diff --git a/lookyloo/modules/urlscan.py b/lookyloo/modules/urlscan.py index 75c8b4da..48c1c70e 100644 --- a/lookyloo/modules/urlscan.py +++ b/lookyloo/modules/urlscan.py @@ -101,6 +101,9 @@ class UrlScan(): # default to key config on urlscan.io website pass response = self.client.post('https://urlscan.io/api/v1/scan/', json=data) + if response.status_code == 400: + # Error, but we have details in the response + return response.json() response.raise_for_status() return response.json() @@ -139,6 +142,8 @@ class UrlScan(): visibility) except requests.exceptions.HTTPError as e: return {'error': e} + if 'status' in response and response['status'] == 400: + response = {'error': response} with urlscan_file_submit.open('w') as _f: json.dump(response, _f) return response diff --git a/website/web/__init__.py b/website/web/__init__.py index fec50a87..41c036a4 100644 --- a/website/web/__init__.py +++ b/website/web/__init__.py @@ -406,20 +406,26 @@ def modules(tree_uuid: str): urlscan_to_display: Dict = {} if 'urlscan' in modules_responses: urlscan = modules_responses.pop('urlscan') - urlscan_to_display = {'permaurl': '', 'malicious': False, 'tags': []} - if urlscan['submission'] and urlscan['submission'].get('result'): - urlscan_to_display['permaurl'] = urlscan['submission']['result'] - if urlscan['result']: - # We have a result available, get the verdicts - if (urlscan['result'].get('verdicts') - and urlscan['result']['verdicts'].get('overall')): - if urlscan['result']['verdicts']['overall'].get('malicious') is not None: - urlscan_to_display['malicious'] = urlscan['result']['verdicts']['overall']['malicious'] - if urlscan['result']['verdicts']['overall'].get('tags'): - urlscan_to_display['tags'] = urlscan['result']['verdicts']['overall']['tags'] + if 'error' in urlscan['submission']: + if 'description' in urlscan['submission']['error']: + urlscan_to_display = {'error_message': urlscan['submission']['error']['description']} + else: + urlscan_to_display = {'error_message': urlscan['submission']['error']} else: - # unable to run the query, probably an invalid key - pass + urlscan_to_display = {'permaurl': '', 'malicious': False, 'tags': []} + if urlscan['submission'] and urlscan['submission'].get('result'): + urlscan_to_display['permaurl'] = urlscan['submission']['result'] + if urlscan['result']: + # We have a result available, get the verdicts + if (urlscan['result'].get('verdicts') + and urlscan['result']['verdicts'].get('overall')): + if urlscan['result']['verdicts']['overall'].get('malicious') is not None: + urlscan_to_display['malicious'] = urlscan['result']['verdicts']['overall']['malicious'] + if urlscan['result']['verdicts']['overall'].get('tags'): + urlscan_to_display['tags'] = urlscan['result']['verdicts']['overall']['tags'] + else: + # unable to run the query, probably an invalid key + pass return render_template('modules.html', uuid=tree_uuid, vt=vt_short_result, pi=pi_short_result, urlscan=urlscan_to_display, phishtank=phishtank_short_result) diff --git a/website/web/templates/modules.html b/website/web/templates/modules.html index 4cc3b828..09f350f5 100644 --- a/website/web/templates/modules.html +++ b/website/web/templates/modules.html @@ -1,11 +1,12 @@ {% from "macros.html" import shorten_string %}
-{% if urlscan and urlscan.get('permaurl') %} +{% if urlscan %}

urlscan.io

+ {% if urlscan.get('permaurl') %}

A scan was triggered for this capture, click to view it on urlscan.io.

{% if urlscan['malicious']%} @@ -15,6 +16,10 @@

It is tagged as {{ ','.join(urlscan['tags']) }}.

{% endif%} + {% elif urlscan.get('error_message') %} +

Unable to trigger the scan, urlscan.io returned the following message:

+

{{ urlscan.get('error_message') }}

+ {% endif%}
{% endif%}