CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

new: (hidden) interface to search for hostnames and URLs

pull/184/head
Raphaël Vinot 2021-03-18 00:40:14 +01:00
parent c7580408fa
commit 49ae4490b2
5 changed files with 252 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lookyloo/lookyloo.py
View File

@ -837,7 +837,8 @@ class Lookyloo():
for capture in captures[:limit]:
ct = self.get_crawled_tree(capture.uuid)
to_append: Dict[str, Union[str, Dict]] = {'capture_uuid': capture.uuid,
'start_timestamp': capture.timestamp.isoformat()}
'start_timestamp': capture.timestamp.isoformat(),
'title': capture.title}
urlnodes: Dict[str, Dict[str, str]] = {}
for urlnode in ct.root_hartree.url_tree.search_nodes(name=url):
urlnodes[urlnode.uuid] = {'start_time': urlnode.start_time.isoformat(),
@ -863,7 +864,8 @@ class Lookyloo():
for capture in captures[:limit]:
ct = self.get_crawled_tree(capture.uuid)
to_append: Dict[str, Union[str, List, Dict]] = {'capture_uuid': capture.uuid,
'start_timestamp': capture.timestamp.isoformat()}
'start_timestamp': capture.timestamp.isoformat(),
'title': capture.title}
hostnodes: List[str] = []
if with_urls_occurrences:
urlnodes: Dict[str, Dict[str, str]] = {}

31
website/web/__init__.py
View File

@ -13,6 +13,7 @@ import calendar
from typing import Optional, Dict, Any, Union
import logging
import hashlib
from urllib.parse import quote_plus, unquote_plus
from flask import Flask, render_template, request, send_file, redirect, url_for, Response, flash, jsonify
from flask_bootstrap import Bootstrap # type: ignore
@ -609,6 +610,19 @@ def submit():
return Response(perma_uuid, mimetype='text/text')
@app.route('/search', methods=['GET', 'POST'])
def search():
if request.form.get('url'):
return redirect(url_for('url_details', url=quote_plus(request.form.get('url'))))
if request.form.get('hostname'):
return redirect(url_for('hostname_details', hostname=request.form.get('hostname')))
if request.form.get('ressource'):
return redirect(url_for('body_hash_details', body_hash=request.form.get('ressource')))
if request.form.get('cookie'):
return redirect(url_for('cookies_name_detail', cookie_name=request.form.get('cookie')))
return render_template('search.html')
@app.route('/capture', methods=['GET', 'POST'])
def capture_web():
if request.form.get('url'):
@ -651,16 +665,29 @@ def capture_web():
@app.route('/cookies/<string:cookie_name>', methods=['GET'])
def cookies_name_detail(cookie_name: str):
captures, domains = lookyloo.get_cookie_name_investigator(cookie_name)
captures, domains = lookyloo.get_cookie_name_investigator(cookie_name.strip())
return render_template('cookie_name.html', cookie_name=cookie_name, domains=domains, captures=captures)
@app.route('/body_hashes/<string:body_hash>', methods=['GET'])
def body_hash_details(body_hash: str):
captures, domains = lookyloo.get_body_hash_investigator(body_hash)
captures, domains = lookyloo.get_body_hash_investigator(body_hash.strip())
return render_template('body_hash.html', body_hash=body_hash, domains=domains, captures=captures)
@app.route('/urls/<string:url>', methods=['GET'])
def url_details(url: str):
url = unquote_plus(url).strip()
hits = lookyloo.get_url_occurrences(url=url, limit=50)
return render_template('url.html', url=url, hits=hits)
@app.route('/hostnames/<string:hostname>', methods=['GET'])
def hostname_details(hostname: str):
hits = lookyloo.get_hostname_occurrences(hostname=hostname.strip(), with_urls_occurrences=True, limit=50)
return render_template('hostname.html', hostname=hostname, hits=hits)
@app.route('/stats', methods=['GET'])
def statsfull():
stats = lookyloo.get_stats()

77
website/web/templates/hostname.html Normal file
View File

@ -0,0 +1,77 @@
{% extends "main.html" %}
{% from 'bootstrap/utils.html' import render_messages %}
{% block title %}{{ url }}{% endblock %}
{% block scripts %}
{{ super() }}
<script src='{{ url_for('static', filename='datatables.min.js') }}'></script>
<script type="text/javascript">
$('#table').DataTable( {
"order": [[ 0, "desc" ]],
"pageLength": 50,
"columnDefs": [{
"targets": 0,
"render": function ( data, type, row, meta ) {
let date = new Date(data);
return date.getFullYear() + '-' + (date.getMonth() + 1).toString().padStart(2, "0") + '-' + date.toTimeString();
}
}]
});
</script>
<script type="text/javascript">
function openTreeInNewTab(treeUUID) {
window.opener.openTreeInNewTab(treeUUID);
};
</script>
{% endblock %}
{% block styles %}
{{ super() }}
<link rel="stylesheet" href="{{ url_for('static', filename='datatables.min.css') }}">
{% endblock %}
{% block content %}
<center>
<h4>{{ url }}</h4>
<button onclick="window.history.back();" class="btn btn-info" type="button">Go Back</button>
</center>
<div class="table-responsive">
<table id="table" class="table" style="width:96%">
<thead>
<tr>
<th>Start timestamp</th>
<th>Captures</th>
</tr>
</thead>
<tbody>
{% for hit in hits %}
<tr>
<td>
{{ hit['start_timestamp'] }}
</td>
<td><a href="{{ url_for('tree', tree_uuid=hit['capture_uuid']) }}">{{ hit['title'] }}</a>
</br>
Nodes:
<ul>
{% for urlnode_uuid, data in hit['urlnodes'].items() %}
<li><a href="{{ url_for('tree', tree_uuid=hit['capture_uuid'], node_uuid=data['hostnode_uuid']) }}">{{ data['start_time'] }}</a></li>
{% endfor %}
</ul>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<p>The same file was seen in these captures:</p>
<ul>
{% for capture_uuid, title in captures %}
<li><a href="#/" onclick="openTreeInNewTab('{{ capture_uuid }}')">{{ title }}</a></li>
{% endfor %}
</ul>
{% endblock %}

65
website/web/templates/search.html Normal file
View File

@ -0,0 +1,65 @@
{% extends "main.html" %}
{% block title %}Capture{% endblock %}
{% block card %}
<meta property="og:title" content="Lookyloo" />
<meta property="og:type" content="website"/>
<meta
property="og:description"
content="Lookyloo captures websites and let you investigate them."
/>
<meta
property="og:image"
content="https://{{public_domain}}{{ url_for('static', filename='lookyloo.jpeg') }}"
/>
<meta
property="og:url"
content="https://{{public_domain}}"
/>
<meta name="twitter:card" content="summary_large_image">
{% endblock %}
{% block content %}
<div class="container">
<center>
<a href="{{ url_for('index') }}" title="Go back to index">
<img src="{{ url_for('static', filename='lookyloo.jpeg') }}"
alt="Lookyloo" width="400">
</a>
</center>
</br>
<div>Please only search one of the following thing at a time.</div>
<form role="form" action="{{ url_for('search') }}" method=post enctype=multipart/form-data>
<div class="form-group row">
<label for="url" class="col-sm-2 col-form-label">URL:</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="url" id=url placeholder="URL to search">
</div>
</div>
<div class="form-group row">
<label for="hostname" class="col-sm-2 col-form-label">Hostname:</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="hostname" id=hostname placeholder="Hostname to search">
</div>
</div>
<div class="form-group row">
<label for="ressource" class="col-sm-2 col-form-label">Ressource:</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="ressource" id=ressource placeholder="SHA 521 of the ressource to search">
</div>
</div>
<div class="form-group row">
<label for="cookie" class="col-sm-2 col-form-label">Cookie name:</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="cookie" id=cookie placeholder="Cookie name to search">
</div>
</div>
<button type="submit" class="btn btn-info" id="btn-looking">Start looking!</button>
</form>
</div>
{% endblock %}
{% block scripts %}
{{ super() }}
<script src='{{ url_for('static', filename='capture.js') }}'></script>
{% endblock %}

77
website/web/templates/url.html Normal file
View File

@ -0,0 +1,77 @@
{% extends "main.html" %}
{% from 'bootstrap/utils.html' import render_messages %}
{% block title %}{{ url }}{% endblock %}
{% block scripts %}
{{ super() }}
<script src='{{ url_for('static', filename='datatables.min.js') }}'></script>
<script type="text/javascript">
$('#table').DataTable( {
"order": [[ 0, "desc" ]],
"pageLength": 50,
"columnDefs": [{
"targets": 0,
"render": function ( data, type, row, meta ) {
let date = new Date(data);
return date.getFullYear() + '-' + (date.getMonth() + 1).toString().padStart(2, "0") + '-' + date.toTimeString();
}
}]
});
</script>
<script type="text/javascript">
function openTreeInNewTab(treeUUID) {
window.opener.openTreeInNewTab(treeUUID);
};
</script>
{% endblock %}
{% block styles %}
{{ super() }}
<link rel="stylesheet" href="{{ url_for('static', filename='datatables.min.css') }}">
{% endblock %}
{% block content %}
<center>
<h4>{{ url }}</h4>
<button onclick="window.history.back();" class="btn btn-info" type="button">Go Back</button>
</center>
<div class="table-responsive">
<table id="table" class="table" style="width:96%">
<thead>
<tr>
<th>Start timestamp</th>
<th>Captures</th>
</tr>
</thead>
<tbody>
{% for hit in hits %}
<tr>
<td>
{{ hit['start_timestamp'] }}
</td>
<td><a href="{{ url_for('tree', tree_uuid=hit['capture_uuid']) }}">{{ hit['title'] }}</a>
</br>
Nodes:
<ul>
{% for urlnode_uuid, data in hit['urlnodes'].items() %}
<li><a href="{{ url_for('tree', tree_uuid=hit['capture_uuid'], node_uuid=data['hostnode_uuid']) }}">{{ data['start_time'] }}</a></li>
{% endfor %}
</ul>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<p>The same file was seen in these captures:</p>
<ul>
{% for capture_uuid, title in captures %}
<li><a href="#/" onclick="openTreeInNewTab('{{ capture_uuid }}')">{{ title }}</a></li>
{% endfor %}
</ul>
{% endblock %}