A web app inspired by CyberChef which aims to make the work of infosec analysts easier.
It is a workbench, as a friend called it, for initial analysis of malicious domains, urls, and malware samples.
- Hate defanging/refanging 🦷 urls and domains by hand? ✅
- Want to look up the domains on:
- Urlscan
- DomainTools
- Google (using site operator)
- Google Safe Browsing
- VirusTotal
- URLhaus
- Want to look up the domains on:
- Calculate hashes of samples then look them up on: ✅
- Malware Bazaar
- VirusTotal
- Want to get everything you are working on in plain text? ✅
- Does achieving the above via a web browser sound convenient? ✅
Features:
- Calculate MD5, SHA1, SHA256 hashes of files.
- Lookup hashes on VirusTotal
- Lookup hashes on Malware Bazaar
- Defang and Refang URLs.
- Extract and lookup domains on:
- Urlscan.io
- Whois via DomainTools
- Domain lookup on VirusTotal
- Google search (using site operator) Google
- Google Safe Browsing
- URLhause
- Extract and lookup domains on:
- Present the hashes, defanged/refanged domains, and urls in text format for easy copy/pasta.
- All the above is done through the browser
Note: The tool only does look ups. No samples or Url submissions are made and no data is collected by the tool.
Download the code from the releases and put it on a local web server.
npm install -g browserify
npm install . # To install fanger
browserify browser.js -o js/libs.js # to make fanger work in the browser
wget https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js -O js/crypto-js.min.js
# above is for downloading the crypto-js.min.js library on your own, CDN: https://cdnjs.com/libraries/crypto-js
# install deps for creating production build
npm i minify -g # https://github.com/coderaiser/minify
# run prod_build script
# OR run the commands inside the script manually
chmod +x prod_build.sh
./prod_build.sh
# Now the build can be found at prod/dist.zip
- Inspired me to make the tool: https://github.com/gchq/CyberChef
- Used the following for hashing files: https://github.com/brix/crypto-js
- Used the following for Defanging and Refanging domains and urls: https://github.com/ninoseki/fanger
- http://urlscan.io/
- https://www.virustotal.com/
- https://www.domaintools.com/
Contributions are welcomed. Whether you wish to introduce a new feature, fix bugs, or make general improvements. Make a pull request or open an issue and we'll discuss it.