Spaces:

princemaxp
/

CySecGuardians

Sleeping

App Files Files Community

princemaxp commited on Sep 5

Commit

3d7d6cb

verified ·

1 Parent(s): 14fecff

Update url_analyzer.py

Browse files

Files changed (1) hide show

url_analyzer.py +43 -32

url_analyzer.py CHANGED Viewed

@@ -1,26 +1,16 @@
 import requests
 import os
 SAFE_BROWSING_API_KEY = os.getenv("SAFE_BROWSING_API_KEY")
-ALIENVAULT_API_KEY = os.getenv("ALIENVAULT_API_KEY")
 def analyze_urls(urls):
     findings = []
     for url in urls:
-        # --- 1. URLHaus ---
-        try:
-            res = requests.post("https://urlhaus-api.abuse.ch/v1/url/", data={"url": url})
-            data = res.json()
-            if data.get("query_status") == "ok":
-                findings.append(f"URL: {url} flagged as {data['url_status']} (URLHaus)")
-            else:
-                findings.append(f"URL: {url} not found in URLHaus")
-        except Exception as e:
-            findings.append(f"URL: {url} check failed (URLHaus) - {e}")
-        # --- 2. Google Safe Browsing ---
         if SAFE_BROWSING_API_KEY:
             try:
                 payload = {
@@ -39,30 +29,51 @@ def analyze_urls(urls):
                 data = res.json()
                 if "matches" in data:
                     findings.append(f"URL: {url} flagged by Google Safe Browsing")
                 else:
                     findings.append(f"URL: {url} not flagged (Google Safe Browsing)")
-            except Exception as e:
-                findings.append(f"URL: {url} check failed (Google Safe Browsing) - {e}")
-        else:
-            findings.append("Google Safe Browsing API key not set.")
-        # --- 3. AlienVault OTX ---
-        if ALIENVAULT_API_KEY:
             try:
-                headers = {"X-OTX-API-KEY": ALIENVAULT_API_KEY}
                 res = requests.get(f"https://otx.alienvault.com/api/v1/indicators/url/{url}/general", headers=headers)
                 if res.status_code == 200:
                     data = res.json()
-                    pulses = data.get("pulse_info", {}).get("count", 0)
-                    if pulses > 0:
-                        findings.append(f"URL: {url} found in {pulses} AlienVault OTX pulses")
                     else:
-                        findings.append(f"URL: {url} not flagged in AlienVault OTX")
-                else:
-                    findings.append(f"URL: {url} AlienVault OTX query failed (HTTP {res.status_code})")
-            except Exception as e:
-                findings.append(f"URL: {url} check failed (AlienVault OTX) - {e}")
-        else:
-            findings.append("AlienVault OTX API key not set.")
-    return findings

 import requests
 import os
+import re
 SAFE_BROWSING_API_KEY = os.getenv("SAFE_BROWSING_API_KEY")
+OTX_API_KEY = os.getenv("OTX_API_KEY")
 def analyze_urls(urls):
     findings = []
+    score = 0
     for url in urls:
+        # --- 1. Google Safe Browsing ---
         if SAFE_BROWSING_API_KEY:
             try:
                 payload = {
                 data = res.json()
                 if "matches" in data:
                     findings.append(f"URL: {url} flagged by Google Safe Browsing")
+                    score += 40
                 else:
                     findings.append(f"URL: {url} not flagged (Google Safe Browsing)")
+            except:
+                findings.append(f"URL: {url} check failed (Google Safe Browsing)")
+        # --- 2. AlienVault OTX ---
+        if OTX_API_KEY:
             try:
+                headers = {"X-OTX-API-KEY": OTX_API_KEY}
                 res = requests.get(f"https://otx.alienvault.com/api/v1/indicators/url/{url}/general", headers=headers)
                 if res.status_code == 200:
                     data = res.json()
+                    if data.get("pulse_info", {}).get("count", 0) > 0:
+                        findings.append(f"URL: {url} flagged in AlienVault OTX")
+                        score += 30
                     else:
+                        findings.append(f"URL: {url} not found in AlienVault OTX")
+            except:
+                findings.append(f"URL: {url} check failed (AlienVault OTX)")
+        # --- 3. URLHaus ---
+        try:
+            res = requests.post("https://urlhaus-api.abuse.ch/v1/url/", data={"url": url})
+            data = res.json()
+            if data.get("query_status") == "ok":
+                findings.append(f"URL: {url} flagged as {data['url_status']} (URLHaus)")
+                score += 30
+            else:
+                findings.append(f"URL: {url} not found in URLHaus")
+        except:
+            findings.append(f"URL: {url} check failed (URLHaus)")
+        # --- 4. Heuristic Checks ---
+        domain_match = re.search(r"https?://([^/]+)/?", url)
+        if domain_match:
+            domain = domain_match.group(1)
+            if len(domain) > 25 or any(char.isdigit() for char in domain.split(".")[0]):
+                findings.append(f"URL: {url} has suspicious-looking domain")
+                score += 15
+        if "?" in url and len(url.split("?")[1]) > 50:
+            findings.append(f"URL: {url} has obfuscated query string")
+            score += 15
+    if not findings:
+        return ["No URLs found in email."], 0
+    return findings, score