Suspi

Suspi is the shorten version of Suspicous

Features

It's designed to analyze indicators with mulpiple providers and immediate response

• ip adresses > ipscan
• domains > domainscan
• mails > mailscan
• hashs > hashscan

Requirements

Add the following sites to the trusted domains in order to open the the sites --> Command Palette --> "Trusted Domains"

[
    "https://www.virustotal.com",
    "https://labs.inquest.net",
    "https://otx.alienvault.com",
    "https://urlscan.io",
    "https://www.abuseipdb.com",
    "https://urlhaus.abuse.ch",
    "https://bazaar.abuse.ch",
    "https://crt.sh"
]

Settings

You can activate or deactivate Providers

Before "Activating" a Provider check if you need an API Key!

Exclusion of IP, Domains and Mails

Known Issues

• no proxy support (idk, issue open since 2017)
• mailscan not implemented
• provider quota no implemented
• sometimes notifications are to quick, please check the bell in the right corner

TODO

• adding images and icons
• adding more provider
  • mailhunter
  • greynoise
  • waybackmachine
• add sidebar history and logs

Disclaimer

This extension is used for quick detection of known indicators of compromise, in any case analysis must take place so that errors in the extension can be excluded. The programming is not at the level of a javascript developer, but of an enthusiast.

Release Notes

0.2.X

• added background worker with Promise <3
• indicators are now gruped!
• added more provider (not tested)
• changed structure
• added config in settings incl.
  • added exlusions for ip, domain and mail :)
  • added API keys to specific providers if needed
  • added request timeout value

0.1.5

Initial release of Suspi

Support

Enjoy! If you like buy me a "german" beer