urldigger - A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code

Project Information

Project feeds
Code license
MIT License
Labels
url, digger, extractor, crawler, drive-by, blackatseo, maliciouscode, web, websecurity

Members

ecasbas

Featured

Downloads

FAQ

URLDIGGER REFERENCES

Badware Busters / Securitytube tools

NEWS!!!

Working in an online version. Stay tuned!!

Urldigger (cazaurls in spanish) is an experimental script created to extract URL addresses from different sources and optionally check them for looking SPAM or malicious code. Currently working with Google, Twitter, Alexa and some malware sources. If the most popular web pages get compromised by drive-by download attacks, can potentially infect a large population. Extract high url lists to posterior analysis or whatever you are looking for in the need of processing high quantity of urls.

Use case: Viral trends like "nexus one, "ipad", "Michael Jackson" lead throughout the world with many people searching these words on the search engines. But this is just the kind of opportunity fraudsters like to exploit by poisoning search terms to direct people to compromised legitimate sites that may have nothing to with the subject matter at hand. If someone clicks on the link to a page on that infected site they are then redirected to a malicious site which can implant malware on their machine or tempt them to install a rogue security product.

Urldigger could help you to extract popular URLs and Scanning them with some of the honeypot clients availables by specifically searching for potentially malicious web sites. Download it.

Howto execute urldigger on Windows

EXAMPLES:

GET URLS FROM A GOOGLE SEARCH TERM

ecasbas@cipher:~/proyectos/urldigger$ python urldigger.py -g urldigger
http://urldigger.com/
http://code.google.com/p/urldigger/
http://code.google.com/p/urldigger/updates/list
http://sniptools.com/vault/urldigger
http://www.urldigger.com/articles/81/asshole-of-the-year-nominee-abu-abdullah.html
----OUTPUT CUT-----

GET URLS FROM TWITTER HOT WORDS

ecasbas@cipher:~/proyectos/urldigger$ python urldigger.py -W
http://itunes.apple.com/us/album/now-playing/id193558513
http://sourceforge.net/projects/nnplaying/
http://vivapinkfloyd.blogspot.com/2008/06/how-to-make-simple-amarok-now-playing.html
http://vivapinkfloyd.blogspot.com/2008/05/how-to-make-simple-amarok-now-playing.html
----OUTPUT CUT-----

GET URLS FROM CRAWLING YOUR SITE

ecasbas@cipher:~/proyectos/urldigger$ python urldigger.py -c http://www.nasa.gov
http://www.nasa.gov/about/career/index.html
http://www.nasa.gov/about/highlights/bolden_bio.html
http://www.nasa.gov/about/highlights/garver_bio.html
http://www.nasa.gov/about/highlights/leadership_gallery.html
http://www.nasa.gov/about/org_index.html
http://www.nasa.gov/about/sites/index.html
http://www.nasa.gov/astronauts
----OUTPUT CUT-----

SHOW HOT URLS FROM ALEXA

ecasbas@cipher:~/proyectos/urldigger$ python urldigger.py -H
http://realestate.yahoo.com/promo/most-expensive-us-small-town-sagaponack-ny.html
http://www.realsimple.com/home-organizing/new-uses-for-old-things/new-uses-penny-00000000027632/index.html?xid=yahoobuzz-rs-012210&xid=yahoo
http://movies.yahoo.com/news/usmovies.thehollywoodreporter.com/forbes-lists-biggest-flops-last-five-years
http://health.yahoo.com/experts/drmao/23125/soup-therapy-detoxify-lose-weight-and-boost-immunity/
http://answers.yahoo.com/question/index?qid=20100111162407AATTvcJ
----OUTPUT CUT-----

BRUTE FORCE MODE

ecasbas@cipher:~/proyectos/urldigger$ python urldigger.py -b > allurls.txt

Be careful, currently the output is about 18917 urls.

DETECT SPAM OR SPURIOUS CODE IN YOUR SITE

ecasbas@cipher:~/proyectos/urldigger$ python urldigger.py -g "site:uclm.es"
Looking for SPAM in........http://publicaciones.uclm.es/
*Suspicious SPAM!!!-----> http://publicaciones.uclm.es/* [(viagra)]
Looking for SPAM in........http://www.uclm.es/to/cdeporte/pdf/PublicacionesProfesorado.pdf
Looking for SPAM in........http://www.uclm.es/cr/caminos/publicaciones/publicaciones.html
Looking for SPAM in........http://www.uclm.es/profesorado/ricardo/Publicaciones.htm
Looking for SPAM in........http://publicaciones.uclm.es/index.php?action=module&path_module=modules_Product_index
*Suspicious SPAM!!!-----> http://publicaciones.uclm.es/index.php?action=module&path_module=modules_Product_index*
Looking for SPAM in........http://www.uclm.es/PROFESORADO/mydiaz/_private/PUBLICACIONES.pdf

NOTE: Functional code only available thorough the source in the repository.

For any question check out my blog at http://blog.emiliocasbas.com