomEye
See documentation for more details.
You can also refer to JSAC2024 workshop materials to learn how Mihari works through some exercises.
License
The gem is available as open source under the terms of the MIT License.