Scanning Malicious URLs in One Mouse Click

X-Ray ScannerSince it’s already Friday, just before leaving for the weekend, here is a quick hack for all MacOS X infosec guys… and the others! I’m not afraid to admit it: I’m lazy! We are using computers all day long and they have been created (usually ;-) to automate tasks. Let them do  our boring job…

One of the  recurring tasks I perform multiple times a day is scanning URLs for malicious code. We all read daily plenty of information which contains URLs (mail, PDFs, Office documents). Call me paranoid but I prefer to scan them before suffering an unexpected behavior just with a mouse click! I’m a fan of the online service called urlQuery for this task:

“urlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about the activities a browser does while visiting a site and presents the information for further analysis.”

Submit your URL and a report will be generated with the complete analyze of the code and objects downloaded. Why not automate the submission of URLs to urlQuery?

OS X comes with nice tools to automate a lot of stuff. I recommand to have a look at Automator and AppleScript. They can be used to create personalized services which are available in any application via a righ-click and chosing “Services“.

Let’s create a new service called “Analyze with urlQuery“. Launch Automator:

  • Select Library > Utilities > Run AppleScript
  • Define the parameters:
    Service receives selected: “URLs” in “any application
    Input is “only URLs”
  • Create the AppleScript below
  • Save

The AppleScript is really simple: It opens a new tab in the first Google Chrome window, connect to urlquery.net, fill the form with the (malicious) URL and submit it!

on run {input, parameter}
    set url0 to "http://urlquery.net"
    set input0 to (input as string)
    tell application "Google Chrome"
        reopen
        activate
        tell window 1
            make new tab with properties {URL:url0}
        end tell
    delay 2
    end tell
    tell application "Google Chrome" to activate
    tell application "System Events"
        keystroke input0
        keystroke return
    end tell
    return input
end run

Once created, a new service will be available in your applications like Mail:

urlQuery Service

(Click to enlarge)

Simple and convenient! A big thank to @_coreDump for his precious help to fix my AppleScript code!

Post Navigation