Suspi
Suspi is the shorten version of Suspicous
Features
It's designed to analyze indicators with mulpiple providers and immediate response
- ip adresses > ipscan
- domains > domainscan
- mails > mailscan
- hashs > hashscan
Requirements
Add the following sites to the trusted domains in order to open the the sites
--> Command Palette --> "Trusted Domains"
[
"https://www.virustotal.com",
"https://labs.inquest.net",
"https://otx.alienvault.com",
"https://urlscan.io",
"https://www.abuseipdb.com",
"https://urlhaus.abuse.ch",
"https://bazaar.abuse.ch",
"https://crt.sh"
]
Settings
You can activate or deactivate Providers
Before "Activating" a Provider check if you need an API Key!
Exclusion of IP, Domains and Mails
Known Issues
- no proxy support (idk, issue open since 2017)
- mailscan not implemented
- provider quota no implemented
- sometimes notifications are to quick, please check the bell in the right corner
TODO
- adding images and icons
- adding more provider
- mailhunter
- greynoise
- waybackmachine
- add sidebar history and logs
Disclaimer
This extension is used for quick detection of known indicators of compromise, in any case analysis must take place so that errors in the extension can be excluded.
The programming is not at the level of a javascript developer, but of an enthusiast.
Release Notes
0.2.X
- added background worker with Promise <3
- indicators are now gruped!
- added more provider (not tested)
- changed structure
- added config in settings incl.
- added exlusions for ip, domain and mail :)
- added API keys to specific providers if needed
- added request timeout value
0.1.5
Initial release of Suspi
Support
Enjoy!
If you like buy me a "german" beer