#url #malicious #link #decode #scheme #re-arm #defang

app urlsafe

A tool to defang and re-arm malicious URLs

1 unstable release

0.1.1 Nov 8, 2020

#2 in #malicious

GPL-3.0 license

18KB
56 lines

URLSafe v0.1.0

A tool to de-fang and re-arm malicious urls.

Takes a malicious url:

http://example.com/malware.exe

And converts it to its defanged version:

hxxp://example[.]com/malware[.]exe

Can also be used to re-arm a link with the decode option which works in reverse.

Supports the following protocol URI schemes:

  • HTTP/S
  • FTP/S

Other schemes can be found here. Any of these can be added, but will slow down processing time so only pertinent ones should be added. The other issue is that IANA has assigned hxxp and hxxps as actual "malicious" schemes, but has not created alternatives for other schemes (including FTP). I need a good way of converting these schemes to an inert form without breaking the specification or clobbering potential schemes. My current solution will be to wrap the scheme in square brackets; for example:

[nfs]://example[.]com/malware[.]exe

(if you would like other protocols to be added create an issue.)

This tool is best used with a bash or powershell script for batch jobs.

Help:

urlsafe 0.1.0
encodes and decodes de-fanged URLs.

USAGE:
    urlsafe [OPTIONS]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -d, --decode <URL>    Returns a malicious URL to its dangerous state.
    -e, --encode <URL>    De-fangs a malicious URL.

Dependencies

~1.5MB
~24K SLoC