- Notifications
You must be signed in to change notification settings - Fork11
CLI tool which uses URLScan to scan websites and download corresponding screenshots and DOMs.
License
Aquarthur/urlscanio
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
URLScan.io is a useful tool for scanning and obtaining information from potentially malicious websites. The creators of URLScan have very helpfully made anAPI which can be used to add some automation to your workflow.urlscanio is a simple Python CLI utility which makes use of the aforementioned APIs to automate my own personal workflow when it comes to using URLScan.
urlscanio requires Python >= 3.8. You will also need aURLScan.io account and/or API key.
If you have a compatible Python version installed, simply run (usingpip3 if necessary):
pip install urlscanio
In this section, the different functions of the CLI are outlined. You may also useurlscanio -h orurlscanio --help for information within your terminal.
This tool requires an environment variable namedURLSCAN_API_KEY containing your API key. Optionally, you may also set an environment variable calledURLSCAN_DATA_DIR to specify where the screenshots and DOM should be downloaded. If not set, they will be downloaded in the directory you runurlscanio from.
It is recommended to use.bashrc or.zshrc for this. If using PowerShell, addURLSCAN_API_KEY andURLSCAN_DATA_DIR to your user profile.
urlscanio will use the proxy settings specified by theHTTP_PROXY,HTTPS_PROXY, andNO_PROXY environment variables if present.
Provided a URL (containing the protocol and domain at minimum), will request a scan and download the corresponding screenshot and DOM, as well as the report URL.
urlscanio -i https://www.some-dodgy.websiteurlscanio --investigate http://some-dodgy.website
Provided a URL (containing the protocol and domain at minimum), will request a scan and return the UUID generated. This can then be used to determine eg the screenshot location.
urlscanio -s https://www.some-dodgy.websiteurlscanio --submit http://some-dodgy.website
Provided the UUID linked to the scan in question, will query the API to download the screenshot and DOM from the report, as well as return the report URL.
urlscanio -r c5be1459-0a64-4751-bf25-8dd6d3c5742durlscanio --retrieve c5be1459-0a64-4751-bf25-8dd6d3c5742d
If you have >1 URL you'd like to investigate, use the-b/--batch-investigate flag. You will need a file containing a URL per line, eg:
https://www.example1.comhttps://www.example2.comhttps://www.example3.com
The filename containing the URLs can then be passed, triggering an "investigation" for each URL. It will trigger each investigation in 3 second intervals by default, as UrlScan.io requires a minimum of 2 seconds between scan requests.
urlscanio will produce an output CSV containing the results. The output CSV will be named[input_stem].csv; for example, passing intest.txt will producetest.csv.
urlscanio -b test.txturlscanio --batch-investigate test.txt
Perform asearch query. Results are returned as JSON.
urlscanio -q'domain:urlscan.io'You can get the scan result data for a given scan UUID.
urlscanio -g 0e38487e-6514-431d-a305-f2de2f6db348
urlscanio includes a verbosity flag which takes 3 possible values: 0 (critical), 1 (info), and 2 (debug). This can be used with of the above commands to produce varying amounts oflogs to give context to the commands run. If the flag is not passed, the verbosity is set to 0. If the flag is passed without a value, the verbosity level is set to one.
urlscanio -i https://www.some-dodgy.website# verbosity is 0 (critical)urlscanio -v -i https://www.some-dodgy.website# verbosity is 1 (info)urlscanio -v 0 -i https://www.some-dodgy.website# verbosity is 0 (critical)urlscanio -v 1 -i https://www.some-dodgy.website# verbosity is 1 (info)urlscanio -v 2 -i https://www.some-dodgy.website# verbosity is 2 (debug)