IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard
verified publisher icon intelowlproject

[Analyzer] WAD

Open 0ssigeno opened this issue 4 years ago • 3 comments

We can retrieve more information about the infrastructure behind a domain using WAD.

Since it is actually contacting the domain, we should add the leak_info flag in the configuration.

0ssigeno avatar Dec 24 '21 09:12 0ssigeno

Good catch but we do not usually integrate tools that actively scan a target in IntelOwl.

This is because IntelOwl is not a tool that should be used for perfroming reconnaissance of a target. There are plenty of other projects that do that better and this has never been its main goal. I have already closed other similar issues.

However I understand that the framework completely supports these use cases and could integrate several similar tools/services. The point is that we should categorize them differently. We cannot just add them as normal analyzers.

I guess that a little customization for the "reconnaissance tools/services" can be thought and done once we will start working on the playbooks (#628). The playbooks will allow to group some analyzers together, to better separate use cases from one another. So I think we could keep this issue as a reminder.

But right now, considering the almost all the IntelOwl users just run "all the analyzers", I think we should avoid this.

mlodic avatar Dec 24 '21 09:12 mlodic

from 2021 to 2023, now it could be time to start thinking about this.

We have implemented Playbooks and we have IntelOwl v4. The framework can now support active scanners too in an easier way.

mlodic avatar Jan 04 '23 15:01 mlodic

this could be implemented like a normal analyzer

mlodic avatar Mar 29 '24 16:03 mlodic