Go to file

Raphaël Vinot 3d2ae503ec Merge pull request #15 from CIRCL/dependabot/pip/urllib3-1.26.5 build(deps): bump urllib3 from 1.26.4 to 1.26.5		2021-06-01 16:53:19 -07:00
bin	new: Add permalink to lookyloo	2019-01-31 17:29:20 +01:00
cache	new: Major refactoring to use more recent techniques. Python3.6+	2018-12-17 16:21:31 +01:00
client	new: Add test case	2019-02-04 16:09:23 +01:00
doc/logo	add: [doc] URL Abuse logo added	2018-12-18 11:41:27 +01:00
urlabuse	fix: Do not send more than one email/day/hostname to the ticketing system.	2019-03-14 10:01:35 +01:00
website	fix: The confirm message about the mail sent wasn't displayed in prod	2019-04-25 15:01:42 +02:00
.gitignore	chg: Move installation process to pipenv	2019-01-17 16:29:28 +01:00
.gitmodules	new: Major refactoring to use more recent techniques. Python3.6+	2018-12-17 16:21:31 +01:00
.travis.yml	new: Add test case	2019-02-04 16:09:23 +01:00
LICENSE	Initial commit	2015-03-02 14:55:34 +01:00
Pipfile	fix: Force version of werkzeug	2019-08-22 18:50:51 +02:00
Pipfile.lock	build(deps): bump urllib3 from 1.26.4 to 1.26.5	2021-06-01 23:18:01 +00:00
README.md	fix: Rewrite travis file	2019-02-04 13:55:54 +01:00
requirements.txt	chg: Bump requirements.txt	2019-08-22 18:53:18 +02:00
setup.py	chg: Move installation process to pipenv	2019-01-17 16:29:28 +01:00

README.md

URL Abuse

URL Abuse is a versatile free software for URL review, analysis and black-list reporting. URL Abuse is composed of a web interface where requests are submitted asynchronously and a back-end system to process the URLs into features modules.

Features

HTTP redirects analysis and follows
Google Safe-Browsing lookup
Phishtank lookup
VirusTotal lookup and submission
URL query lookup
CIRCL Passive DNS lookup
CIRCL Passive SSL lookup
Universal WHOIS lookup for abuse contact
Sphinx search interface to RT/RTIR ticketing systems. The functionality is disabled by default but can be used to display information about existing report of malicious URLs.

Please note that some of the API services will require an API key. The API keys should be located in the root of the URL Abuse directory.

Online version

CIRCL URL Abuse is online.

If you don't want to use the online version or run your own version of URL Abuse, you can follow the install process below.

Install

IMPORTANT: Use pipenv

NOTE: Yes, it requires python3.6+. No, it will never support anything older.

Install redis

git clone https://github.com/antirez/redis.git
cd redis
git checkout 5.0
make
make test
cd ..

Install Faup

git clone git://github.com/stricaud/faup.git
cd faup
mkdir build
cd build
cmake .. && make
sudo make install

Install & run URL Abuse

git clone https://github.com/CIRCL/url-abuse.git
cd url-abuse
pipenv install
echo URLABUSE_HOME="'`pwd`'" > .env
pipenv shell
# Copy and review the configuration:
cp website/config/config.ini.sample website/config/config.ini
# Starts all the backend
start.py
# Start the web interface
start_website.py

Contributing

We welcome pull requests for new extensions, bug fixes.

Add a new module

Look at the existings functions/modules. The changes will have to be made in the following files:

Add the function you want to execure in url_abuse_async.py
Add a route in web/__init__.py. This route will do an async call to the function defined in url_abuse_async.py. The parameter of the function is sent in an POST object
Add a statement in web/templates/url-report.html. The data option is the parameter to pass to the javascript directive
Add a directive in web/static/main.js, it will take care of passing the parameter to the backend and regularly pull for the response of the async call

Partner and Funding

URL Abuse was being developed as part of the “European Union anti-Phishing Initiative” (EU PI) project. This project was coordinated by Cert-Lexsi and co-funded by the Prevention of and Fight against Crime programme of the European Union.

URL Abuse is currently supported and funded by CIRCL ( Computer Incident Response Center Luxembourg).