Skip to content

Lookyloo#

README

Lookyloo#

Lookyloo is a tool that resolve http URLs. It show redirections and take a screenshot of a website without directly accessing it. This analyzer can be configured to use any open Lookyloo instances. It does not manage Lookyloo instances protected by user-password and API key. By default, it use the instance of the CIRCL: https://lookyloo.circl.lu/

Input data: - URL - Domain

Lookyloo project: https://github.com/Lookyloo/lookyloo

Requirements#

This analyzer requires 2 python modules: - cortexutils - pylookyloo

pip install -r requirements.txt

Screenshots#

report1 report2 error

Lookyloo_Screenshot#

Author: THA-CERT - PVA
License: AGPL-V3
Version: 1.0
Supported observables types:
- url
- domain
- fqdn
- ip
Registration required: False
Subscription required: False
Free subscription: True
Third party service: N/A

Description#

Take a screenshot of an url, domain, FQDN or IP and report all HTTP redirections

Configuration#

Lookyloo_instance Should be a URL. By default: https://lookyloo.circl.lu/
Default value if not configured https://lookyloo.circl.lu/
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
Capture_timeout In seconds. Max analysis time, after, the query will stop. Default: 120s
Default value if not configured 120
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#