-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch-URLScanio.psm1
81 lines (65 loc) · 4.05 KB
/
search-URLScanio.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
## URLScanIO - the PowerShell module
## Chris Shearer
## 8.17.2020
## URLScan.io API docs: https://urlscan.io/about-api/
Function search-urlscanio {
## Accept CLI parameters
param (
[Parameter(Mandatory=$true)]
[array]$u
)
## Create an account at https://urlscan.io/user/signup
$URLScanIOapikey = "xxxxxxxx"
## Assign variables if they were entered from the CLI
if ($u){$urllist = @($u)}
## If variable wasn't passed from the CLI, then see if they were entered into script directly or pulled from a list
else {
## Enter your array of sites to scan here, separated by commas
#$URLList = @("amazon.com","bing.com","contoso.com")
$URLList = @()
## Alternatively, you can pull many sites from a file
#$URLList = Get-Content "E:\temp\THREAT_LIST.txt"
}
## Set TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
## Count
Write-Host "======================="
Write-host " URLs to scan:" $URLList.count
foreach ($url in $URLList)
{
## Submit
Write-Host "======================="
Write-Host "Submitting: " -nonewline; Write-Host -f Cyan $url
$Invoke = Invoke-WebRequest -Headers @{"API-Key" = "$URLScanIOapikey"} -Method Post ` -Body "{`"url`":`"$url`"}" -Uri https://urlscan.io/api/v1/scan/ ` -ContentType application/json
$Content = $invoke.Content | ConvertFrom-Json
## Results
$ioResult = $null ## Null out the variable
$URLScanIOURI = "https://urlscan.io/api/v1/result/" + $content.uuid + '/'
Write-Host "Result URI:" $URLScanIOURI
## Check every 10 seconds to see if the results are ready.
do {
Start-Sleep 10
Write-Host " ZZZzzz..."
try { $ioResult = Invoke-WebRequest -Uri $URLScanIOURI -Method Get -ContentType application/json -ErrorAction SilentlyContinue
$ioResult = $ioResult | ConvertFrom-Json }
catch {}
}
while ((!($ioResult)) -or ($ioresult.message -eq 'notdone') -or ($ioresult.message -like 'not found'))
## Display score with red if over 80, else green
if ($ioResult.verdicts.overall.score -ge 80)
{Write-Host "Score (0-100) : " -nonewline; Write-Host -f Red $ioResult.verdicts.overall.score}
else
{Write-Host "Score (0-100) : " -nonewline; Write-Host -f green $ioResult.verdicts.overall.score}
## Display verdict in red if malicious, else green
if ($ioResult.verdicts.overall.malicious -like 'TRUE')
{Write-Host "Is malicious? : " -nonewline; Write-Host -f Red $ioResult.verdicts.overall.malicious}
else
{Write-Host "Is malicious? : " -nonewline; Write-Host -f Green $ioResult.verdicts.overall.malicious}
## Display categories first overall, secondary urlscan, tertiary engines
if ($ioResult.verdicts.overall.categories) {Write-Host "Category : " -nonewline; Write-Host -f magenta $ioResult.verdicts.overall.categories}
elseif ($ioResult.verdicts.URLScan.verdicts.categories) {Write-Host "Category : " -nonewline; Write-Host -f magenta $ioResult.verdicts.URLScan.categories}
elseif ($ioResult.verdicts.engines.verdicts.categories) {Write-Host "Category : " -nonewline; Write-Host -f magenta $ioResult.verdicts.engines.verdicts.categories}
else {Write-Host "Category : " -nonewline; Write-Host -f Cyan "unknown"}
}
}
Export-ModuleMember -Function search-URLScanio