I have always wanted to create a Site Reputability Scanner for a while now, hence the Site Triage and Analysis Tool (STrAT) was born.
For now you will need your own VirusTotal and Urlscan API keys, placed in a file in the directory which you clone this repo into, named .env.
Subjected to changes as the project progresses
-
chore: Scanning links provided by the user using both the Urlscan.io and VirusTotal APIs concurrently
- user inputs still require validation 👀
- addition of scan type feature (public, private or unlisted)
- removed potentially dangerous C2 callback by script -> used phishTank for now
- request timeout (async) for urlscan
- fix VT Url Analysis Report Output Issue; VT unscanned url returns
0for"malicious"and"harmless"categories - testing if script is working and cross-platform
- download URLScan Image
- add requirements.txt
-
additional features: not entirely sure if feasible
- Having the tool accept command line arguments and build help menu (probably using
argparseorgetoptspython libraries?) - Loading bar for API load
- Use some AI engine for heuristic scanning
- Having the tool accept command line arguments and build help menu (probably using
-
chore: Returning and determining results based on threat scoring (something like classifications on Hybrid Analysis)
-
chore: Include and update wiki for documentation
- Feel free to create an issue for any suggestions or issues or use the PR functionality.
- Python 3.10+
- See requirements.txt and install dependencies using:
$ pip install -r requirements.txt
.envfile layout (naming convention of the variables don't matter, but their order does -- as I hardcoded the index):
VT_API_KEY = '<VIRUSTOTAL_API_KEY>'
US_API_KEY = '<URLSCAN_API_KEY>'
IP_DATA_KEY = '<IPDATA.CO_API_KEY>'