Skip to content
Extract and Visualize Data from URLs using Unfurl
Python HTML CSS Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Delete ISSUE_TEMPLATE.md Nov 8, 2019
docs
parsers Improve base64 parsing by filtering out invalid lengths before attemp… Jan 22, 2020
static
templates
tests Add simple base64 tests Jan 22, 2020
.gitignore Make host and port configurable via ini file Jan 22, 2020
.travis.yml Create .travis.yml Jan 20, 2020
Dockerfile Add Docker support Jan 23, 2020
LICENSE Initial commit for move to GitHub Nov 4, 2019
README.md
__init__.py Initial commit for move to GitHub Nov 4, 2019
docker-compose.yaml
requirements.txt Add parser to split domain into subdomain, domain, and TLD plus encod… Dec 27, 2019
unfurl.ini
unfurl.py
unfurl_app.py

README.md

Unfurl Logo

Extract and Visualize Data from URLs using Unfurl

Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured. It does this by breaking up a URL into components, extracting as much information as it can from each piece, and presenting it all visually. This “show your work” approach (along with embedded references and documentation) makes the analysis transparent to the user and helps them learn about (and discover) semantic and syntactical URL structures.

Unfurl has parsers for URLs, search engines, chat applications, social media sites, and more. It also has more generic parsers (timestamps, UUIDs, etc) helpful for exploring new URLs or reverse engineering. It’s also easy to build new parsers, since Unfurl is open source (Python 3) and has an extensible plugin system.

No matter if you extracted a URL from a memory image, carved it from slack space, or pulled it from a browser’s history file, Unfurl can help you get the most out of it.

How to use Unfurl

Online Version

  1. There is an online version at https://dfir.blog/unfurl. Visit that page, enter the URL in the form, and click 'Unfurl!'.
  2. You can also access the online version using a bookmarklet - create a new bookmark and paste javascript:window.location.href='https://dfir.blog/unfurl/?url='+window.location.href; as the location. Then when on any page with an interesting URL, you can click the bookmarklet and see the URL "unfurled".

Local Install

  1. Clone or download Unfurl from GitHub.
  2. Install Python 3 and the modules in requirements.txt
  3. Run python unfurl_app.py
  4. Browse to localhost:5000/ (editable via config file)
  5. Enter the URL to unfurl in the form, and 'Unfurl!'

Docker

  1. git clone https://github.com/obsidianforensics/unfurl
  2. cd unfurl
  3. Modify unfurl.ini with desired host and port, and docker-compose.yaml to match port defined in unfurl.ini.
  4. docker-compose up -d

Testing

  1. All tests are run automatically on each PR by Travis CI. Tests need to pass before merging.
  2. While not required, it is strongly encouraged to add tests that cover any new features in a PR.
  3. To manually run all tests (units and integration): python -m unittest discover -s tests

Legal Bit

This is not an officially supported Google product.

You can’t perform that action at this time.