[Analyzer] Replace Rendertron with Lookyloo #1021
Labels
Comments
mlodic
changed the title
|
see #1393 |
|
Just popping in, the documentation of all the tools is a bit of a mess, but you may want to also look at lacus, which is a standalone webservice that uses playwright in the backend without all the processing lookyloo does, but with better guardrails than using playwrightcapture directly. That's what is used by ail now. |
|
@Rafiot thank you very much for your help! that's actually great idea! |
|
for reference: https://www.lookyloo.eu/docs/main/index.html#_lacus |
|
@mlodic so this should also be optional docker analyzer like the previous ones. Running in a docker container and then we can interact with it using pylacus right? |
|
yep |
mlodic
changed the title
25 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We added Rendertron as an optional additional analyzer to provide the chance to perform screenshot of sites, mainly with the goal to register and save phishing pages.
Recently, I found out the existence of this project from the CIRCL, Lookyloo (https://www.lookyloo.eu/docs/main/phishing-use-case.html) that, not only performs screenshots but also retrieves additional information that can be used to evaluate possible malicious sites. Considering that IntelOwl main targets are security analysts, it would make sense to provide a tool that is more suited for this specific use case instead of a more generic tool like Rendertron. Plus, right now there is no way to properly view the extracted screenshots .
We have 2 options:
1 - Integrate the full application:
The creation of the analyzer should be straightforward thanks to the python library they provide (https://www.lookyloo.eu/docs/main/lookyloo-pylookyloo.html).
The most long task would be to replace the Rendertron Docker Analyzer with the Lookyloo. The contributor could follow the installation guide here (https://www.lookyloo.eu/docs/main/install-lookyloo.html). Plus, we could serve the application via Nginx too but that would mean to add a lot of other additional problems to the table like authentication. Even if it would be powerful to perform such a strong integration, I am not sure that adding other GUIs to the default one would be a good thing for the project.
2 - We could just integrate the Screenshot utility they have, without having to install all the application. By leveraging the PlaywrightCapture module (https://twitter.com/lookyloo_app/status/1529160413618872322), we could just leverage some easy python code and have a similar result that we would have had with Rendertron. In this case, we would not need to keep an additional Docker Analyzer anymore with the consequence to reduce the overall weight of IntelOwl
The text was updated successfully, but these errors were encountered: