urlscan.io

[andthenenteredalex]

Hello. I have python code for integration with urlscan.io (api key required). If this is a feature you'd like to add I can create a pull request.

[andthenenteredalex]

Cheers

[TheresAFewConors]

Hi andthenenteredalex,

That would be a huge help - I'm working on a different section right now but the urlscan integration is something that would be quite beneficial to the project, and something I've been planning on adding

If you want to open a pull request and integrate it with the reputation checker, I'll take a look and we can see about merging

Thanks very much

[andthenenteredalex]

Hey question: What info would you like included from urlscan.io in the response? Depending on the URl, the json response is really large with many fields and can be adjusted to suit.

[andthenenteredalex]

CLEAN example: https://urlscan.io/result/43e49833-2e62-418b-a30a-c2ec0b9a976f/ MALICIOUS example: https://urlscan.io/result/e6a6988a-5247-424a-bd43-14105e350f39/ If you could pick some out from a sample I'll make it happen. Cheers

[TheresAFewConors]

Maybe some info from the summary section would be useful - eg. the main domain, the Verdict, what the score is from urlscan and googlesafebrowsing, and possibly a link to the urlscan report page if possible?

I think the best way to display the info is give whatever is important to a decision in Sooty, but leave a link for further info if necessary as well.

Thanks again - this will be a great addition

[Arkanyus]

Just to add to this, the API can save the screenshot of the resolved address as a .png which would be a handy aspect of this tool to consider adding

[andthenenteredalex]

Okay! I'm actively working on cleaning up the results and adding to Sooty. I hope to have the pull request submitted within the next week.

That is correct. Absolutely, I'll be happy to add the screenshot. Unfortunately the screenshots come back all white sometimes when I'm investigating some real things and have not been 100% reliable.

[andthenenteredalex]

If you want to keep collaborating on this, VirusTotal has a URL scan API function too, and so do sites like Any.Run.

[TheresAFewConors]

@andthenenteredalex thanks very much, there's no rush on it - do it in your own time

@Arkanyus a PNG would be useful, however it wouldn't be able to be viewed on the command line - it might be a feature worth revisiting when I have the case update and format added so the image can be embedded in the output perhaps

[andthenenteredalex]

Let me know if you didn't get the pull request.

[TheresAFewConors]

Apologies for the delay, been extremely busy at work the last few days - I'll try get to it by the end of the week. If not I'll check it Saturday morning

[andthenenteredalex]

Oh no worries or hurry! I just wanted to make sure it got submitted correctly. :) 👍

[TheresAFewConors]

Feature has been approved and merge.

Issue closed