You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2019-08-25 5:02 pm
- Dr.Flay
- Member
- From: Kernow, UK
- Registered: 2017-10-12
- Posts: 22
- Website
OPSWAT browser extension with SFS
OPSWAT browser extension (open source) now includes optional domain checking, and has included StopForumSpam as 1 of the blacklist services.
I noticed very quickly after the update this week due to my daily spambot investigations, and was very impressed.
Most blocking and security extensions only block/warn about trackers, malware and phishing.
The extra info found here relating to spam domains and IPs is most useful and nice to see it being used in such a way.
Most of you will be familiar with VirusTotal and the browser extensions that make use of it.
Some of you may be familiar with OPSWAT security software but usually in a commercial or business environment.
OPSWAT also offer some free services and like VT use multiple AV engines in the back-end.
Many binaries can be further investigated with their online sandbox (also a free service).
Extensions like this are very worth while using if you don't rely on a runtime AV, or already rely on VT for second opinions.
https://github.com/OPSWAT/metadefender-browser-extension/
https://www.opswat.com/free-tools/secure-online-downloading
"I am a genius trapped inside an idiot"
Offline
#2 2019-08-26 12:04 am
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: OPSWAT browser extension with SFS
now this is awesome, and it goes well beyond the scope of what i thought SFS would ever be used for. it also gives me an idea for the next api version, which is currently at the "waking me up at 2am" phase
Offline
#3 2019-08-27 10:22 am
- Dr.Flay
- Member
- From: Kernow, UK
- Registered: 2017-10-12
- Posts: 22
- Website
Re: OPSWAT browser extension with SFS
Feel free to pat yourself on the back, and feel very hAPI.
Some of the extra info collected here at SFS is very handy when judging the threat level of an IP, Domain or individual.
This year I have been discovering the power and flexibility of OSINT tools that use many APIs.
I see Blocklist.de used for reference in the PulseDive site which I use a lot, and other spam blacklists used in Spiderfoot, ThreatPinch and ThreatConnect.
I manually add information from here, FSpamlist and BotScout to PulseDive comments when an IP or domain is rotten.
Also the other way round, if I see that an IP is listed in PulseDive, VirusTotal, Shodan or Greynoise with scanning or bot activity, I can add extra info to my SFS reports.
It may be worth evaluating what other new APIs could aid SFS for validating users, domains and IPs
No idea how you currently do it, but shodan is helpful for working out if an IP is VPN or TOR node etc. and Greynoise is handy for finding IPs involved with automated scanning and bots.
If you look at the supported APIs in Spiderfoot, ThreatPinch and ThreatConnect you may be inspired even more.
"I am a genius trapped inside an idiot"
Offline
Pages: 1