Closed nonefaken closed 3 years ago
I'm not quite sure where i should configure {params}, but {qry} is
scam-domain.org
.
params
is not configurable. This is set and used internally by the module.
I do not see
api/v1/indicators/domain
executed. Is it implemented?
This module is intended to find links for a host name, not subdomains of a domain.
There's a queryDomainUrlList
function for /api/v1/indicators/domain
but this function is not used. The module does not watch for DOMAIN_NAME
events.
The module instead uses /api/v1/indicators/hostname/{qry}/url_list
in the queryHostnameUrlList
function. This function is run for every INTERNET_NAME
event.
Each DOMAIN_NAME
event should also create an INTERNET_NAME
event. ie, in your logs:
SpiderFoot UI Internet Name scam-domain.org
SpiderFoot UI Domain Name scam-domain.org
The INTERNET_NAME
event will be sent to this module.
I took a guess at what your input domain name was and was able to replicate your results.
{'url_list': [{'url': 'https://spam-domain.org/', 'date': '2021-09-22T04:18:17', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'https%3A//spam-domain.org/'}, {'url': 'http://spam-domain.org/', 'date': '2021-09-22T04:18:17', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'http%3A//spam-domain.org/'}, {'url': 'http://spam-domain.org', 'date': '2021-09-21T05:20:52', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'ip': '172.217.14.196', 'http_code': 200}, 'safebrowsing': {'matches': []}}, 'httpcode': 200, 'gsb': [], 'encoded': 'http%3A//spam-domain.org'}, {'url': 'https://spam-domain.org', 'date': '2021-09-21T05:14:30', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'ip': '142.250.217.68', 'http_code': 200}, 'safebrowsing': {'matches': []}}, 'httpcode': 200, 'gsb': [], 'encoded': 'https%3A//spam-domain.org'}], 'page_num': 1, 'limit': 50, 'paged': True, 'has_next': False, 'full_size': 4, 'actual_size': 4}
The following change allows retrieving links for subdomains:
- data = self.queryHostnameUrlList(eventData, page=page)
+ data = self.queryDomainUrlList(eventData, page=page)
The results:
{'url_list': [{'url': 'http://booking.spam-domain.org/', 'date': '2021-09-22T05:13:48', 'domain': 'spam-domain.org', 'hostname': 'booking.spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'http%3A//booking.spam-domain.org/'}, {'url': 'http://inpost-order.spam-domain.org/', 'date': '2021-09-22T05:10:06', 'domain': 'spam-domain.org', 'hostname': 'inpost-order.spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'http%3A//inpost-order.spam-domain.org/'}, {'url': 'https://spam-domain.org/', 'date': '2021-09-22T04:18:17', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'https%3A//spam-domain.org/'}, {'url': 'http://spam-domain.org/', 'date': '2021-09-22T04:18:17', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'http%3A//spam-domain.org/'}, {'url': 'http://allegro-order.spam-domain.org/', 'date': '2021-09-21T23:12:10', 'domain': 'spam-domain.org', 'hostname': 'allegro-order.spam-domain.org', 'result': {'urlworker': {'http_code': 0}, 'safebrowsing': {'matches': []}}, 'httpcode': 0, 'gsb': [], 'encoded': 'http%3A//allegro-order.spam-domain.org/'}, {'url': 'https://olx-order.spam-domain.org/', 'date': '2021-09-21T06:32:18', 'domain': 'spam-domain.org', 'hostname': 'olx-order.spam-domain.org', 'result': {'urlworker': {'ip': '142.251.33.68', 'http_code': 200}, 'safebrowsing': {'matches': []}}, 'httpcode': 200, 'gsb': [], 'encoded': 'https%3A//olx-order.spam-domain.org/'}, {'url': 'http://spam-domain.org', 'date': '2021-09-21T05:20:52', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'ip': '172.217.14.196', 'http_code': 200}, 'safebrowsing': {'matches': []}}, 'httpcode': 200, 'gsb': [], 'encoded': 'http%3A//spam-domain.org'}, {'url': 'https://spam-domain.org', 'date': '2021-09-21T05:14:30', 'domain': 'spam-domain.org', 'hostname': 'spam-domain.org', 'result': {'urlworker': {'ip': '142.250.217.68', 'http_code': 200}, 'safebrowsing': {'matches': []}}, 'httpcode': 200, 'gsb': [], 'encoded': 'https%3A//spam-domain.org'}], 'page_num': 1, 'limit': 50, 'paged': True, 'has_next': False, 'full_size': 8, 'actual_size': 8}
However, I wouldn't recommend using this simple patch. It won't create new INTERNET_NAME
events (and obviously breaks the existing hostname check).
You're correct that this module should also check for subdomains. I'll add it to my TODO list.
Understood. Thank you for reply!
You're correct that this module should also check for subdomains. I'll add it to my TODO list.
This has been implemented on master
in #1472.
Hello!
Thank you for the
spiderfoot
project! I also like allot that it is actively maintained!I have trouble getting results from
sfp_alienvault
module, however if i requestalienvault
services api directly, data is properly returned.I`m mostly interested in this code sniped and its execution result: https://github.com/smicallef/spiderfoot/blob/29f311ccd0732709c194fcf08f054775bc24faf2/modules/sfp_alienvault.py#L211-L215
I'm not quite sure where i should configure {params}, but {qry} is
scam-domain.org
.Than i execute
sfp_alienvault
module withscam-domain.org
as input it produces little result:I do not see
api/v1/indicators/domain
executed. Is it implemented?If i request directly
api/v1/indicators/domain
API endpoint:Please suggest what i might be doing wrong here so it does. not work as expected.
Thank you!