Closed SteveD3 closed 2 years ago
Following up. After six days, the issue remains. I've uninstalled and reinstalled Ruby, which didn't help. Not sure how this happened. No errors to speak of in the logs that I can see. The only change is how the file is being saved.
That change is introduced in v1.0.0. https://github.com/ninoseki/miteru/releases/tag/v1.0.0 Information (including URL, domain, etc.) is stored in the database.
okay, cool. Guess I was still using an older version before. Thanks for looking into it.
Is there any reason you can think of that would cause the domain data to not be added to file downloads?
The issue started today. When a file downloads, the name is a hash value only, and not domain_filename.zip_hash.zip like it used to be. I've listed examples below, just curious as to the cause, and if you've seen this before.
steved3@steved3-lab:~$ ruby -v ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
steved3@steved3-lab:~$ gem -v 3.2.32
Debian 10
Example (26-11-21): hxxps://chbi.duckdns.org: it doesn't contain a phishing kit. hxxps://chbi.duckdns.org/chase.com: it might contain a phishing kit: us-online.zip. hxxps://chbi.duckdns.org/chase.com/us-online: [0;91;49mit might contain a phishing kit: us-online.zip(2101KB).[0m Download hxxps://chbi.duckdns.org/chase.com/us-online.zip as /media/steved3/LINUX/miteru_kit_dl//0a44729c-397c-449f-a4f1-a8e80cfc7138.zip Don't download hxxps://chbi.duckdns.org/chase.com/us-online.zip. The same hash is already recorded. (SHA256: 85dd241c7f5a286ce65a8214958ede3e09036c2e04cbc5ca97bde6167fcaf347).
Previous working example(24-11-21): hxxp://firateducation.com/owa/Office365: It doesn't contain a phishing kit. hxxp://firateducation.com/owa: [0;91;49mIt might contain a phishing kit: OfficeEdu.zip(3478KB).[0m Download hxxp://firateducation.com/owa/OfficeEdu.zip as /media/steved3/LINUX/miteru_kit_dl//firateducation.com_OfficeEdu.zip_934e0954d57e299e16a9.zip