Mihari is a framework for threat hunting based on continuous OSINT.
Mihari works by making queries against Shodan, Censys, SecurityTrails, VirusTotal, etc. and extracts artifacts (domains, IP addresses, URLs or hashes).
It also runs checks on whether the database (PostgreSQL, SQLite3 or MySQL) contains artifacts or not.
If it doesn’t have artifacts, Mihari does the following:
- Saves artifacts in the database.
- Sends a notification to Slack.
- Creates an event on MISP.
- Creates an alert on TheHive.
It also lets you check the alerts on a built-in web application.
Download Link: https://github.com/ninoseki/mihari