Spaces:
Sleeping
Sleeping
Update url_analyzer.py
Browse files- url_analyzer.py +23 -17
url_analyzer.py
CHANGED
|
@@ -2,38 +2,25 @@ import requests
|
|
| 2 |
import os
|
| 3 |
|
| 4 |
SAFE_BROWSING_API_KEY = os.getenv("SAFE_BROWSING_API_KEY")
|
|
|
|
| 5 |
|
| 6 |
def analyze_urls(urls):
|
| 7 |
findings = []
|
| 8 |
|
| 9 |
for url in urls:
|
| 10 |
-
# --- 1. PhishTank ---
|
| 11 |
-
try:
|
| 12 |
-
res = requests.post(
|
| 13 |
-
"https://checkurl.phishtank.com/checkurl/",
|
| 14 |
-
data={"url": url, "format": "json"},
|
| 15 |
-
headers={"Content-Type": "application/x-www-form-urlencoded"}
|
| 16 |
-
)
|
| 17 |
-
data = res.json()
|
| 18 |
-
if data.get("results", {}).get("in_database"):
|
| 19 |
-
findings.append(f"URL: {url} is flagged as phishing (PhishTank)")
|
| 20 |
-
else:
|
| 21 |
-
findings.append(f"URL: {url} not flagged (PhishTank)")
|
| 22 |
-
except Exception as e:
|
| 23 |
-
findings.append(f"URL: {url} check failed (PhishTank) - {e}")
|
| 24 |
|
| 25 |
-
# ---
|
| 26 |
try:
|
| 27 |
res = requests.post("https://urlhaus-api.abuse.ch/v1/url/", data={"url": url})
|
| 28 |
data = res.json()
|
| 29 |
if data.get("query_status") == "ok":
|
| 30 |
-
findings.append(f"URL: {url}
|
| 31 |
else:
|
| 32 |
findings.append(f"URL: {url} not found in URLHaus")
|
| 33 |
except Exception as e:
|
| 34 |
findings.append(f"URL: {url} check failed (URLHaus) - {e}")
|
| 35 |
|
| 36 |
-
# ---
|
| 37 |
if SAFE_BROWSING_API_KEY:
|
| 38 |
try:
|
| 39 |
payload = {
|
|
@@ -59,4 +46,23 @@ def analyze_urls(urls):
|
|
| 59 |
else:
|
| 60 |
findings.append("Google Safe Browsing API key not set.")
|
| 61 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 62 |
return findings
|
|
|
|
| 2 |
import os
|
| 3 |
|
| 4 |
SAFE_BROWSING_API_KEY = os.getenv("SAFE_BROWSING_API_KEY")
|
| 5 |
+
ALIENVAULT_API_KEY = os.getenv("ALIENVAULT_API_KEY")
|
| 6 |
|
| 7 |
def analyze_urls(urls):
|
| 8 |
findings = []
|
| 9 |
|
| 10 |
for url in urls:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
|
| 12 |
+
# --- 1. URLHaus ---
|
| 13 |
try:
|
| 14 |
res = requests.post("https://urlhaus-api.abuse.ch/v1/url/", data={"url": url})
|
| 15 |
data = res.json()
|
| 16 |
if data.get("query_status") == "ok":
|
| 17 |
+
findings.append(f"URL: {url} flagged as {data['url_status']} (URLHaus)")
|
| 18 |
else:
|
| 19 |
findings.append(f"URL: {url} not found in URLHaus")
|
| 20 |
except Exception as e:
|
| 21 |
findings.append(f"URL: {url} check failed (URLHaus) - {e}")
|
| 22 |
|
| 23 |
+
# --- 2. Google Safe Browsing ---
|
| 24 |
if SAFE_BROWSING_API_KEY:
|
| 25 |
try:
|
| 26 |
payload = {
|
|
|
|
| 46 |
else:
|
| 47 |
findings.append("Google Safe Browsing API key not set.")
|
| 48 |
|
| 49 |
+
# --- 3. AlienVault OTX ---
|
| 50 |
+
if ALIENVAULT_API_KEY:
|
| 51 |
+
try:
|
| 52 |
+
headers = {"X-OTX-API-KEY": ALIENVAULT_API_KEY}
|
| 53 |
+
res = requests.get(f"https://otx.alienvault.com/api/v1/indicators/url/{url}/general", headers=headers)
|
| 54 |
+
if res.status_code == 200:
|
| 55 |
+
data = res.json()
|
| 56 |
+
pulses = data.get("pulse_info", {}).get("count", 0)
|
| 57 |
+
if pulses > 0:
|
| 58 |
+
findings.append(f"URL: {url} found in {pulses} AlienVault OTX pulses")
|
| 59 |
+
else:
|
| 60 |
+
findings.append(f"URL: {url} not flagged in AlienVault OTX")
|
| 61 |
+
else:
|
| 62 |
+
findings.append(f"URL: {url} AlienVault OTX query failed (HTTP {res.status_code})")
|
| 63 |
+
except Exception as e:
|
| 64 |
+
findings.append(f"URL: {url} check failed (AlienVault OTX) - {e}")
|
| 65 |
+
else:
|
| 66 |
+
findings.append("AlienVault OTX API key not set.")
|
| 67 |
+
|
| 68 |
return findings
|