How does urlscan work




















Using the urlscan. Integrations Name Description urlscan. Added warning when the rate limit is 10 or less. Read more. Use urlscan. Most likely, each of us has received a malicious URL coming from close friends' or family members' accounts.

What choices do we have? For the diligent ones amongst us, what is the best way to investigate further one may ask? One option is a background scanner that looks at each website's health the URL points to without eyeballing it manually. Wouldn't that be nice? Nowadays, it is not the OS on your desktop but the browser web access that dictates your computer health and network resource usage.

By scanning a URL using back-end tools like UrlScan, we can get a lot of information about how the website looks and works, including its dynamic content, video, images, etc. There are several tools but let's start with UrlScan. UrlScan is a Microsoft tool that analyzes the text content and the dynamic javascript and DOM structure to filter out unwanted websites. The idea is that if a website URL is unsafe, a not found error is returned, thereby making the click work safely even with automated software-based clicks and accesses.

Another such tool: urlscan. When a URL goes to urlscan. If the site targets the users of a familiar brand tracked by urlscan. I have seen plenty of open source tools that use UrlScan for various purposes, even to break down an HTML file into links inside the mutt email client on Linux. UrlScan operates using a synchronous call method in which you wait for results when you invoke the scan. But it is commonly used by submitting a URL and then polling for scan results later. Due to the high traffic and owing to the service being free, UrlScan requires you to obtain a free API key for the scan service and is hassle-free in my experience.

But to use the service, we must implement exponential backoff and play like a good citizen and not abuse their server resources. Here are some examples to get you started. First you export the API key like this:. You also have the --submit and --retrieve commands for the offline operation and batch requests. If you look at the screenshots you see this. As opposed to command-line based and browser-based scanners, this back-end based service, which uses a Google Chrome headless method, is beneficial and powerful.

An API key is needed for analysts to submit a domain or url to be scanned by Urlscan. Allow for manual submission - This toggle option enables the submission of urls or domains. This option is off by default.

View Malicious Indicators Only - This toggle option enables the integration to only return information on urls that are malicious. Ignore List or Ignore Regex - Urlscan Integration enables the ability to set a regex to match domains or ips to be ignored or add in a comma separated list, so the integration will never look them up in Urlscan.

This is typically used for sensitive information or company domains. After searching for the scan, additional scan details are returned by retrieving the overall verdict information to include whether the indicator is malicious, the overall score, tags, categories and brands.



0コメント

  • 1000 / 1000