Comments (4)
Similar to what we have on the hostnode popup, but all at one place?
I don't know, where is that "hostnode" popup ? You mean the "Ressources in tree" modal window ?
Sorry, that's the name I use internally. It is the popup you get when you click on a domain on the tree. For each request/response, you have the ressources and correlations. This popup is a bit of a mess and I need to improve it.
Isn't it what you have when you click on
Ressources Capture
? Assuming we'd add the name as asked in the other issue (#745)First, it seems that requests shown in the "Ressources Capture" window does not follow the chronological order (this is counter-intuitive): with the following example (https://lookyloo.circl.lu/tree/4530f488-1451-4e0f-bad7-831107fe8a4c), I had first to sort (arrow up) the "Captures total" column to have, what it seems to be, the chronological order.
Right, I understand. The Ressources Capture
modal is sorted by frequency of that ressource in the Lookyloo instance. The issue with chronological order is that as all the requests are happening more or less at the same. Having one response after another in a list doesn't mean they are related, as they can be triggered by completely different parts of the tree. I can have a page that displays the HAR directly in a similar was as urlscan.io
, but you loose the context.
Then, do you confirm that the first request (the GET "/" request) shown by Lookyloo is the same first request shown on
urlscan.io
: because, really, this is useful request to pivot and find similar (malicious) websites !
Yes, the first node on the tree is a GET on the URL. If the URL is just a hostname, it is a GET on /
, but it can be an URL with a lot more parameters, as long as I can pass it to the browser.
Anyway, try to perform a diff between:
* https://lookyloo.circl.lu/tree/4530f488-1451-4e0f-bad7-831107fe8a4c * https://urlscan.io/result/d416594f-592b-460b-9757-c03a86347aba/#transactions
As you may have understood, it would be great to mimic what urlscan.io is doing, because their platform is great, but still, a commercial project which can change drastically change rules at any time. And ineluctably, it will. And we will all get disappointed.
Please make Lookyloo as great as urlscan.io :-) We all need such a free platform !
There is a lot of logic and pointing out the targets of the phishing sites and so on that I'll probably not have in Lookyloo any time soon, the two platforms are pretty complementary. But yes, the goal of Lookyloo is to allow an easy(er) analysis of malicious or just weird URLs, so thank you for the nice words, and keep opening feature requests :)
from lookyloo.
Just to make sure I understand the feature: you want a dedicated page/panel that lists all the transactions (HTTP tab on urlscan.io
) of a capture with the ressource hash so you can pivot on it?
Similar to what we have on the hostnode popup, but all at one place?
Isn't it what you have when you click on Ressources Capture
? Assuming we'd add the name as asked in the other issue (#745)
from lookyloo.
you want a dedicated page/panel that lists all the transactions (HTTP tab on
urlscan.io
) of a capture with the ressource hash so you can pivot on it?
Yes exactly !
Similar to what we have on the hostnode popup, but all at one place?
I don't know, where is that "hostnode" popup ? You mean the "Ressources in tree" modal window ?
Isn't it what you have when you click on
Ressources Capture
? Assuming we'd add the name as asked in the other issue (#745)
First, it seems that requests shown in the "Ressources Capture" window does not follow the chronological order (this is counter-intuitive): with the following example (https://lookyloo.circl.lu/tree/4530f488-1451-4e0f-bad7-831107fe8a4c), I had first to sort (arrow up) the "Captures total" column to have, what it seems to be, the chronological order.
Then, do you confirm that the first request (the GET "/" request) shown by Lookyloo is the same first request shown on urlscan.io
: because, really, this is useful request to pivot and find similar (malicious) websites !
Anyway, try to perform a diff between:
- https://lookyloo.circl.lu/tree/4530f488-1451-4e0f-bad7-831107fe8a4c
- https://urlscan.io/result/d416594f-592b-460b-9757-c03a86347aba/#transactions
As you may have understood, it would be great to mimic what urlscan.io is doing, because their platform is great, but still, a commercial project which can change drastically change rules at any time. And ineluctably, it will. And we will all get disappointed.
Please make Lookyloo as great as urlscan.io :-)
We all need such a free platform !
from lookyloo.
Clear, thank you very much and keep up that good work !
from lookyloo.
Related Issues (20)
- [Feature]: Ressources in tree - downloading and view other hash values HOT 2
- [Feature] Auto-report for suspicious links HOT 1
- [Feature]: Log proxy info
- [Bug]: No redirect for uploaded html file HOT 1
- [Feature]: Change geoloc HOT 1
- [Improvment] Use stored capture_settings.json to re-capture
- [Bug]: URI Fragment discarded on capture HOT 2
- [Bug] improper rendering of HTML file when the extension is missing
- [Feature]: LDAP support
- [Feature]: Show a resource name in the "Ressources in tree" window HOT 3
- [Feature]: Add an icon when the website display a page and download a file
- [Feature] Implement 3rd party lookup against snyk js
- [Feature] Get user key for captcha -> takedown HOT 1
- [Bug]: push to misp silently fails accessing VT behind a proxy HOT 1
- [Feature] Improve gathering contact details for takedown requests
- [Feature] Deduplication of captures for takedown requests
- [Feature] Improve email template for takedown requests
- [Feature] CERT PL phishing truncated hash HTML structure
- [Bug]: Lookyloo throws LookylooException when hashlookup is not enabled in config
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lookyloo.