suspi is the shorten version of Suspicous and helps to quickly show indicators of compromise with mulpiple providers.
- ip adresses > ipscan
- domains > domainscan
- mails > mailscan
- hashs > hashscan
Add the following tld sites to the trusted domains in order to open them --> Command Palette --> "Trusted Domains"
[
"https://www.virustotal.com",
"https://labs.inquest.net",
"https://otx.alienvault.com",
"https://urlscan.io",
"https://www.abuseipdb.com",
"https://urlhaus.abuse.ch",
"https://bazaar.abuse.ch",
"https://crt.sh",
"https://emailrep.io,
"https://www.joesecurity.org",
"https://app.any.run",
"https://www.filescan.io"
]
You can activate or deactivate Providers.
Before
Activatinga Provider check if you need an API Key!
You can set a proxy for the requests.
Available for:
- IPs
- Domains
- Mails
- mailscan not functional yet
- some providers are not fully implemented
- provider quota no implemented
- sometimes notifications are to quick, please check the bell in the right corner
This extension is in early stage and only used for quick detection of known indicators of compromise.
It doesn't it does not replace a proper analysis.
- adding more provider
- mailhunter
- greynoise
- waybackmachine
- emailrep
- filescan
- anyrun
- add sidebar history and logs
- may change to class system
- added repository support for extension
- small improvments
- integrated Proxy request in settings
- if you have issues with NTLM Authentication, consider to use proxyproxy-cli a lightweight listener written in Go - Thanks @MarmorY
- added icon
- small bugfixes
- added background worker with Promise
- indicators are now gruped!
- added more provider (not tested)
- changed structure
- added config in settings incl.
- added exlusions for ip, domain and mail
- added API keys to specific providers if needed
- added request timeout value
initial release of suspi
Enjoy! if you like leave a star or write a message to suspi[at]th1s1s[.]de