[Analyzer] WAD

[0ssigeno]

We can retrieve more information about the infrastructure behind a domain using WAD.

Since it is actually contacting the domain, we should add the leak_info flag in the configuration.

[mlodic]

Good catch but we do not usually integrate tools that actively scan a target in IntelOwl.

This is because IntelOwl is not a tool that should be used for perfroming reconnaissance of a target. There are plenty of other projects that do that better and this has never been its main goal. I have already closed other similar issues.

However I understand that the framework completely supports these use cases and could integrate several similar tools/services. The point is that we should categorize them differently. We cannot just add them as normal analyzers.

I guess that a little customization for the "reconnaissance tools/services" can be thought and done once we will start working on the playbooks (#628). The playbooks will allow to group some analyzers together, to better separate use cases from one another. So I think we could keep this issue as a reminder.

But right now, considering the almost all the IntelOwl users just run "all the analyzers", I think we should avoid this.

[mlodic]

from 2021 to 2023, now it could be time to start thinking about this.

We have implemented Playbooks and we have IntelOwl v4.
The framework can now support active scanners too in an easier way.

[mlodic]

this could be implemented like a normal analyzer

[basedBaba]

Hello! I would like to work on this issue. :D

[drosetti]

ok, i'll assign it to you