Introducing urlscan dot io (for Security+ & CySA+)

Jump to latest Follow Reply
BrianFord

BrianFord

Well-known member
Jun 26, 2023
64
139
9,346
Flagler Beach, FL
fordsnotes.com
#1
Fellow Instructors,

In Security+ and again in CySA+ (and CASP+) students need to understand how the www works. I often use Virustotal dot com to briefly demo how to investigate suspect urls and files. I found another web based (free to use) tool that helps explain more. That's urlscan dot io. I should provide a hat tp to some of my SOC colleagues from LinkedIn who have been pointing at this for a few weeks.

urlscan.jpg
A user submits a url and urlscan goes off and scans the site. I chose to scan comptia.org.

Comptia_http.jpg
The scan returns info about the site and http transactions (with associated response codes). Note CompTIA dot org is being served (to me) via an IPv6 address in the USA. You can show all of the elements that make up a web page. You can show the site certificates and check their expiration. Another great capability is to show the DOM scripts served from the site to the client browser.

Comptia_DOM.jpg

Warning: Make sure that you scan the site in advance and develop your own 'script' about which fields you are going to share with students. There is a ton of info here and you want to avoid having students asking about each and every field.

That said I was able to turn this into a short (less than 10 minutes) demo that graphically links different concepts important to the course.

Enjoy!

Brian
 
  • Like
Reactions: Aidy, Marcos Aster, Jarrel and 5 others
#2
Thanks Brian
BrianFord said:
Fellow Instructors,

In Security+ and again in CySA+ (and CASP+) students need to understand how the www works. I often use Virustotal dot com to briefly demo how to investigate suspect urls and files. I found another web based (free to use) tool that helps explain more. That's urlscan dot io. I should provide a hat tp to some of my SOC colleagues from LinkedIn who have been pointing at this for a few weeks.

View attachment 1281
A user submits a url and urlscan goes off and scans the site. I chose to scan comptia.org.

View attachment 1282
The scan returns info about the site and http transactions (with associated response codes). Note CompTIA dot org is being served (to me) via an IPv6 address in the USA. You can show all of the elements that make up a web page. You can show the site certificates and check their expiration. Another great capability is to show the DOM scripts served from the site to the client browser.

View attachment 1283

Warning: Make sure that you scan the site in advance and develop your own 'script' about which fields you are going to share with students. There is a ton of info here and you want to avoid having students asking about each and every field.

That said I was able to turn this into a short (less than 10 minutes) demo that graphically links different concepts important to the course.

Enjoy!

Brian
Click to expand...
 
#3
One of my favorite demos that I've been using for a very long time is going to shodan.io and searching the term:
in-tank

The result this morning was the identification of 4,521 "results" (3,556 in the US), with many of those results showing fuel levels in tanks along with other information.

Should the public have access to this information?
 

Attachments

  • Screenshot 2023-07-31 7.11.42 AM.png
    Screenshot 2023-07-31 7.11.42 AM.png
    140.8 KB · Views: 11
  • Like
Reactions: Aidy
#5
BrianFord said:
Fellow Instructors,

In Security+ and again in CySA+ (and CASP+) students need to understand how the www works. I often use Virustotal dot com to briefly demo how to investigate suspect urls and files. I found another web based (free to use) tool that helps explain more. That's urlscan dot io. I should provide a hat tp to some of my SOC colleagues from LinkedIn who have been pointing at this for a few weeks.

View attachment 1281
A user submits a url and urlscan goes off and scans the site. I chose to scan comptia.org.

View attachment 1282
The scan returns info about the site and http transactions (with associated response codes). Note CompTIA dot org is being served (to me) via an IPv6 address in the USA. You can show all of the elements that make up a web page. You can show the site certificates and check their expiration. Another great capability is to show the DOM scripts served from the site to the client browser.

View attachment 1283

Warning: Make sure that you scan the site in advance and develop your own 'script' about which fields you are going to share with students. There is a ton of info here and you want to avoid having students asking about each and every field.

That said I was able to turn this into a short (less than 10 minutes) demo that graphically links different concepts important to the course.

Enjoy!

Brian
Click to expand...

I like it! Thanks for sharing!
 
You must log in or register to reply here.
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Home
Media
Resources
Menu