Lookyloo#
README
Lookyloo#
Lookyloo is a tool that resolve http URLs. It show redirections and take a screenshot of a website without directly accessing it. This analyzer can be configured to use any open Lookyloo instances. It does not manage Lookyloo instances protected by user-password and API key. By default, it use the instance of the CIRCL: https://lookyloo.circl.lu/
Input data: - URL - Domain
Lookyloo project: https://github.com/Lookyloo/lookyloo
Requirements#
This analyzer requires 2 python modules: - cortexutils - pylookyloo
pip install -r requirements.txt
Screenshots#
Lookyloo_Screenshot#
Author: THA-CERT - PVA
License: AGPL-V3
Version: 1.0
Supported observables types:
- url
- domain
- fqdn
- ip
Registration required: False
Subscription required: False
Free subscription: True
Third party service: N/A
Description#
Take a screenshot of an url, domain, FQDN or IP and report all HTTP redirections
Configuration#
| Lookyloo_instance | Should be a URL. By default: https://lookyloo.circl.lu/ |
|---|---|
| Default value if not configured | https://lookyloo.circl.lu/ |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
| Capture_timeout | In seconds. Max analysis time, after, the query will stop. Default: 120s |
|---|---|
| Default value if not configured | 120 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
| Capture_listing | If enabled, captures will appear on Lookyloo's public index page. Default: disabled |
|---|---|
| Default value if not configured | False |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | False |
| api_key | Lookyloo API key. Required for setting categories on captures. |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
| categories | Categories to tag captures with. Requires an API key. |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | False |