www.lookyloo.eu Open in urlscan Pro
2606:50c0:8000::153  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Lookyloo


LOOKYLOO

 * * What is Lookyloo?
     * Use Cases
       * Phishing Use Case
     * Concepts
       * Implementation Details
       * Glossary
     * Other Tools
   * Installing Lookyloo
     * Prerequisites for windows
     * Install Lookyloo
     * Installing Lookyloo for Production
     * Main configuration options
     * Update Lookyloo
   * Using Lookyloo
     * Lookyloo Interface
     * Integration with 3rd party tools
     * Authentication
     * Capture with Pre-defined Cookies
     * Lookyloo Tutorial
     * Lookyloo Web Extension
   * API
     * PyLookyloo
     * REST Interface
   * Dev corner
     * Release procedure
     * Developers documentation
   * Contributing to Lookyloo
     * Contributor Guide
       * Using Git
     * Contributing to Docs
       * Style Guide
     * Code of Conduct

Lookyloo main
 * Lookyloo
   * main

 * Lookyloo

Edit this Page


LOOKYLOO


CONTENTS

 * What is a Lookyloo?
 * What is Lookyloo?
 * Standalone projects with Lookyloo connectors
 * Lacus
 * Monitoring
 * Universal Whois
 * Pandora
 * MISP
 * Learn More
 * Follow us

With Lookyloo you can dissect a website while it is in motion.

Lookyloo is a web interface that captures a webpage and then displays a tree of
the domains, that call each other.


WHAT IS A LOOKYLOO?

Per the definition on Urban Dictionary:

 1. People who just come to look.

 2. People who go out of their way to look at people or something often causing
    crowds and more disruption.

 3. People who enjoy staring at or watching other people’s misfortune.
    Oftentimes car onlookers to car accidents.

Same as Looky Lou; often spelled as Looky-loo (hyphen) or lookylou. In L.A.
usually the lookyloos cause more accidents by not paying full attention to what
is ahead of them.


WHAT IS LOOKYLOO?

More seriously, have a look at what lookyloo is, and at some of our use cases.


STANDALONE PROJECTS WITH LOOKYLOO CONNECTORS

The goal is to keep Lookyloo as focused as possible on the rendering of URLs an
ease their investigation but there are quite a few usecases that are either
covered by other tools that existed before, or required custom development.


LACUS

Initially, the code using Playwright to capture URLs was integrated to Lookyloo
itself with PlaywrightCapture but capturing an URL is a fairly common task (see
Ail Framework) so it made sense to split it into a dedicated and standalone
project called lacus. The advantage of using Lacus is that you can run the
browsers loading arbitrary URLs on a dedicated machine that could potentially be
compromised. PyLacus is the python module ou can use to integrate Lacus with
your own tool.

Note that Lookyloo itself doesn’t requires a standalone lacus as it will
fallback to LacusCore and run the capture on the same machine. If you want to
implement a similar fallback mechanism to be able to either pick PyLacus or
Lacuscore in your own project, have a look at the documentations of the
respective projects, the API is made in a way it is relatively easy.


MONITORING

Capturing one single URL is nice, but sometimes you want to monitor it. It can
either be in order to see if something unexpected changes (defacement), but also
to be informed when a phishing website has been taken down, or to be informed
when a newly registered domain that was a parking page becomes something else.
That’s where the monitoring platform becomes useful. When enabled, you can
trigger a monitoring session from Lookyloo, or via the python module,
PyLookylooMonitoring.

The monitoring plarform will automatically notify you when something changes
between the last two captures. The diff is done on all the URLs up to the final
redirect, and by comparing the ressources loaded on that page (with the
possibility to exclude some).


UNIVERSAL WHOIS

In order to get contact info for IPs and domains, it is handy to be able to get
the relevant whois entry. uWhois will do that, but also keep a record of that
entry, offering a WhoWas service too.


PANDORA

Sometime, URLs point to a file, and Lookyloo itself can’t do anything with that
so if you enable the Pandora connector, you can submit that file (or any file
encountered during the capture) to a Pandora instance and investigate it from
there.

And if your pandora is configured that way, you can also submit a URL from there
to Lookyloo.


MISP

Lookyloo will extract a lot of indicators out of the URL captures, and these
indicators will be correlated across the captures on that lookyloo instance. It
is not made (and won’t be) to either search on other Lookyloo instance, or share
indicators with other systems (but you could implement it yourself using
PyLookyloo if you really want to). The recommended way to do that is to use MISP
as a storing/sharing platform for the indicators.


LEARN MORE

Read through our documentation for more information. Please also visit our
GitHub repo and join our organization.


FOLLOW US

Check out our public instance at https://lookyloo.circl.lu/

 * Lookyloo Organization on GitHub

 * Lookyloo Repository

 * Twitter


CONTENTS

 * What is a Lookyloo?
 * What is Lookyloo?
 * Standalone projects with Lookyloo connectors
 * Lacus
 * Monitoring
 * Universal Whois
 * Pandora
 * MISP
 * Learn More
 * Follow us