Including Screenshots for Analysis

I wanted to share a neat API that works really well in InsightConnect, right now I’m accessing it via a REST plugin, but it could easily be converted into a plugin on its own.
https://apiflash.com/ allows you to pass a URL to it and it returns a URL to a jpeg of a screenshot of the website.
This works great with InsightConnect because using the Markdown in an Artifact you can include this image.
It doesn’t follow all the links on the page like a JoeSandbox would, but we are using this to see what the links would look like in a Phishing Workflow.
Having it as an Artifact allows an analyst to quickly tell if a link is trying to look like a login page even if something like VirusTotal comes back clean.
Attached is an example Artifact showing today’s google page, hopefully someone will find this useful.

apiflash

4 Likes

I just noticed there’s a plugin called “Screenshot a URL” that looks like it just went live this week (version 1.0.0 is 8/28/20). I haven’t kicked the tires on it yet, but it looks useful.

Yes, I started playing with it. I put in a note though that I’m not able to include the Base64 in Markdown

1 Like

Brandon, is the format <img64:{{[“get screenshot”].[screenshot]}}/> not working in an artifact card? When I test it against google, it works.

HTML tags work, Thanks!

It’s actually that one tag and it’s not the same as the html version of an in-line b64 encoded image (html is <img src="data:image/png;base64, b64datagoeshere"/>)

That makes sense as to why the markdown version didn’t work