This release contains the changes and bugfixes we worked on during GeekWeek X, we'd like to thank the CCCS for having us, and organizing this event.
New Features
/json/advanced_search: Returns Captures matching multiple parameters (IP, Hostname, URL, Hash) by @GavinMacNabb- Docker compose files for dev and prod by @litobro
- New module to automatically submit URLs from Lookyloo to CCCS AssemblyLine by @litobro
/json/ip_info: Returns the captures containing a specific IP address/json/<string:capture_uuid>/ips: Returns all the IPs contained in a capture/json/favicon_info: Returns the captures containing a specific favicon/json/<string:capture_uuid>/favicons: Returns all the favicons in a capture.- Note: playwright doesn't download the favicon, so we fetch them after the fact by extracting the possible favicons from the rendered HTML. This call may return more than one favicon.
/json/hash_info: Returns the captures containing a resource with a specific hash (sha512)- Normalize the JSON API endpoints to they support pagination, accept the same parameters, and return data in the same format
Bugfixes
- Multiple calls to get captures from specific indicators (Hostnames, URLs, IPs, body hashes ...) were not working properly when queried via the API
- Many improvements in error handling
- When the capture queue is really long and they're not captured within one hour (by default), they were expired on Lacus side. Now, if it happens, but the capture is still in the queue on Lookyloo side, it will be re-queued into Lacus.
What's Changed
- Add modules folder to docker-compose.yml to allow live development by @litobro in #1065
- FEAT: Support AssemblyLine Submission by @litobro in #1066
- New POST /json/advanced_search endpoint by @GavinMacNabb in #1071
New Contributors
- @Wachizungu made their first contribution in #1053
- @litobro made their first contribution in #1065
- @GavinMacNabb made their first contribution in #1071
Full Changelog: v1.30.0...v1.31.0
Contributors
Wachizungu, litobro, and GavinMacNabb