OSINT Tool Deep Dive: URLScan.io & Any.Run

OSINT Tool Deep Dive: URLScan.io & Any.Run

In our last article, we deep-dived into the utility of VirusTotal, and while it's an excellent tool for a preliminary scan, it's just the tip of the iceberg when building a robust OSINT strategy. When it comes to understanding a potentially malicious IP, Domain, Website, etc., URLScan.io and Any.Run play a crucial role. These tools offer both static and dynamic analysis capabilities, providing a holistic understanding of threats.

URLScan.io:

What is URLScan.io?

Following your initial analysis with VirusTotal, URLScan.io emerges as the logical next step. It's a free online service that lets users analyze websites and URLs for malicious content. It provides a detailed report on a domain’s infrastructure, website content, and its connections to other domains or services.

Strengths:

1. Contextual Analysis: Beyond just flagging malicious indicators, URLScan.io offers a comprehensive list of information about a website or IP. This includes associated IPs, subdomains, and more importantly, a screenshot of the website, providing valuable context without the need to access the website directly.

2. Comprehensive Reporting: From HTTP requests to associated IPs, it's an all-encompassing tool to grasp the footprint of a website

3. Historical Data: Track a URL's behavior over time, enabling a trend analysis.

Limitations:

1. Lack of Real-time Analysis: Offers a plethora of data but falls short on real-time malware or payload analysis.

2. Occasional Delays: Due to its rising popularity, users might face delays, particularly on the free version.

Any.Run:

What is Any.Run?

When your analysis on VirusTotal and URLScan.io doesn’t paint the full picture, Any.Run steps in to fill the gaps. Essentially, it’s a malware analysis sandbox, which just like many of the other widely available Malware Analysis Sandboxes, allows analysts to safely interact with suspicious files or URLs in a controlled environment.

Strengths:

1. Interactive Analysis: Offers real-time interaction, enabling users to see how malware or threats react to different system actions.

2. Static vs Dynamic: While tools like VirusTotal offer static analysis, Any.Run delves into dynamic malware analysis, providing insights into spawned processes, HTTP connections, and more.

3. Variety of Environments: Explore how malware behaves across various Windows versions.

4. Task Library: An essential resource for researchers with public analyses.

Limitations:

1. Advanced Features Behind Paywall: Some advanced functionalities require a subscription.

2. Limited Environment Options: Primarily supports Windows, lacking expanded options for Linux, macOS, or mobile OSs.

Why are they valuable for information security professionals?

URLScan.io and Any.Run are essential in the cybersecurity toolkit. While the former helps in understanding the infrastructure, the latter brings threats to life, allowing real-time interaction. It's the combination of having an advanced GPS (URLScan.io) and a hands-on driving experience (Any.Run) on the cyber highway.

In Conclusion:

OSINT tools, particularly URLScan.io and Any.Run, are pivotal in the present-day cybersecurity landscape. Their symbiotic relationship ensures that cybersecurity professionals have a 360-degree view of threats. Embracing these tools equips you with actionable insights crucial for fortifying digital environments.

Stay Safe,

Franklin Buckholdt

Founder, CyberChronicler