Skip to content

Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks

License

Notifications You must be signed in to change notification settings

qeeqbox/url-sandbox

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Generic badge Generic badge Generic badge Generic badge

URL Sandbox automate the daily task of analyzing URL or Domains internally without external resources' interaction. It contains a sandbox module that executes the target in an isolated environment (Customizable). The output from that environment is parsed and structured into useful categories. Some of those categories are visualized for better user experience. This project is scalable and can be integrated into your SOC.

Install

git clone https://github.com/qeeqbox/url-sandbox.git && cd url-sandbox && chmod +x run.sh && ./run.sh auto_configure

Interface

Features

  • Runs locally
  • DNS info
  • Headers info
  • Brwoser info
  • Certifcate extraction
  • Target screenshot
  • Network graph image
  • Internal sniffer
  • Custom User Agent
  • Custom DNS and Proxy options
  • Auto Tor configuration
  • HTML and JSON output
  • No-redirect option

Running

One click auto-configure

git clone https://github.com/qeeqbox/url-sandbox.git
cd url-sandbox
chmod +x run.sh
./run.sh auto_configure

The project interface http://127.0.0.1:8000/ will open automatically after finishing the initialization process

Resources

ChromeDriver - WebDriver for Chrome, Docker SDK

Other Licenses

By using this framework, you are accepting the license terms of all the following packages: chromedriver, dnspython, docker, docker-compose, firefox-esr, flask, flask_admin, flask_bcrypt, flask_login, Flask-Markdown, flask_mongoengine, geckodriver, gevent, gunicorn, iptables, iptables-persistent, jinja2, jq, libleptonica-dev, libtesseract-dev, matplotlib, netifaces, net-tools, networkx, phantomjs, pymongo, pysocks, pytesseract, python-dateutil, python-magic, pyvirtualdisplay, requests[socks], scapy, selenium, supervisor, tcpdump, termcolor, tesseract, tldextract, unzip, urllib3, validator_collection, werkzeug, wget, xvfb, useragentstring

Disclaimer\Notes

  • Do not deploy without proper configuration
  • Setup some security group rules and remove default credentials

Other Projects