Ryan Benson开发的unfurl工具解析URL中的嵌入信息如时间戳和IP地址,支持网页GUI和命令行使用。最近更新到v2025.02版本,增加了BlueSky URLs的解码功能,并修复了其他问题。作者还更新了Docker容器以支持命令行版本。 2025-2-24 20:41:4 Author: isc.sans.edu(查看原文) 阅读量:6 收藏
I've been a big fan of Ryan Benson's unfurl[1] tool since he released it a little over 5 years ago. Unfurl is a tool that can parse/decode URLs including things like embedded timestamps and IP addresses. It can be run in gui form via a web browser or as a command-line tool (my preference). Well, last week, Ryan released an update to v2025.02[2,3] of unfurl and added the ability to decode BlueSky URLs (among other bugfixes). I've also updated my docker container[4] to run the command-line version of unfurl as well.
References:
1. https://dfir.blog/introducing-unfurl/
2. https://dfir.blog/unfurl-parses-obfuscated-ip-addresses/
3. https://github.com/obsidianforensics/unfurl
4. https://hub.docker.com/repository/docker/clausing/dfir-unfurl/general
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
如有侵权请联系:admin#unsafe.sh