capa
capa copied to clipboard
mandiant
Extracts web domain and IP address, implements rendering functions and tests
This PR partially resolves #1907. It extracts web domains and IP addresses, and implements rendering functions and tests.
These changes likely don't require updates to the documentation, but if some users want to, they should be able to repurpose many of the extraction functions fairly easily.
Unfortunately, I'll probably be unavailable during the next few days, but this weekend, I'll ensure this PR passes the CI tests.
I'll probably also add some more tests for the rendering functions.
Please let me know if you have any questions or suggestions!
Below is example output for the default mode:
+------------------------------+
| IP addresses and web domains |
|------------------------------+
| google.com |
| 192.123.232.08 |
| my-w3bs1te.net |
| maliciooous.r4ndom-site.uhoh |
| whoops.net |
+------------------------------+
Here is example output for verbose and vverbose modes:
+-----------------------------------------------------------+
| IP addresses and web domains |
|-----------------------------------------------------------+
| google.com |
| |----IP address: |
| |----192.0.0.1 |
| |----Functions used to communicate with google.com: |
| |----InternetConnectA |
| |----HttpOpenRequestA |
| |----FtpGetFileA |
| |----3 occurrances |
| | |
| 192.123.232.08 |
| |----Functions used to communicate with 192.123.232.08:|
| |----... |
| |
+-----------------------------------------------------------+
Checklist
- [ ] No CHANGELOG update needed
- [ ] No new tests needed
- [ ] No documentation update needed
very cool, I'll have to take a closer look in the upcoming week at this! thanks for the suggestions.
Thanks @mr-tz! I'm just working on a couple bugs so I'll lyk when it's done!