urlscan.io's SOAR spot: Chatty security tools leaking private data | Positive Security
urlscan.io's SOAR spot: Chatty security tools leaking private data Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on urlscan.io, a security tool used to analyze URLsPart of the data has been leaked in an automated way by other security tools that accidentally made their scans public (as did GitHub earlier this ye
Dissecting the Phish: Intro to Phishing Investigations — Useful Online Resources
In this blog post, I will be introducing online resources that can be used to investigate Phishing sites. In Collecting the Phishing Samples, I will cover how Phishing samples can be collected from online databases. In Domain/IP/URL Analysis, I will be covering how the domains, IPs, and URLs can be analyzed using online services and WHOIS information. In Sandbox Analysis, I will be covering how on
PhishTank調査を自動化ã—ãŸã„ - part2|serasora
今月ã®ç›®æ¨™å‰å›žã«å¼•ã続ã„ã¦ã§ã™ãŒ ①フィッシングサイトã®URLã‚’å–å¾— ②フィッシングサイトã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ ③フィッシングサイトã¸èªè¨¼æƒ…å ±ï¼ˆæ£è¦ã®èªè¨¼æƒ…å ±ã§ã¯ãªã„ã€IDã¨ç’°å¢ƒã¯è‡ªåˆ†æŒã¡ï¼‰ã‚’入力 â‘£Azure ADã¸ã®ã‚µã‚¤ãƒ³ã‚¤ãƒ³è©¦è¡Œã®ç¢ºèªã®ã‚µã‚¤ã‚¯ãƒ«ã‚’出æ¥ã‚‹é™ã‚Šæ¥½ã«ã—ãŸã„ã€ã¨ã„ã†ã®ãŒæœ¬ç¨¿ã®ç›®çš„ã¨ãªã‚Šã¾ã™ã€‚ å‰å›žã¯â‘ ã‚’Log Analyticsを使ã£ã¦å®Ÿæ–½ã—ã¾ã—ãŸã€‚ 今回ã¯â‘¡ï½žâ‘¢ã‚’自動化ã—ã¦ãŠããŸã„ã®ã§ä»¥ä¸‹ã®ã‚ˆã†ãªã‚³ãƒ³ã‚»ãƒ—トã§è¦ä»¶å®šç¾©ã—ã¾ã™ã€‚ ・フィッシングサイトã®ç”Ÿãæ»ã«ãŒè¦–覚的ã«ç¢ºèªã§ãã‚‹ã“㨠・PCã‚’é–‹ã‹ãšã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãã‚‹ã“㨠・フィッシングサイトURLã”ã¨ã«å…¥åŠ›ã™ã‚‹è³‡æ ¼æƒ…å ±ã®ã‚¨ã‚¤ãƒªã‚¢ã‚¹ã‚’変更ã§ãã‚‹ã“㨠視覚的ã«ç”Ÿãæ»ã«ç¢ºèªã£ã¦ã©ã†ã—よã†ï¼Ÿãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚°ã‚µã‚¤ãƒˆURLã®ä¸€è¦§ã‚’é †ç•ªã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ç”Ÿãæ»ã«ã‚’確èªã™ã‚‹ã®ã¯æ™‚é–“ãŒã‹ã‹ã‚Šã¾ã™ã€‚ 一応PhishTankã®çµæžœã«onlineã¨ã„ã†ã‚«ãƒ©ãƒ ãŒã‚ã‚‹ãŸã‚
API Documentation - urlscan.io
Scan is only visible to you in your personalised search or if you share the scan ID with third parties. Scans will be deleted from our system after a certain retention period. Use this if you don't want anyone else to see the URLs you submitted. API Use Best Practices These are some general pieces of advice we have collected over the years. Please stick to them, our life will be a lot easier! DO N
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - sra0ne/urlscan-screenshot: A simple Ruby script to get a screenshot of a live webpage using the free urlscan.io API ,also saves the whole result json for inspection
GitHub - Aquarthur/urlscanio: CLI tool which uses URLScan to scan websites and download corresponding screenshots and DOMs.
GitHub - gbikram/ThreatTrack: Script parses through a CSV file containing queries for various online data sources that scrape and collect metadata on URLs, IPs, Domains and Files. The queries are run against the respective data sources and the resulting o
Shodan and Censys Query My Router - RouterSecurity.org
GitHub - Lissy93/web-check: 🕵ï¸â€â™‚ï¸ All-in-one OSINT tool for analysing any website
国内を標的ã¨ã—㟠銀行フィッシングè©æ¬ºã®åˆ†æž
GitHub - Evil-Twins-X/SubEvil: SubEvil is an advanced open source intelligence framework (OSINT) for grouping subdomains.
GitHub - Humoud/Analyziz: A workbench for initial analysis of malicious domains, urls, and malware samples.
How To Takedown Phishing Domains for Free - SOCRadar® Cyber Intelligence Inc.
GitHub - m-mizutani/urlscan-go: urlscan.io client library in Go
GitHub - ShilpeshTrivedi/IR_TI_Scripts: This Repo help, into IR and Threat Hunting preparative.
GitHub - ninoseki/osakana: A Swiss army knife tool for my phishing research
SecurityTrails | How to use name server records to locate malicious domains en masse
Miteru:实验性网络钓鱼工具包检测工具 - 链闻 ChainNews
GitHub - ecstatic-nobel/pOSINT: Gather Open-Source Intelligence using PowerShell.
7 Best Security Scanning API to Detect Website Risk | Geekflare
{{#tags}}- {{label}}
{{/tags}}