• Stars
    star
    167
  • Rank 226,635 (Top 5 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created about 4 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks

Generic badge Generic badge Generic badge Generic badge

URL Sandbox automate the daily task of analyzing URL or Domains internally without external resources' interaction. It contains a sandbox module that executes the target in an isolated environment (Customizable). The output from that environment is parsed and structured into useful categories. Some of those categories are visualized for better user experience. This project is scalable and can be integrated into your SOC.

Install

git clone https://github.com/qeeqbox/url-sandbox.git && cd url-sandbox && chmod +x run.sh && ./run.sh auto_configure

Interface

Features

  • Runs locally
  • DNS info
  • Headers info
  • Brwoser info
  • Certifcate extraction
  • Target screenshot
  • Network graph image
  • Internal sniffer
  • Custom User Agent
  • Custom DNS and Proxy options
  • Auto Tor configuration
  • HTML and JSON output
  • No-redirect option

Running

One click auto-configure

git clone https://github.com/qeeqbox/url-sandbox.git
cd url-sandbox
chmod +x run.sh
./run.sh auto_configure

The project interface http://127.0.0.1:8000/ will open automatically after finishing the initialization process

Resources

ChromeDriver - WebDriver for Chrome, Docker SDK

Other Licenses

By using this framework, you are accepting the license terms of all the following packages: chromedriver, dnspython, docker, docker-compose, firefox-esr, flask, flask_admin, flask_bcrypt, flask_login, Flask-Markdown, flask_mongoengine, geckodriver, gevent, gunicorn, iptables, iptables-persistent, jinja2, jq, libleptonica-dev, libtesseract-dev, matplotlib, netifaces, net-tools, networkx, phantomjs, pymongo, pysocks, pytesseract, python-dateutil, python-magic, pyvirtualdisplay, requests[socks], scapy, selenium, supervisor, tcpdump, termcolor, tesseract, tldextract, unzip, urllib3, validator_collection, werkzeug, wget, xvfb, useragentstring

Disclaimer\Notes

  • Do not deploy without proper configuration
  • Setup some security group rules and remove default credentials

Other Projects

More Repositories

1

social-analyzer

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
JavaScript
11,527
star
2

honeypots

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
Python
666
star
3

chameleon

19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
Dockerfile
657
star
4

analyzer

Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)
Python
267
star
5

raven

Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)
JavaScript
159
star
6

docker-images

Kali and Parrot OS docker images accessible via VNC, RDP and Web
Dockerfile
111
star
7

mitre-visualizer

🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)
Python
86
star
8

osint

Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package
Python
79
star
9

rhino

Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors
JavaScript
62
star
10

woodpecker

Custom security distro for remote penetration testing
51
star
11

seahorse

ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)
Python
45
star
12

image-analyzer

Interface for Image-Related Deep Learning Models (E.g. NSFW, MAYBE and SFW)
HTML
24
star
13

octopus

Pure Honeypots with an automated bash script
Shell
19
star
14

cyber-attacks

A collection of attacks metadata that were used in my previous pen-test tools
17
star
15

reports

Recent cyber attacks reports & interesting analysis files
15
star
16

APT-Malware-Reports-Set-1

Some extracted Features\IoCs\Artifacts\Patterns from APT Malware
HTML
14
star
17

pentest-labs

HTML
14
star
18

falcon

Collection of exploits that were verified by an automated system
13
star
19

two-factor-authentication-sim-swapping

An adversary may utilize a sim swapping attack for defeating 2fa authentication
11
star
20

worldmap

An interactive world-map that has been used in live Cyber Threat interfaces
JavaScript
11
star
21

two-factor-authentication-sim-cloning

An adversary may utilize a sim swapping attack for defeating 2fa authentication
11
star
22

threat-intelligence

Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)
9
star
23

cyber-kill-chain

Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks
7
star
24

ixora

Internal package for visualization
HTML
6
star
25

world-json

Multiple JSON files contain world cities with names, longitude & latitude, country, and timezone
6
star
26

automation-protocols-metadata

JSON file that contains an update metadata of Automation Protocols (Industrial control system, process automation, building automation, automatic meter reading, and automobile)
6
star
27

incident-response

Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack
5
star
28

ics-visualizer

ICS-Visualizer is an interactive Industrial Control Systems (ICS) network graph that contains up-to-date related automation protocols metadata (Name, company, port, user manuals, external links, and mapped wireshark\namp modules and scripts).
Python
5
star
29

mobile-numbers-metadata

JSON file contains all mobile number metadata (Country, prefix, and carrier)
5
star
30

countries-metadata

JSON file contains all countries metadata (Country name, cc, a3, and flag)
4
star
31

digital-forensics

Digital Forensics is the process of finding and analyzing electronic data
4
star
32

stored-cross-site-scripting

An adversary may inject malicious content into a vulnerable target
4
star
33

cybersecurity

Cybersecurity is the measures taken to protect networks, devices, and data against cyberattacks
3
star
34

directory-listing

A threat actor may list files on a misconfigured server
3
star
35

dom-based-cross-site-scripting

A threat actor may inject malicious content into HTTP requests. The content is not reflected in the HTTP response and executed in the victim's browser.
3
star
36

vertical-privilege-escalation

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
3
star
37

ports-metadata

JSON file contains all ports metadata
3
star
38

reflected-cross-site-scripting

A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser
3
star
39

client-side-template-injection

A threat actor may trick a victim into executing native template syntax on a vulnerable target
3
star
40

risk-management

Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)
3
star
41

data-compliance

Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuse
3
star
42

open-redirect

A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file
3
star
43

public-ip-metadata

JSON file contains all public ip ranges with description
2
star
44

minimal-server

Asyncio websocket http server [Needed for internal testing]
Python
2
star
45

authentication-bypass

A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
2
star
46

credential-stuffing

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks
2
star
47

horizontal-privilege-escalation

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
2
star
48

icterid-template

Icterid Webapp Template
HTML
2
star
49

threat-actors

A threat actor is any person, group, or entity that could harm to the cyber realm
2
star
50

session-hijacking

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
2
star
51

xslt-injection

A threat actor may interfere with an application's processing of extensible stylesheet language transformations (XSLT) for extensible markup language (XML) to read or modify data on the target
2
star
52

default-credential

A threat actor may gain unauthorized access using the default username and password
2
star
53

private-ip-metadata

JSON file contains all private ip ranges with description
2
star
54

authorization-bypass

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
2
star
55

proxy-firewall

HTTPS Proxy Firewall for testing
Python
2
star
56

two-factor-authentication-brute-force

A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target
2
star
57

session-fixation

A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account
2
star
58

xxe-injection

A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
2
star
59

data-security

Safeguarding your personal information (How your info is protected)
1
star
60

cross-site-request-forgery

A threat actor may trick an authenticated or trusted victim into executing unauthorized actions on their behalf
1
star
61

os-command-injection

A threat actor may inject arbitrary operating system (OS) commands on target
1
star
62

asynico-websockets-redis-server

asynico websockets redis server (Needed for internal testing)
Python
1
star
63

.github

Github Settings
1
star
64

global-scripts

Some scripts for workflows (Moved from Macaw)
Shell
1
star
65

xpath-injection

A threat actor may alter the XML path language (XPath) query to read data on the target
1
star
66

password-spraying

A threat actor may guess the target credentials using a single password with a large set of usernames against the target
1
star
67

data-classification

Data classification defines and categorizes data according to its type, sensitivity, and value
1
star
68

remote-file-inclusion

A threat actor may cause a vulnerable target to include/retrieve remote file
1
star
69

session-replay

A threat actor may re-use a stolen or leaked session identifier to access the user's account
1
star
70

security-controls

Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)
1
star
71

access-control

Access Control is using security techniques to protect a system against unauthorized access
1
star
72

sql-injection

A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attacks
1
star
73

social-engineering-methods

1
star
74

cryptography

1
star
75

malware-and-indicators-of-compromise

1
star
76

local-file-inclusion

A threat actor may cause a vulnerable target to include/retrieve local file
1
star
77

security-tools-and-technologies

1
star
78

data-states

Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)
1
star
79

insecure-deserialization

A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
1
star
80

data-privacy-and-security

1
star
81

application-service-attacks

1
star
82

data-lifecycle-management

Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization
1
star
83

tornado-websockets-redis-server

tornado websockets redis server (Needed for internal testing)
Python
1
star
84

identity-and-access-management

The practice of ensuring that people or objects have the right level of access to assets
1
star
85

server-side-template-injection

A threat actor may alter the template syntax on the vulnerable target to execute commands
1
star
86

captcha-bypass

captcha bypass vulnerability
1
star