Browse Source

Update urlscan.py

Added hash to the search so you can take advantage of the new file down load function on urlscan.io.  You can use this to pivot on file hashes and find out domains that hosting the same malicious file.
pull/218/head
SuRb0 3 years ago
committed by GitHub
parent
commit
b0be965e57
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 6
      misp_modules/modules/expansion/urlscan.py

6
misp_modules/modules/expansion/urlscan.py

@ -22,8 +22,8 @@ moduleinfo = {
moduleconfig = ['apikey']
misperrors = {'error': 'Error'}
mispattributes = {
'input': ['hostname', 'domain', 'url'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url', 'text', 'link']
'input': ['hostname', 'domain', 'url', 'hash'],
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url', 'text', 'link', 'hash']
}
@ -49,6 +49,8 @@ def handler(q=False):
r['results'] += lookup_indicator(client, request['hostname'])
if 'url' in request:
r['results'] += lookup_indicator(client, request['url'])
f 'hash' in request:
r['results'] += lookup_indicator(client, request['hash'])
# Return any errors generated from lookup to the UI and remove duplicates

Loading…
Cancel
Save