Skip to content
This repository was archived by the owner on Dec 17, 2021. It is now read-only.

Commit 11ce634

Browse files
sysgoblinsysgoblin
committed
added -similardomains and technologies data type
1 parent c3a42ba commit 11ce634

File tree

2 files changed

+54
-38
lines changed

2 files changed

+54
-38
lines changed

src/Private/Get-SimilarDomains.ps1

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
function Get-SimilarDomains {
2+
param (
3+
[string]$id
4+
)
5+
6+
$html = Invoke-WebRequest "https://urlscan.io/result/$id/related/"
7+
8+
$links = $html.links
9+
10+
$p1 = (0..($links.count-1)) | ? {$links.class[$_] -match 'btn-primary'}
11+
$p2 = (0..($links.count-1)) | ? {$links.class[$_] -match 'btn-default'}
12+
13+
$similar = $links[($p1)..($p2[0])] | ? title | select @{n="Domain";e={$_.title}}, @{n="id";e={$_.href -replace '/|result'}}, @{n="ResultPage";e={"https://urlscan.io" + $_.href}}
14+
# $sameDomain = $links.title[($p2[0])..($p2[1])]
15+
# $sameIp = $links.title[($p2[1])..($p2[2])]
16+
# $sameASN = $links.title[($p2[2])..($p2[3])]
17+
# $sameUrl = $links.title[($p2[3])..($p2[4])]
18+
19+
return $similar
20+
}

src/Public/Get-UrlScanioScan.ps1

Lines changed: 34 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ System.Object. Data can be returned as an Object.
2828
2929
.LINK
3030
#>
31-
[CmdletBinding()]
31+
[CmdletBinding(DefaultParameterSetName = 'All')]
3232
param (
3333
[Parameter(Mandatory = $true,
3434
Position = 0,
@@ -39,30 +39,31 @@ System.Object. Data can be returned as an Object.
3939
[string[]]$id,
4040

4141
[Parameter(ParameterSetName = 'data')]
42-
[ValidateSet('Links','Hashes','Cookies','Certificates','Verdict')]
42+
[ValidateSet('Links','Hashes','Cookies','Certificates','Verdict','Technologies')]
4343
[string]$DataType,
44-
4544
[Parameter(ParameterSetName = 'data')]
46-
[switch]$IncludeTaskDetails
45+
[switch]$IncludeTaskDetails,
46+
47+
[Parameter(ParameterSetName = 'similar')]
48+
[switch]$SimilarDomains
4749
)
4850

4951
process {
5052
$request = Invoke-RestMethod -Uri "https://urlscan.io/api/v1/result/$id" -ErrorAction:SilentlyContinue
5153

5254
if ($PSBoundParameters.DataType) {
5355
# output basic task deets
56+
$props = [ordered]@{}
5457
if ($PSBoundParameters.IncludeTaskDetails) {
5558
$task = $request.task | select uuid, time, url, reportURL
59+
60+
$props.Property += @{n="id";e={$task.uuid}},
61+
@{n="time";e={$task.time}},
62+
@{n="taskUrl";e={$task.url}}
5663
}
57-
$props = @{}
5864

5965
switch ($DataType) {
6066
Links {
61-
if ($task) {
62-
$props.Property += @{n="id";e={$task.uuid}},
63-
@{n="time";e={$task.time}},
64-
@{n="taskUrl";e={$task.url}}
65-
}
6667
$props.Property += 'href','text'
6768

6869
$out = $request.data.links | select @props
@@ -73,11 +74,7 @@ System.Object. Data can be returned as an Object.
7374
}
7475
Hashes {
7576
$hashes = $request.data.requests.response.Where({$_.hash})
76-
if ($task) {
77-
$props.Property += @{n="id";e={$task.uuid}},
78-
@{n="time";e={$task.time}},
79-
@{n="taskUrl";e={$task.url}}
80-
}
77+
8178
$props.Property += @{n="type";e={$_.type}},
8279
@{n="size";e={$_.size}},
8380
@{n="hash";e={$_.hash}},
@@ -87,11 +84,6 @@ System.Object. Data can be returned as an Object.
8784
}
8885
Cookies {
8986
[datetime]$origin = '1970-01-01 00:00:00'
90-
if ($task) {
91-
$props.Property += @{n="id";e={$task.uuid}},
92-
@{n="time";e={$task.time}},
93-
@{n="taskUrl";e={$task.url}}
94-
}
9587
$props.Property += 'name',
9688
'value',
9789
'domain',
@@ -110,11 +102,6 @@ System.Object. Data can be returned as an Object.
110102
}
111103
Certificates {
112104
[datetime]$origin = '1970-01-01 00:00:00'
113-
if ($task) {
114-
$props.Property += @{n="id";e={$task.uuid}},
115-
@{n="time";e={$task.time}},
116-
@{n="taskUrl";e={$task.url}}
117-
}
118105
$props.Property += 'subjectName',
119106
'issuer',
120107
@{n='validFrom';e={$origin.AddSeconds($_.validFrom)}},
@@ -125,30 +112,39 @@ System.Object. Data can be returned as an Object.
125112
Verdict {
126113
$vo = $request.verdicts.overall
127114
$ve = $request.verdicts.engines
128-
$out = @{}
115+
$out = New-Object psobject
129116

130117
if ($task) {
131-
$out += @{
132-
id = $task.uuid
133-
time = $task.time
134-
taskUrl = $task.url
135-
}
118+
$out | Add-Member NoteProperty 'id' $task.uuid
119+
$out | Add-Member NoteProperty 'time' $task.time
120+
$out | Add-Member NoteProperty 'time' $task.time
121+
$out | Add-Member NoteProperty 'taskUrl' $task.url
136122
}
137123

138-
$out += @{
139-
malicious = $vo.malicious
140-
overallScore = $vo.score
141-
tags = (@($vo.tags + $ve.verdicts.categories) | select -Unique) -join ', '
142-
brands = $vo.brands -join ', '
143-
engineHits = $ve.malicious -join ', '
144-
}
124+
$out | Add-Member NoteProperty 'malicious' $vo.malicious
125+
$out | Add-Member NoteProperty 'overallScore' $vo.score
126+
$out | Add-Member NoteProperty 'tags' ((@($vo.tags + $ve.verdicts.categories) | select -Unique) -join ', ')
127+
$out | Add-Member NoteProperty 'brands' ($vo.brands -join ', ')
128+
$out | Add-Member NoteProperty 'engineHits' ($ve.malicious -join ', ')
129+
}
130+
Technologies {
131+
$wappa = $request.meta.processors.wappa.data
145132

133+
$props.Property += @{n="App";e={$_.app}},
134+
@{n="Website";e={$_.website}},
135+
@{n="Category";e={$_.categories.name}}
136+
137+
$out = $wappa | select @props
146138
}
147139
}
148140
} else {
149141
$out = $request
150142
}
151143

144+
if ($PSCmdlet.ParameterSetName -eq 'similar') {
145+
$out = Get-SimilarDomains -id $id
146+
}
147+
152148
return $out
153149
}
154150
}

0 commit comments

Comments
 (0)