ThreatScript Web Client¶
ThreatScript definitions can actively access and gather information from websites using one of the HTTP request classes. The following classes are available (each corresponding to the associated HTTP verb):
- GetRequest
- PostRequest
- DeleteRequest
- PutRequest
- TraceRequest
- HeadRequest
- OptionsRequest
Below is an example of a definition that determines how many links to the given page exists (via Google):
/* * Name: Test.Test.LinkCount * ID: 1200001 * Version: 1 * Message: Detects the number of websites linking to this page * Severity: Low */ importPackage(Packages.ThreatScript); importPackage(Packages.HTTP); function analyze( httpResponse, variables, environment ){ var get = new GetRequest("http://www.google.com/search?q=site+to+" + httpResponse.getLocation() ); var httpResponse = get.run(); var s = httpResponse.getResponseBodyAsString(); if( s == null ){ return new Result( true, "Could not get a response from Google.com"); } var resultsCount = /About ([,0-9]+) results/; var result = resultsCount.exec(s); var linkcount = result[1]; return new Result( true, "Number of sites that link to this page: " + linkcount); }