Year of Python (YOP) – Week Twenty Eight

13Jul15

Hello Reader!

Well the streak has (almost) been broken.  I must apologize to all of you for getting this out so late.  For the past week I’ve been at SANS DFIR Summit and Training in Austin, TX.  And unfortunately for me, I completely lost track of what day it was until this morning.  But the good news is I got the script done earlier this week because I knew this might happen….

So this weeks script was actually inspired by a panel discussion at the DFIR Summit this year.  I attended a panel discussion that included Dr. Sameer Bhalotra the Former Director of Cybersecurity at The White House.  He mentioned during his talk how Google includes the Safe Browsing functionality in their Chrome browser, but they also make an API available for people to use.  So I thought hey, why not make my own little script to check URL’s when I’m investigating malware.

Now there is one caveat to this script.  You must have an API from Google for it to work.  The good news is it’s free, and you can get the details here.

Once you have the API key, you can launch the script for the first time with the -c switch, along with a configuration file to store the API for future use.  The script does do a check to see if the file exists, so if it can’t find it, it’ll prompt you for the API key again.

Next it’s going to prompt you for the URL that you want to check.  After that, it queries the API and will return the results.  As a sanity check I do provide the URL that is sent to the API in case of any problems.  The results are based on HTTP return codes, and with that code I compare it to what Google uses it for (URL is malicious, safe, etc).

Until next week!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Twenty Eight”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: