forked from Te-k/analyst-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathurlscan.py
61 lines (54 loc) · 2.04 KB
/
urlscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#! /usr/bin/env python
import json
import argparse
import requests
class UrlScan(object):
def __init__(self):
self.url = "https://urlscan.io/api/v1/"
def search(self, query, size=100, offset=0):
params = {
'q': query,
'size': size,
'offset': offset
}
r = requests.get(self.url + "search/", params=params)
return r.json()
def view(self, uid):
r = requests.get(self.url + 'result/' + uid)
return r.json()
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Query urlscan')
subparsers = parser.add_subparsers(help='Subcommand')
parser_a = subparsers.add_parser('search', help='Search in urlscan')
parser_a.add_argument('QUERY', help='DOMAIN to be queried')
parser_a.add_argument('--raw', '-r', action='store_true', help='Shows raw results')
parser_a.set_defaults(subcommand='search')
parser_c = subparsers.add_parser('view', help='View urlscan analysis')
parser_c.add_argument('UID', help='UId of the analysis')
parser_c.set_defaults(subcommand='view')
args = parser.parse_args()
if 'subcommand' in args:
us = UrlScan()
if args.subcommand == 'search':
# Search
res = us.search(args.QUERY)
if args.raw:
print(json.dumps(res, sort_keys=True, indent=4))
else:
if len(res['results']) > 0:
for r in res['results']:
print("{} - {} - {} - https://urlscan.io/result/{}".format(
r["task"]["time"],
r["page"]["url"],
r["page"]["ip"],
r["_id"]
)
)
else:
print("No results for this query")
elif args.subcommand == 'view':
print(json.dumps(us.view(args.UID), sort_keys=True, indent=4))
else:
parser.print_help()
else:
parser.print_help()