urlscan.io Analysis

the urlscan io analysis connector allows users to submit urls for security analysis, retrieve detailed reports, screenshots, dom snapshots, and monitor quota usage directly through the swimlane platform urlscan io is a powerful tool for web security analysis, providing detailed information about submitted urls, including page content, screenshots, and http requests and responses the urlscan io analysis connector for swimlane turbine allows users to automate the submission of urls for scanning, retrieve analysis results, dom snapshots, screenshots, and quota information, all within the swimlane ecosystem this integration empowers security teams to streamline their web security operations, enhance incident response, and gain rapid insights into potential threats without manual intervention prerequisites to effectively utilize the urlscan io analysis connector with swimlane, ensure you have the following prerequisites api key authentication url the base endpoint url for the urlscan io api api key your personal api key provided by urlscan io to access their services connector setup obtaining an api token navigate to your https //urlscan io/user/profile/ click settings & api click create an api key capabilities the urlscan io connector has the following capabilities submit urls get information about url search urls for full info search urls for minimal info get quota details notes https //urlscan io/products/ https //urlscan io/docs/api/ this connector was last tested against api version 1 configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get result retrieve the analysis results for a specific submission using its unique identifier (uuid) from urlscan io endpoint url api/v1/result/{{uuid}} method get input argument name type required description path parameters uuid string required parameters for the get result action input example {"path parameters" {"uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data requests array response data data requests request object response data data requests request requestid string response data data requests request loaderid string response data data requests request documenturl string response data data requests request request object response data data requests request request url string response data data requests request request method string response data data requests request request headers object response data data requests request request mixedcontenttype string response data data requests request request initialpriority string response data data requests request request referrerpolicy string response data data requests request request issamesite boolean response data data requests request timestamp number response data data requests request walltime number response data data requests request initiator object response data data requests request initiator type string response data data requests request redirecthasextrainfo boolean response data data requests request type string response data data requests request frameid string response data data requests request hasusergesture boolean response data data requests requests array response data output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 17 17 38 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x rate limit scope" "user","x rate limit action" "retrieve","x rate limit window" "minute","x rate limit limit" "120","x rate limit remaining" "120","x rate limit reset" "2022 10 21t17 18 00 000z","x rate limit reset after" "21","cache control" "public, max age=60","etag" "w/\\"e0543 gwhtf0zjquwawu7 get result dom snapshot retrieves the document object model (dom) snapshot for a given submission using the unique identifier (uuid) endpoint url dom/{{uuid}} method get input argument name type required description path parameters uuid string required parameters for the get result dom snapshot action input example {"path parameters" {"uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 20 50 50 gmt","transfer encoding" "chunked","connection" "keep alive","cache control" "max age=3600, public","etag" "\\"b562ca8316f97fa9c32eb5f914f12aef\\"","last modified" "fri, 21 oct 2022 17 11 41 gmt","expires" "fri, 21 oct 2022 21 50 50 gmt","content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ","referrer policy" "unsafe url","strict transport security" "ma get result screenshot retrieve a screenshot from a specific urlscan io submission using the unique identifier (uuid) endpoint url screenshots/{{uuid}} png method get input argument name type required description path parameters uuid string required parameters for the get result screenshot action input example {"path parameters" {"uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0"}} output parameter type description file object result screenshot file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} quotas and rate limiting retrieve the current quota usage and rate limit information for your urlscan io account endpoint url user/quotas method get output parameter type description status code number http status code of the response reason string response reason phrase source string output field source limits object output field limits limits private object output field limits private limits private day object output field limits private day limits private day limit number output field limits private day limit limits private day used number output field limits private day used limits private day remaining number output field limits private day remaining limits private day percent number output field limits private day percent limits private hour object output field limits private hour limits private hour limit number output field limits private hour limit limits private hour used number output field limits private hour used limits private hour remaining number output field limits private hour remaining limits private hour percent number output field limits private hour percent limits private minute object output field limits private minute limits private minute limit number output field limits private minute limit limits private minute used number output field limits private minute used limits private minute remaining number output field limits private minute remaining limits private minute percent number output field limits private minute percent limits public object output field limits public limits public day object output field limits public day limits public day limit number output field limits public day limit limits public day used number output field limits public day used limits public day remaining number output field limits public day remaining output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 17 06 58 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept","etag" "w/\\"ae0 afycne0rns8+abik6yuucbab9lk\\"","content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ","referrer policy" "unsafe url","strict transport security" "max age=63072000; includesubdomains; preload","x content type opt search executes an elasticsearch query on urlscan io records to retrieve relevant analysis data requires a query parameter 'q' endpoint url api/v1/search method get input argument name type required description parameters q string required parameters for the search action parameters size number optional parameters for the search action parameters search after string optional parameters for the search action input example {"parameters" {"q" " ","size" 100,"search after" "1666385691272,7b659f9d e509 4bb4 b07e eda8ff6b0bc8"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results task object result of the operation results task visibility string result of the operation results task method string http method to use results task domain string result of the operation results task apexdomain string result of the operation results task time string result of the operation results task uuid string unique identifier results task url string url endpoint for the request results stats object result of the operation results stats uniqips number result of the operation results stats uniqcountries number result of the operation results stats datalength number response data results stats encodeddatalength number response data results stats requests number result of the operation results page object result of the operation results page country string result of the operation results page redirected string result of the operation results page ip string result of the operation results page mimetype string type of the resource results page title string result of the operation results page url string url endpoint for the request results page tlsvaliddays number unique identifier output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 21 04 12 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x rate limit scope" "user","x rate limit action" "search","x rate limit window" "day","x rate limit limit" "1000","x rate limit remaining" "999","x rate limit reset" "2022 10 22t00 00 00 000z","x rate limit reset after" "10547","etag" "w/\\"243e9 rkqp/slcs/yu8hgkeocno5+gtdw\\"","content security poli submit submits a url to urlscan io for scanning and analysis, returning the scan's unique identifier endpoint url api/v1/scan method post input argument name type required description url string optional url endpoint for the request visibility string optional parameter for submit tags array optional parameter for submit customagent string optional parameter for submit referer string optional parameter for submit overridesafety string optional unique identifier country string optional parameter for submit input example {"json body" {"url" "swimlane com","visibility" "public","tags" \["tag1","tag2"],"customagent" "","referer" "","overridesafety" "","country" "us"}} output parameter type description status code number http status code of the response reason string response reason phrase message string response message uuid string unique identifier result string result of the operation api string output field api visibility string output field visibility options object output field options url string url endpoint for the request output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 21 oct 2022 17 11 33 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x rate limit scope" "user","x rate limit action" "public","x rate limit window" "minute","x rate limit limit" "60","x rate limit remaining" "60","x rate limit reset" "2022 10 21t17 12 00 000z","x rate limit reset after" "26","vary" "accept","etag" "w/\\"148 etytsyfmloayncetbym/arvpacq\\"","content se response headers header description example access control allow headers http response header access control allow headers dnt,x mx reqtoken,keep alive,user agent,x requested with,if modified since,cache control,content type access control allow methods http response header access control allow methods get, options access control allow origin http response header access control allow origin access control max age http response header access control max age 1728000 cache control directives for caching mechanisms public, max age=60 connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self' data ; script src 'self' data developers google com http //www google com http //www gstatic com https //js hs scripts com https //js hsleadflows net https //js hs banner com https //js hsadspixel net https //js hubspotfeedback com https //js usemessages com https //js hs analytics net https //js hscollectedforms net https //js hsforms net https //js na1 hs scripts com https //forms hsforms com ; style src 'self' 'unsafe inline' fonts googleapis com http //www google com ; img src data hubspot com cdn2 hubspot net forms hsforms com; font src 'self' fonts gstatic com; child src 'self' app hubspot com forms hsforms com js hsadspixel net js hscollectedforms net js usemessages com; frame src https //www google com/recaptcha/ hubspot com forms hsforms com js hsadspixel net js hscollectedforms net js usemessages com; form action 'self' forms hsforms com forms hubspot com; connect src 'self' hubspot com api hubapi com js usemessages com js hsleadflows net js hs banner com js hubspotfeedback com js hsadspixel net js hs analytics net js hs scripts com forms hsforms com; upgrade insecure requests; frame ancestors 'none' content type the media type of the resource text/plain date the date and time at which the message was originated fri, 21 oct 2022 17 17 38 gmt etag an identifier for a specific version of a resource w/"ae0 afycne0rns8+abik6yuucbab9lk" expires the date/time after which the response is considered stale fri, 21 oct 2022 21 50 50 gmt last modified the date and time at which the origin server believes the resource was last modified fri, 21 oct 2022 17 11 41 gmt referrer policy http response header referrer policy unsafe url server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=63072000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept x content type options http response header x content type options nosniff x frame options http response header x frame options deny x proxy cache http response header x proxy cache miss x rate limit action http response header x rate limit action search x rate limit limit http response header x rate limit limit 1000 x rate limit remaining http response header x rate limit remaining 120 x rate limit reset http response header x rate limit reset 2022 10 21t17 18 00 000z x rate limit reset after http response header x rate limit reset after 21 x rate limit scope http response header x rate limit scope user x rate limit window http response header x rate limit window minute x robots tag http response header x robots tag all x xss protection http response header x xss protection 0