Since it’s already Friday, just before leaving for the weekend, here is a quick hack for all MacOS X infosec guys… and the others! I’m not afraid to admit it: I’m lazy! We are using computers all day long and they have been created (usually 
to automate tasks. Let them do our boring job…
One of the recurring tasks I perform multiple times a day is scanning URLs for malicious code. We all read daily plenty of information which contains URLs (mail, PDFs, Office documents). Call me paranoid but I prefer to scan them before suffering an unexpected behavior just with a mouse click! I’m a fan of the online service called urlQuery for this task:
“urlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about the activities a browser does while visiting a site and presents the information for further analysis.”
Submit your URL and a report will be generated with the complete analyze of the code and objects downloaded. Why not automate the submission of URLs to urlQuery?
OS X comes with nice tools to automate a lot of stuff. I recommand to have a look at Automator and AppleScript. They can be used to create personalized services which are available in any application via a righ-click and chosing “Services“.
Let’s create a new service called “Analyze with urlQuery“. Launch Automator:
- Select Library > Utilities > Run AppleScript
- Define the parameters:
Service receives selected: “URLs” in “any application”
Input is “only URLs” - Create the AppleScript below
- Save
The AppleScript is really simple: It opens a new tab in the first Google Chrome window, connect to urlquery.net, fill the form with the (malicious) URL and submit it!
on run {input, parameter}
set url0 to "http://urlquery.net"
set input0 to (input as string)
tell application "Google Chrome"
reopen
activate
tell window 1
make new tab with properties {URL:url0}
end tell
delay 2
end tell
tell application "Google Chrome" to activate
tell application "System Events"
keystroke input0
keystroke return
end tell
return input
end run
Once created, a new service will be available in your applications like Mail:
(Click to enlarge)
Simple and convenient! A big thank to @_coreDump for his precious help to fix my AppleScript code!
