Merge pull request #96 from vincenzocaputo/develop

vincenzocaputo · web-flow · commit 61d8d8a8efe4 · 2025-11-23T13:07:19.000+01:00
Develop
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [ 0.24.3 ] - 2025-11-23
+
+### Add
+- Lookup TLS certificate by hash on crt.sh
+- MalShare hash lookup tool
+- CIRCL.lu Lookyloo lookup web tool (for URLs and domains)
+- Add Google tool to pull the favicon of a given domain
+
+### Fix
+- Update ThreatBook URL
+- WebCheck URL
+- Vulnerability icon in graph editor
+
 ## [ 0.24.2 ] - 2025-06-21
 
 ### Add
diff --git a/assets/tools-icons/lookyloo.png b/assets/tools-icons/lookyloo.png
diff --git a/assets/tools-icons/malshare.png b/assets/tools-icons/malshare.png
diff --git a/manifest.json b/manifest.json
@@ -1,7 +1,7 @@
 {
 	"manifest_version": 2,
 	"name": "FoxyRecon",
-	"version": "0.24.2",
+	"version": "0.24.3",
 	"description": "A Firefox add-on for OSINT investigations",
 
 	"icons": {
diff --git a/src/graph/stix/sdo/vulnerability.js b/src/graph/stix/sdo/vulnerability.js
@@ -4,7 +4,7 @@ function createVulnerabilityForm(evt, title, stix={}) {
     const type = "vulnerability";
     const objectId = stix["id"] === undefined ? type+"--"+crypto.randomUUID() : stix["id"];
 
-    const formHandler = new FormHandler(title, "img/vulnerability.png");
+    const formHandler = new FormHandler(title, "img/vulnerability-noback-flat.png");
     submitEvent = evt => {
         var stix = {}
         const fields = formHandler.getFields();
diff --git a/src/json/tools.json b/src/json/tools.json
@@ -229,12 +229,13 @@
         {
 			"name": "crt.sh",
 			"url": {
-                "domain": "https://crt.sh/?q=%s"
+                "domain": "https://crt.sh/?q=%s",
+                "hash": "https://crt.sh/?q=%s"
             },
             "desc": "Certificate search",
 			"icon": "crtsh.png",
 			"color": "#00B373",
-			"types": ["domain"],
+			"types": ["domain", "hash"],
             "tags": ["tls"],
 			"autoGraph": false
 		},
@@ -540,6 +541,17 @@
             "types": ["domain","ip","email","hash","cve","phone","asn"],
 			"autoGraph": false
         },
+        {
+            "name": "Google (Favicon)",
+            "url": {
+                "domain": "https://www.google.com/s2/favicons?domain=%s&sz=32"
+            },
+            "desc": "Get the favicon of a domain (Google API)",
+            "icon": "google.png",
+            "color": "#EA4335",
+            "types": ["domain"],
+			"autoGraph": false
+        },
         {
             "name": "Google Trends",
             "url": {
@@ -988,6 +1000,19 @@
             "tags": ["leaks"],
 			"autoGraph": false
         },
+        {
+            "name": "Lookyloo (CIRCL.lu)",
+            "url": {
+                "domain": "https://lookyloo.circl.lu/hostnames/%s?from_popup=True",
+                "url": "https://lookyloo.circl.lu/urls/%b?from_popup=True"
+            },
+            "desc": "Check and review URLs and website (by CIRCL.lu)",
+            "icon": "lookyloo.png",
+            "color": "#0D6EFD",
+            "types": ["domain","url"],
+            "tags": ["screenshot","sandbox"],
+			"autoGraph": false
+        },
         {
             "name": "Lupovis",
             "url": {
@@ -1000,6 +1025,18 @@
             "tags": ["rep"],
 			"autoGraph": false
         },
+        {
+            "name": "MalShare",
+            "url": {
+                "hash": "https://malshare.com/sample.php?action=detail&hash=%s"
+            },
+            "desc": "The MalShare Project is a community driven public malware repository that works to provide free access to malware samples",
+            "icon": "malshare.png",
+            "color": "#060606",
+            "types": ["hash"],
+            "tags": ["ioc"],
+			"autoGraph": false
+        },
         {
             "name": "MALWARE bazaar",
             "url": {
@@ -1478,8 +1515,8 @@
         {
             "name": "Threatbook",
             "url": {
-                "domain": "https://threatbook.io/domain/%s",
-                "ip": "https://threatbook.io/ip/%s"
+                "domain": "https://i.threatbook.io/research/%s",
+                "ip": "https://i.threatbook.io/research/%s"
             },
             "desc": "ThreatBook CTI provides high-fidelity intelligence collected from alerts from real customer cases.",
             "icon": "threatbook.png",
@@ -1791,8 +1828,8 @@
         {
             "name": "Web Check",
             "url": {
-                "url": "https://web-check.as93.net/results/%s",
-                "domain": "https://web-check.as93.net/results/%s"
+                "url": "https://web-check.xyz/check/%s",
+                "domain": "https://web-check.xyz/check/%s"
             },
             "desc": "Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.",
             "icon": "webcheck.png",

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"manifest_version": 2,`
`3`	`3`	`"name": "FoxyRecon",`
`4`		`- "version": "0.24.2",`
	`4`	`+ "version": "0.24.3",`
`5`	`5`	`"description": "A Firefox add-on for OSINT investigations",`
`6`	`6`
`7`	`7`	`"icons": {`