diff --git a/README.md b/README.md index 496a485d..09235d50 100755 --- a/README.md +++ b/README.md @@ -36,49 +36,50 @@ Mitaka is an OSINT friendly Chrome extension which can: ### Supported search engines -| name | url | supported types | -|:-----------------|:-------------------------------------|:----------------------------------| -| AbuseIPDB | https://www.abuseipdb.com | ip | -| archive.org | https://archive.org/ | url | -| BGPView | https://bgpview.io | ip / asn | -| BinaryEdge | https://app.binaryedge.io | ip / domain | -| BitcoinAbuse | https://www.bitcoinabuse.com | btc | -| Blockchain.com | https://www.blockchain.com | btc | -| BlockCypher | https://live.blockcypher.com | btc | -| Censys | https://censys.io | ip / domain / asn / text | -| crt.sh | https://crt.sh | domain | -| Cymon | https://cymon.io | ip / domain | -| DNSlytics | https://dnslytics.com | ip / domain | -| DomainBigData | https://domainbigdata.com | domain | -| DomainWatch | https://domainwat.ch | domain / email | -| FOFA | https://fofa.so | ip / domain | -| FindSubDomains | https://findsubdomains.com | domain | -| HybridAnalysis | https://www.hybrid-analysis.com | ip / domain / hash (sha256 only) | -| Intelligence X | https://intelx.io | ip / domain / url / email / btc | -| Maltiverse | https://www.maltiverse.com | domain / hash | -| OOCPR | https://data.occrp.org | email | -| ONYPHE | https://www.onyphe.io | ip | -| OTX | https://otx.alienvault.com | ip / domain / hash | -| Pipl | https://pipl.com | email | -| PubDB | http://pub-db.com | gaPubID / gaTrackID | -| PublicWWW | https://publicwww.com | text | -| Pulsedive | https://pulsedive.com | ip / domaion / url / hash | -| RiskIQ | http://community.riskiq.com | ip / domain / email | -| SecurityTrails | https://securitytrails.com | ip / domain | -| Shodan | https://www.shodan.io | ip / domain / asn | -| Sploitus | https://sploitus.com | cve | -| SpyOnWeb | http://spyonweb.com | ip / domain / gaPubID / gaTrackID | -| Talos | https://talosintelligence.com | ip / domain | -| ThreatCrowd | https://www.threatcrowd.org | ip / domain / email | -| ThreatMiner | https://www.threatminer.org | ip / domain / hash | -| Urlscan | https://urlscan.io | ip / domain / url | -| ViewDNS | https://viewdns.info | ip / domain / email | -| VirusTotal | https://www.virustotal.com | ip / domain / url / hash | -| Vulmon | https://vulmon.com | cve | -| VxCube | http://vxcube.com | ip / domain / hash | -| WebAnalyzer | https://wa-com.com/ | domain | -| X-Force Exchange | https://exchange.xforce.ibmcloud.com | ip / domain / hash | -| ZoomEye | https://www.zoomeye.org | ip | +| name | url | supported types | +|:---------------------|:---------------------------------------|:----------------------------------| +| AbuseIPDB | https://www.abuseipdb.com | ip | +| archive.org | https://archive.org/ | url | +| BGPView | https://bgpview.io | ip / asn | +| BinaryEdge | https://app.binaryedge.io | ip / domain | +| BitcoinAbuse | https://www.bitcoinabuse.com | btc | +| Blockchain.com | https://www.blockchain.com | btc | +| BlockCypher | https://live.blockcypher.com | btc | +| Censys | https://censys.io | ip / domain / asn / text | +| crt.sh | https://crt.sh | domain | +| Cymon | https://cymon.io | ip / domain | +| DNSlytics | https://dnslytics.com | ip / domain | +| DomainBigData | https://domainbigdata.com | domain | +| DomainWatch | https://domainwat.ch | domain / email | +| FindSubDomains | https://findsubdomains.com | domain | +| FOFA | https://fofa.so | ip / domain | +| Google Safe Browsing | https://transparencyreport.google.com/ | domain / url | +| HybridAnalysis | https://www.hybrid-analysis.com | ip / domain / hash (sha256 only) | +| Intelligence X | https://intelx.io | ip / domain / url / email / btc | +| Maltiverse | https://www.maltiverse.com | domain / hash | +| OOCPR | https://data.occrp.org | email | +| ONYPHE | https://www.onyphe.io | ip | +| OTX | https://otx.alienvault.com | ip / domain / hash | +| Pipl | https://pipl.com | email | +| PubDB | http://pub-db.com | gaPubID / gaTrackID | +| PublicWWW | https://publicwww.com | text | +| Pulsedive | https://pulsedive.com | ip / domaion / url / hash | +| RiskIQ | http://community.riskiq.com | ip / domain / email | +| SecurityTrails | https://securitytrails.com | ip / domain | +| Shodan | https://www.shodan.io | ip / domain / asn | +| Sploitus | https://sploitus.com | cve | +| SpyOnWeb | http://spyonweb.com | ip / domain / gaPubID / gaTrackID | +| Talos | https://talosintelligence.com | ip / domain | +| ThreatCrowd | https://www.threatcrowd.org | ip / domain / email | +| ThreatMiner | https://www.threatminer.org | ip / domain / hash | +| Urlscan | https://urlscan.io | ip / domain / url | +| ViewDNS | https://viewdns.info | ip / domain / email | +| VirusTotal | https://www.virustotal.com | ip / domain / url / hash | +| Vulmon | https://vulmon.com | cve | +| VxCube | http://vxcube.com | ip / domain / hash | +| WebAnalyzer | https://wa-com.com/ | domain | +| X-Force Exchange | https://exchange.xforce.ibmcloud.com | ip / domain / hash | +| ZoomEye | https://www.zoomeye.org | ip | You can enable / disable a search engine via the extension's options. diff --git a/src/lib/searcher/googlesafebrowsing.ts b/src/lib/searcher/googlesafebrowsing.ts new file mode 100644 index 00000000..45db5fa9 --- /dev/null +++ b/src/lib/searcher/googlesafebrowsing.ts @@ -0,0 +1,26 @@ +import { buildURL } from "../url_builder"; +import { SearchableType, Searcher } from "./searcher"; + +export class GoogleSafeBrowsing implements Searcher { + + public endpoint: string; + public name: string; + public supportedTypes: SearchableType[] = ["domain", "url"]; + + constructor() { + this.endpoint = "https://transparencyreport.google.com"; + this.name = "GoogleSafeBrowsing"; + } + + public searchByDomain(query: string) { + return this.search(query); + } + + public searchByURL(query: string) { + return this.search(query); + } + + private search(query: string) { + return buildURL(this.endpoint, "/safe-browsing/search", { url: query }); + } +} diff --git a/src/lib/searcher/index.ts b/src/lib/searcher/index.ts index cb115c2b..fdcaf42b 100644 --- a/src/lib/searcher/index.ts +++ b/src/lib/searcher/index.ts @@ -14,6 +14,7 @@ export { DomainWatch } from "./domainwatch"; export { FindSubDomains } from "./findsubdomains"; export { FOFA } from "./fofa"; export { FortiGuard } from "./fortiguard"; +export { GoogleSafeBrowsing } from "./googlesafebrowsing"; export { HybridAnalysis } from "./hybridanalysis"; export { IntelligenceX } from "./intelligencex"; export { Maltiverse } from "./maltiverse"; diff --git a/src/lib/searcher/searchers.ts b/src/lib/searcher/searchers.ts index 18854274..45385a5d 100644 --- a/src/lib/searcher/searchers.ts +++ b/src/lib/searcher/searchers.ts @@ -15,6 +15,7 @@ import { FindSubDomains, FOFA, FortiGuard, + GoogleSafeBrowsing, HybridAnalysis, IntelligenceX, Maltiverse, @@ -61,6 +62,7 @@ export const Searchers: Searcher[] = [ new FindSubDomains(), new FOFA(), new FortiGuard(), + new GoogleSafeBrowsing(), new HybridAnalysis(), new IntelligenceX(), new Maltiverse(), diff --git a/src/spec/searcher/googlesafebrowsing.spec.ts b/src/spec/searcher/googlesafebrowsing.spec.ts new file mode 100644 index 00000000..3abb26db --- /dev/null +++ b/src/spec/searcher/googlesafebrowsing.spec.ts @@ -0,0 +1,23 @@ +import { expect } from "chai"; +import "mocha"; +import { GoogleSafeBrowsing } from "../../lib/searcher"; + +describe("Google Safe Browsing", () => { + const subject = new GoogleSafeBrowsing(); + + it("should support domain & URL type IOC", () => { + expect(subject.supportedTypes).to.deep.equal(["domain", "url"]); + }); + + describe("#searchByDoman", () => { + it("should return URL", () => { + expect(subject.searchByDomain("github.com")).to.equal("https://transparencyreport.google.com/safe-browsing/search?url=github.com"); + }); + }); + + describe("#searchByURL", () => { + it("should return URL", () => { + expect(subject.searchByURL("https://github.com")).to.equal("https://transparencyreport.google.com/safe-browsing/search?url=https%3A%2F%2Fgithub.com"); + }); + }); +});