[Analyzer] WAD #814
Comments
|
Good catch but we do not usually integrate tools that actively scan a target in IntelOwl. This is because IntelOwl is not a tool that should be used for perfroming reconnaissance of a target. There are plenty of other projects that do that better and this has never been its main goal. I have already closed other similar issues. However I understand that the framework completely supports these use cases and could integrate several similar tools/services. The point is that we should categorize them differently. We cannot just add them as normal analyzers. I guess that a little customization for the "reconnaissance tools/services" can be thought and done once we will start working on the playbooks (#628). The playbooks will allow to group some analyzers together, to better separate use cases from one another. So I think we could keep this issue as a reminder. But right now, considering the almost all the IntelOwl users just run "all the analyzers", I think we should avoid this. |
|
from 2021 to 2023, now it could be time to start thinking about this. We have implemented Playbooks and we have IntelOwl v4. |
|
this could be implemented like a normal analyzer |
We can retrieve more information about the infrastructure behind a domain using WAD.
Since it is actually contacting the domain, we should add the
leak_infoflag in the configuration.The text was updated successfully, but these errors were encountered: