urlscan.io Analysis

the urlscan io analysis connector allows users to submit urls for security analysis, retrieve detailed reports, screenshots, dom snapshots, and monitor quota usage directly through the swimlane platform urlscan io is a powerful tool for web security analysis, providing detailed information about submitted urls, including page content, screenshots, and http requests and responses the urlscan io analysis connector for swimlane turbine allows users to automate the submission of urls for scanning, retrieve analysis results, dom snapshots, screenshots, and quota information, all within the swimlane ecosystem this integration empowers security teams to streamline their web security operations, enhance incident response, and gain rapid insights into potential threats without manual intervention prerequisites to effectively utilize the urlscan io analysis connector with swimlane, ensure you have the following prerequisites api key authentication url the base endpoint url for the urlscan io api api key your personal api key provided by urlscan io to access their services connector setup obtaining an api token navigate to your user profile https //urlscan io/user/profile/ click settings & api click create an api key capabilities the urlscan io connector has the following capabilities submit urls get information about url search urls for full info search urls for minimal info get quota details configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get result retrieve the analysis results for a specific submission using its unique identifier (uuid) from urlscan io endpoint url api/v1/result/{{uuid}} method get input argument name type required description uuid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase data object response data requests array output field requests request object output field request requestid string unique identifier loaderid string unique identifier documenturl string url endpoint for the request request object output field request url string url endpoint for the request method string http method to use headers object http headers for the request mixedcontenttype string type of the resource initialpriority string output field initialpriority referrerpolicy string output field referrerpolicy issamesite boolean output field issamesite timestamp number output field timestamp walltime number time value initiator object output field initiator type string type of the resource redirecthasextrainfo boolean output field redirecthasextrainfo type string type of the resource frameid string unique identifier hasusergesture boolean output field hasusergesture requests array output field requests example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 21 oct 2022 17 17 38 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x rate limit scope" "user", "x rate limit action" "retrieve", "x rate limit window" "minute", "x rate limit limit" "120", "x rate limit remaining" "120", "x rate limit reset" "2022 10 21t17 18 00 000z", "x rate limit reset after" "21", "cache control" "public, max age=60", "etag" "w/\\"e0543 gwhtf0zjquwawu72/f/vkbh2smy\\"", "content security policy" "default src 'self' data ; script src 'self' data developers google com www goo " }, "reason" "ok", "json body" { "data" {}, "stats" {}, "meta" {}, "task" {}, "page" {}, "lists" {}, "verdicts" {}, "submitter" {} } } ] get result dom snapshot retrieves the document object model (dom) snapshot for a given submission using the unique identifier (uuid) endpoint url dom/{{uuid}} method get input argument name type required description uuid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 21 oct 2022 20 50 50 gmt", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "max age=3600, public", "etag" "\\"b562ca8316f97fa9c32eb5f914f12aef\\"", "last modified" "fri, 21 oct 2022 17 11 41 gmt", "expires" "fri, 21 oct 2022 21 50 50 gmt", "content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ", "referrer policy" "unsafe url", "strict transport security" "max age=63072000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "0", "x proxy cache" "miss" }, "reason" "ok", "response text" "\<head>\n\n \<style>@font face{font family\ interface;src " } ] get result screenshot retrieve a screenshot from a specific urlscan io submission using the unique identifier (uuid) endpoint url screenshots/{{uuid}} png method get input argument name type required description uuid string required unique identifier output parameter type description file object result screenshot file name string name of the resource file string output field file example \[ { "file" { "file name" "example name", "file" "string" } } ] quotas and rate limiting retrieve the current quota usage and rate limit information for your urlscan io account endpoint url user/quotas method get output parameter type description status code number http status code of the response reason string response reason phrase source string output field source limits object output field limits private object output field private day object output field day limit number output field limit used number output field used remaining number output field remaining percent number output field percent hour object output field hour limit number output field limit used number output field used remaining number output field remaining percent number output field percent minute object output field minute limit number output field limit used number output field used remaining number output field remaining percent number output field percent public object output field public day object output field day limit number output field limit used number output field used remaining number output field remaining example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 21 oct 2022 17 06 58 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept", "etag" "w/\\"ae0 afycne0rns8+abik6yuucbab9lk\\"", "content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ", "referrer policy" "unsafe url", "strict transport security" "max age=63072000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "0", "x proxy cache" "miss", "x robots tag" "all" }, "reason" "ok", "json body" { "source" "user", "limits" {} } } ] search executes an elasticsearch query on urlscan io records to retrieve relevant analysis data requires a query parameter 'q' endpoint url api/v1/search method get input argument name type required description q string required parameter for search size number optional parameter for search search after string optional parameter for search output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation task object output field task visibility string output field visibility method string http method to use domain string output field domain apexdomain string output field apexdomain time string time value uuid string unique identifier url string url endpoint for the request stats object output field stats uniqips number output field uniqips uniqcountries number output field uniqcountries datalength number response data encodeddatalength number response data requests number output field requests page object output field page country string output field country redirected string output field redirected ip string output field ip mimetype string type of the resource title string output field title url string url endpoint for the request tlsvaliddays number unique identifier example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 21 oct 2022 21 04 12 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x rate limit scope" "user", "x rate limit action" "search", "x rate limit window" "day", "x rate limit limit" "1000", "x rate limit remaining" "999", "x rate limit reset" "2022 10 22t00 00 00 000z", "x rate limit reset after" "10547", "etag" "w/\\"243e9 rkqp/slcs/yu8hgkeocno5+gtdw\\"", "content security policy" "default src 'self' data ; script src 'self' data developers google com www goo ", "referrer policy" "unsafe url" }, "reason" "ok", "json body" { "results" \[], "total" 10000, "took" 155, "has more" true } } ] submit submits a url to urlscan io for scanning and analysis, returning the scan's unique identifier endpoint url api/v1/scan method post input argument name type required description url string required url endpoint for the request visibility string optional parameter for submit tags array optional parameter for submit customagent string optional parameter for submit referer string optional parameter for submit overridesafety string optional unique identifier country string optional parameter for submit output parameter type description status code number http status code of the response reason string response reason phrase message string response message uuid string unique identifier result string result of the operation api string output field api visibility string output field visibility options object output field options url string url endpoint for the request example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 21 oct 2022 17 11 33 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x rate limit scope" "user", "x rate limit action" "public", "x rate limit window" "minute", "x rate limit limit" "60", "x rate limit remaining" "60", "x rate limit reset" "2022 10 21t17 12 00 000z", "x rate limit reset after" "26", "vary" "accept", "etag" "w/\\"148 etytsyfmloayncetbym/arvpacq\\"", "content security policy" "default src 'self' data ; script src 'self' data developers google com www goo " }, "reason" "ok", "json body" { "message" "submission successful", "uuid" "942a4e6d 6c30 421a 892b 30a5813e0ab0", "result" "https //urlscan io/result/942a4e6d 6c30 421a 892b 30a5813e0ab0/", "api" "https //urlscan io/api/v1/result/942a4e6d 6c30 421a 892b 30a5813e0ab0/", "visibility" "public", "options" {}, "url" "http //swimlane com/" } } ] response headers header description example access control allow headers http response header access control allow headers dnt,x mx reqtoken,keep alive,user agent,x requested with,if modified since,cache control,content type access control allow methods http response header access control allow methods get, options access control allow origin http response header access control allow origin access control max age http response header access control max age 1728000 cache control directives for caching mechanisms public, max age=60 connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self' data ; script src 'self' data developers google com www google com http //www google com www gstatic com http //www gstatic com https //js hs scripts com https //js hs scripts com https //js hsleadflows net https //js hsleadflows net https //js hs banner com https //js hs banner com https //js hsadspixel net https //js hsadspixel net https //js hubspotfeedback com https //js hubspotfeedback com https //js usemessages com https //js usemessages com https //js hs analytics net https //js hs analytics net https //js hscollectedforms net https //js hscollectedforms net https //js hsforms net https //js hsforms net https //js na1 hs scripts com https //js na1 hs scripts com https //forms hsforms com https //forms hsforms com ; style src 'self' 'unsafe inline' fonts googleapis com www google com http //www google com ; img src data hubspot com cdn2 hubspot net forms hsforms com; font src 'self' fonts gstatic com; child src 'self' app hubspot com forms hsforms com js hsadspixel net js hscollectedforms net js usemessages com; frame src https //www google com/recaptcha/ https //www google com/recaptcha/ hubspot com forms hsforms com js hsadspixel net js hscollectedforms net js usemessages com; form action 'self' forms hsforms com forms hubspot com; connect src 'self' hubspot com api hubapi com js usemessages com js hsleadflows net js hs banner com js hubspotfeedback com js hsadspixel net js hs analytics net js hs scripts com forms hsforms com; upgrade insecure requests; frame ancestors 'none' content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated fri, 21 oct 2022 17 11 33 gmt etag an identifier for a specific version of a resource w/"e0543 gwhtf0zjquwawu72/f/vkbh2smy" expires the date/time after which the response is considered stale fri, 21 oct 2022 21 50 50 gmt last modified the date and time at which the origin server believes the resource was last modified fri, 21 oct 2022 17 11 41 gmt referrer policy http response header referrer policy unsafe url server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=63072000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept x content type options http response header x content type options nosniff x frame options http response header x frame options deny x proxy cache http response header x proxy cache miss x rate limit action http response header x rate limit action public x rate limit limit http response header x rate limit limit 60 x rate limit remaining http response header x rate limit remaining 120 x rate limit reset http response header x rate limit reset 2022 10 21t17 12 00 000z notes quota information https //urlscan io/products/ documentation https //urlscan io/docs/api/ this connector was last tested against api version 1