top of page
Writer's pictureVlad

YouConn

Updated: Nov 27, 2017

A URL monitoring tool, would help you with threat intel investigations, server downtime monitoring, and information for site takedown for a potential phishing site.


Strike familiar?

Does the functionalities ring a bell, same as what with IsitDwn from Spyder ayt? Well, I have to admit yes! With its ability to monitor on the URL's status and with almost same data structure as that of IsItdwn, YouConn would be considered as an upgrade to the said module.


Difference with IsItDwn?

  • YouConn has the intelligence to know if a certain site is not only down, but a redirect or just an expired webpage.

  • It can provide the exact reason why a certain web server is down, thus the tool perform its own rootcause analysis, which is cool. So when ask by your boss or to save ones curiosity , on what could be the reason why its down, you could have the answers without even breaking a sweat or performing some deep diving.

  • Same with my other tool, YouConn has no limit on its user input. You can input a thousands of webservers or URL in a text file for monitoring.

  • You can set the monitoring on a scheduled basis. Scan will be conducted depends on the time you input on the tool.

Algorithm


Once input has been made and program has been executed, YouConn will read the input line by line and provide its feedback. Program will request connection depending on what port/service was utilized. By using requests library, I got the response code by making use of webPage.status_code syntax. I then set the status code's response on conditional statements. You may refer to the pseudocode below:


count = 1 #set a counter so we an keep track of the loop

#input_line refer to the sequence of lines on input text file

#line refer to the variable set

for line in input_line: #for every line on input_line

print count

webPage = requests.get(link)#syntax to request access by getting single line(url) from file input

response = webPage.status_code #set variable for web response's status code

reason = webPage.reason #variable has been set to call for rootacause analysis function


<did the condtions here...>


Execute..Run>


As mentioned, the tool can be executed in a scheduled basis. User can set the desired time to run the monitoring as per screenshot below.


Once date has been set, program will now execute and perform its task. Inputs will be read in isitdwn2.txt file, as mentioned input has no limit for this app can give the results no matter how many inputs were made. Below's the sample text input.

Once the program has been executed, it will now perform its task.

As you can see on loop 6 and 7, reason has been provided on why site can't be access despite the its response code is not 404. In 6, reason for non access could be because of wrong input[where in this case user supplied wrong port], does program suggest to access the site by port 80. In 7, reason for non access is that the page is non existing.


Above is the log file that is the output file generated by the program as it finished its execution. As you can see from loop 104 until loop 116, a number of inaccessible site has been identified. On loop 104, connection to onlineaccountupdate.com failed due to URL could no longer be valid or an incorrect input.

On loop 108, failed connection was due to the fact that the server did not properly respond. There could be an unhandled exception occurred during the execution of the current web request.

Loop 146 until 148 has response code of 301, indicationg a redirected page. Furthermore, this indicates that the resource requested has been definitively moved to the URL given by the Location headers. A browser redirects to this page, and search engines update their links to the resource.

Loop 149, can be a bit tricky. It gives you a response code of 200 but an internal error message. In this case, webserver has responded but could not display the page or is not returning any content. You may encounter this type of case usually when you're trying to access a for example a facebook profile that has been deactivated.

On the 206th loop, URL is accessible. So I have decided to have this printed on the y0_py2 output text file, to have a note that the server is live. If in case this is a malicious site, this could be an alarm to proceed with the URL takedown.

The program performed well as it provided the monitoring successfully from the 207th loop. Once done, it will terminate and will ask the user for another execution.



55 views0 comments

Comments


LET'S TAKE IT TO THE NEXT LEVEL!

bottom of page