feat: add Google Safe Browsing lookup

Implement #210
ninoseki · Mar 16, 2019 · c08ea32 · c08ea32
1 parent 952f90b
commit c08ea32
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 43 deletions.
diff --git a/README.md b/README.md
@@ -36,49 +36,50 @@ Mitaka is an OSINT friendly Chrome extension which can:
 
 ### Supported search engines
 
-| name             | url                                  | supported types                   |
-|:-----------------|:-------------------------------------|:----------------------------------|
-| AbuseIPDB        | https://www.abuseipdb.com            | ip                                |
-| archive.org      | https://archive.org/                 | url                               |
-| BGPView          | https://bgpview.io                   | ip / asn                          |
-| BinaryEdge       | https://app.binaryedge.io            | ip / domain                       |
-| BitcoinAbuse     | https://www.bitcoinabuse.com         | btc                               |
-| Blockchain.com   | https://www.blockchain.com           | btc                               |
-| BlockCypher      | https://live.blockcypher.com         | btc                               |
-| Censys           | https://censys.io                    | ip / domain / asn / text          |
-| crt.sh           | https://crt.sh                       | domain                            |
-| Cymon            | https://cymon.io                     | ip / domain                       |
-| DNSlytics        | https://dnslytics.com                | ip / domain                       |
-| DomainBigData    | https://domainbigdata.com            | domain                            |
-| DomainWatch      | https://domainwat.ch                 | domain / email                    |
-| FOFA             | https://fofa.so                      | ip / domain                       |
-| FindSubDomains   | https://findsubdomains.com           | domain                            |
-| HybridAnalysis   | https://www.hybrid-analysis.com      | ip / domain / hash (sha256 only)  |
-| Intelligence X   | https://intelx.io                    | ip / domain / url / email / btc   |
-| Maltiverse       | https://www.maltiverse.com           | domain / hash                     |
-| OOCPR            | https://data.occrp.org               | email                             |
-| ONYPHE           | https://www.onyphe.io                | ip                                |
-| OTX              | https://otx.alienvault.com           | ip / domain / hash                |
-| Pipl             | https://pipl.com                     | email                             |
-| PubDB            | http://pub-db.com                    | gaPubID / gaTrackID               |
-| PublicWWW        | https://publicwww.com                | text                              |
-| Pulsedive        | https://pulsedive.com                | ip / domaion / url / hash         |
-| RiskIQ           | http://community.riskiq.com          | ip / domain / email               |
-| SecurityTrails   | https://securitytrails.com           | ip / domain                       |
-| Shodan           | https://www.shodan.io                | ip / domain / asn                 |
-| Sploitus         | https://sploitus.com                 | cve                               |
-| SpyOnWeb         | http://spyonweb.com                  | ip / domain / gaPubID / gaTrackID |
-| Talos            | https://talosintelligence.com        | ip / domain                       |
-| ThreatCrowd      | https://www.threatcrowd.org          | ip / domain / email               |
-| ThreatMiner      | https://www.threatminer.org          | ip / domain / hash                |
-| Urlscan          | https://urlscan.io                   | ip / domain / url                 |
-| ViewDNS          | https://viewdns.info                 | ip / domain / email               |
-| VirusTotal       | https://www.virustotal.com           | ip / domain / url / hash          |
-| Vulmon           | https://vulmon.com                   | cve                               |
-| VxCube           | http://vxcube.com                    | ip / domain / hash                |
-| WebAnalyzer      | https://wa-com.com/                  | domain                            |
-| X-Force Exchange | https://exchange.xforce.ibmcloud.com | ip / domain / hash                |
-| ZoomEye          | https://www.zoomeye.org              | ip                                |
+| name                 | url                                    | supported types                   |
+|:---------------------|:---------------------------------------|:----------------------------------|
+| AbuseIPDB            | https://www.abuseipdb.com              | ip                                |
+| archive.org          | https://archive.org/                   | url                               |
+| BGPView              | https://bgpview.io                     | ip / asn                          |
+| BinaryEdge           | https://app.binaryedge.io              | ip / domain                       |
+| BitcoinAbuse         | https://www.bitcoinabuse.com           | btc                               |
+| Blockchain.com       | https://www.blockchain.com             | btc                               |
+| BlockCypher          | https://live.blockcypher.com           | btc                               |
+| Censys               | https://censys.io                      | ip / domain / asn / text          |
+| crt.sh               | https://crt.sh                         | domain                            |
+| Cymon                | https://cymon.io                       | ip / domain                       |
+| DNSlytics            | https://dnslytics.com                  | ip / domain                       |
+| DomainBigData        | https://domainbigdata.com              | domain                            |
+| DomainWatch          | https://domainwat.ch                   | domain / email                    |
+| FindSubDomains       | https://findsubdomains.com             | domain                            |
+| FOFA                 | https://fofa.so                        | ip / domain                       |
+| Google Safe Browsing | https://transparencyreport.google.com/ | domain / url                      |
+| HybridAnalysis       | https://www.hybrid-analysis.com        | ip / domain / hash (sha256 only)  |
+| Intelligence X       | https://intelx.io                      | ip / domain / url / email / btc   |
+| Maltiverse           | https://www.maltiverse.com             | domain / hash                     |
+| OOCPR                | https://data.occrp.org                 | email                             |
+| ONYPHE               | https://www.onyphe.io                  | ip                                |
+| OTX                  | https://otx.alienvault.com             | ip / domain / hash                |
+| Pipl                 | https://pipl.com                       | email                             |
+| PubDB                | http://pub-db.com                      | gaPubID / gaTrackID               |
+| PublicWWW            | https://publicwww.com                  | text                              |
+| Pulsedive            | https://pulsedive.com                  | ip / domaion / url / hash         |
+| RiskIQ               | http://community.riskiq.com            | ip / domain / email               |
+| SecurityTrails       | https://securitytrails.com             | ip / domain                       |
+| Shodan               | https://www.shodan.io                  | ip / domain / asn                 |
+| Sploitus             | https://sploitus.com                   | cve                               |
+| SpyOnWeb             | http://spyonweb.com                    | ip / domain / gaPubID / gaTrackID |
+| Talos                | https://talosintelligence.com          | ip / domain                       |
+| ThreatCrowd          | https://www.threatcrowd.org            | ip / domain / email               |
+| ThreatMiner          | https://www.threatminer.org            | ip / domain / hash                |
+| Urlscan              | https://urlscan.io                     | ip / domain / url                 |
+| ViewDNS              | https://viewdns.info                   | ip / domain / email               |
+| VirusTotal           | https://www.virustotal.com             | ip / domain / url / hash          |
+| Vulmon               | https://vulmon.com                     | cve                               |
+| VxCube               | http://vxcube.com                      | ip / domain / hash                |
+| WebAnalyzer          | https://wa-com.com/                    | domain                            |
+| X-Force Exchange     | https://exchange.xforce.ibmcloud.com   | ip / domain / hash                |
+| ZoomEye              | https://www.zoomeye.org                | ip                                |
 
 You can enable / disable a search engine via the extension's options.
 

diff --git a/src/lib/searcher/googlesafebrowsing.ts b/src/lib/searcher/googlesafebrowsing.ts
@@ -0,0 +1,26 @@
+import { buildURL } from "../url_builder";
+import { SearchableType, Searcher } from "./searcher";
+
+export class GoogleSafeBrowsing implements Searcher {
+
+  public endpoint: string;
+  public name: string;
+  public supportedTypes: SearchableType[] = ["domain", "url"];
+
+  constructor() {
+    this.endpoint = "https://transparencyreport.google.com";
+    this.name = "GoogleSafeBrowsing";
+  }
+
+  public searchByDomain(query: string) {
+    return this.search(query);
+  }
+
+  public searchByURL(query: string) {
+    return this.search(query);
+  }
+
+  private search(query: string) {
+    return buildURL(this.endpoint, "/safe-browsing/search", { url: query });
+  }
+}
diff --git a/src/lib/searcher/index.ts b/src/lib/searcher/index.ts
@@ -14,6 +14,7 @@ export { DomainWatch } from "./domainwatch";
 export { FindSubDomains } from "./findsubdomains";
 export { FOFA } from "./fofa";
 export { FortiGuard } from "./fortiguard";
+export { GoogleSafeBrowsing } from "./googlesafebrowsing";
 export { HybridAnalysis } from "./hybridanalysis";
 export { IntelligenceX } from "./intelligencex";
 export { Maltiverse } from "./maltiverse";

diff --git a/src/lib/searcher/searchers.ts b/src/lib/searcher/searchers.ts
@@ -15,6 +15,7 @@ import {
   FindSubDomains,
   FOFA,
   FortiGuard,
+  GoogleSafeBrowsing,
   HybridAnalysis,
   IntelligenceX,
   Maltiverse,
@@ -61,6 +62,7 @@ export const Searchers: Searcher[] = [
   new FindSubDomains(),
   new FOFA(),
   new FortiGuard(),
+  new GoogleSafeBrowsing(),
   new HybridAnalysis(),
   new IntelligenceX(),
   new Maltiverse(),

diff --git a/src/spec/searcher/googlesafebrowsing.spec.ts b/src/spec/searcher/googlesafebrowsing.spec.ts
@@ -0,0 +1,23 @@
+import { expect } from "chai";
+import "mocha";
+import { GoogleSafeBrowsing } from "../../lib/searcher";
+
+describe("Google Safe Browsing", () => {
+  const subject = new GoogleSafeBrowsing();
+
+  it("should support domain & URL type IOC", () => {
+    expect(subject.supportedTypes).to.deep.equal(["domain", "url"]);
+  });
+
+  describe("#searchByDoman", () => {
+    it("should return URL", () => {
+      expect(subject.searchByDomain("github.com")).to.equal("https://transparencyreport.google.com/safe-browsing/search?url=github.com");
+    });
+  });
+
+  describe("#searchByURL", () => {
+    it("should return URL", () => {
+      expect(subject.searchByURL("https://github.com")).to.equal("https://transparencyreport.google.com/safe-browsing/search?url=https%3A%2F%2Fgithub.com");
+    });
+  });
+});