Triage automation for suspect URLs
Switch branches/tags
Nothing to show
Clone or download
Latest commit 405673a Jun 25, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Create LICENSE Feb 7, 2018 Update Jun 25, 2018 Update Jun 25, 2018


Submits URLs to API by specifying -u option. Creates case in TheHive, then adds observables for tracking and intel sharing.


$ ./ -h
usage: [-h] -u URL

optional arguments:
  -h, --help         show this help message and exit
  -u URL, --url URL  Suspect URL


captain@sift -> /m/h/D/b/urlscan 
$ ./ -u
urlScan IOC generator,  1.1
Username: responder

[*] Submission successful
[*] Locating case template for suspected phishing
[*] Creating case from template
[*] Added URL observable for
[*] Added IP observable for
[*] Added IP observable for
[*] Added domain observable for
[*] Updated case with link to scan summary
[*] Updated case with screenshot found by following suspect URL



Requires TheHive4py, Requests, and a API token.