Replies: 1 comment
-
|
We have a lot of these information in Lookyloo (IP, hashes, domains, URLs, ...), and from one capture, it is possible to get all the other related captures - not for IPs, now that I'm thinking about it - but it's not obvious and needs to be improved. I'm gladly taking requests and PRs for that. There is also a way to compare two captures of the same URL over time in the monitoring interface: https://monitor.circl.lu/ which is also very much WiP but already used to detect things like DNS hijack, defacement, track takedown requests... Having a way to export captures in a format that could be imported in maltego would be nice, but I don't really have experience at it so hints and PRs are more than welcome. It's important to keep in mind that there are a lot of datapoints in the captures and it may make sense to limit what is exported. |
Beta Was this translation helpful? Give feedback.
-
I am just starting with the tools, so playing around with it for now. It is really great and very useful, so a big thanks first!
I was thinking it would be cool to be able to find intersection between elements that are common between items collected by
Lookyloo, e.g. if two different URL resolve to the same IP or if a favicon appears across the captured page (or a selection of those) in the form of a network graph (a bit like https://github.com/alentum/sitemapper-nodejs)The use case I have in mind would be to compare different sets of indicators of compromise in order to look for common points between those. I guess, I could store the data and treat it in
Gephior use maltego with some transform for it.While writing this, I remembered reading about the possibility to do the above with hashes, so I will give it a try, but still, it would be nice to be able to compare sets of different capture together.
🤔
Beta Was this translation helpful? Give feedback.
All reactions