Project

General

Profile

ThreatScript Web Client » History » Version 2

« Previous - Version 2/3 (diff) - Next » - Current version
Luke Murphey, 05/19/2010 11:52 PM


ThreatScript Web Client

ThreatScript definitions can actively access and gather information from websites using one of the HTTP request classes. The following classes are available (each corresponding to the associated HTTP verb):

  • GetRequest
  • PostRequest
  • DeleteRequest
  • PutRequest
  • TraceRequest
  • HeadRequest
  • OptionsRequest
/*
 * Name: Test.Test.LinkCount
 * ID: 1200001
 * Version: 1
 * Message: Detects the number of websites linking to this page
 * Severity: Low
 */

importPackage(Packages.ThreatScript);
importPackage(Packages.HTTP);

function analyze( httpResponse, variables, environment ){
    var get = new GetRequest("http://www.google.com/search?q=site+to+" + httpResponse.getLocation() );
    var httpResponse = get.run();
    var s = httpResponse.getResponseBodyAsString();

    if( s == null ){
        return new Result( true, "Could not get a response from Google.com");
    }

    var resultsCount = /About ([,0-9]+) results/;
    var result = resultsCount.exec(s);

    var linkcount = result[1];

    return new Result( true, "Number of sites that link to this page: " + linkcount);
}