[BUG] PassiveTotal analyzer not returning IPs while searching using SHA1 of a certificate
r0ny123 opened this issue · comments
Rony commented
Describe the bug:
According to documentation, searching using Hash (SSL certificate SHA1 fingerprint)
will return IP addresses associated with it. In this case, PassiveTotal analyzer not returning IPs while searching using sha1 of a certificate.
Steps to reproduce:
- create example a rule mentioned below:
title: Ip's associated with cert c00a42e59d32acf2344a153c6de91896cde2a1c1(SHA1)
description: Ip's associated with cert c00a42e59d32acf2344a153c6de91896cde2a1c1(SHA1)
queries:
- analyzer: passivetotal
query: c00a42e59d32acf2344a153c6de91896cde2a1c1
- save it and run
mihari search example.yml
Expected behavior
This should return some IP's associated with it.
Per RiskIQ, the cert has some IP's linked with it.
Actual behavior:
The search doesn't return any results. (IP addresses) and prints the following output Mihari -- There is no new artifact
.
System Information:
- OS:
Ubuntu 20.04
- Ruby version:
3.0
- Mihari version:
4.3.0
Additional context
I also verified the above mentioned rule using mihari validate rule
command and It said Valid Format
.