flask-soc-site

This is a Python project to learn working with Flask. To make it useful for my day job as a security analyst, I turned it into a one-page website that can look up security-relevant data about hosts (IP addresses, fully qualified domain names, URLs and domains). Current features include: VirusTotal and AbuseIPDB-results, DMARC, DKIM and SPF information and registrar information.

Todos

• reorganize the SPF, DMARC and DKIM results (organize the SPF to match ['record'] with ['parsed']) 📧
• try to incorporate OTX Alienvault results (unfortunately the historical telemetry is not possible via the API...) 👽
• start working again on the upload feature to analyze hosts in a text or csv file 📎
• parse and display lookup results for multiple, differently typed and separated hosts (look at parsing in gui-host-lookup) 💯
• Make the foldable detail lines more useful and readable
• Update the (currently broken) lookup of URLs
• Differentiate both the lookup functions (the Host class initialization) and the result HTML/Jinja-pages on host type
• Deploy the app to production (sec.joostagterhoek.nl) which first requires to follow some deployment and app organization tutorials (https://flask.palletsprojects.com/en/stable/tutorial/database/ for example)
  • Follow the example of the working 'packaging-flask-soc-site'-folder ánd incorporate config.py 'from config import config')
• Implement caching across the entire website (now only for AbuseIPDB API requests)
• Rewrite lookup.html with grid and flex like in v3
• Add lookup history and note taking page (clickable options at the top)
• Investigate single-page-app (AJAX) f.e. https://iq.opengenus.org/single-page-application-with-flask-ajax/
• Think about and handle security risks (research rate limiting in Nginx)