Merge pull request #1432 from TheHive-Project/lookyloo-improvements-2

nusantara-self · web-flow · commit ad442e9dce9d · 2026-03-03T23:20:07.000+03:00
Lookyloo - support for categories
diff --git a/analyzers/Lookyloo/Lookyloo.json b/analyzers/Lookyloo/Lookyloo.json
@@ -32,6 +32,20 @@
             "multi": false,
             "required": false,
             "defaultValue": false
+        },
+        {
+            "name": "api_key",
+            "description": "Lookyloo API key. Required for setting categories on captures.",
+            "type": "string",
+            "multi": false,
+            "required": false
+        },
+        {
+            "name": "categories",
+            "description": "Categories to tag captures with. Requires an API key.",
+            "type": "string",
+            "multi": true,
+            "required": false
         }
     ],
     "registration_required": false,
diff --git a/analyzers/Lookyloo/lookyloo.py b/analyzers/Lookyloo/lookyloo.py
@@ -17,13 +17,21 @@ def __init__(self):
         self.lookyloo_instance = self.get_param("config.Lookyloo_instance", "https://lookyloo.circl.lu/") # By default, it will query the public instance of Lookyloo
         self.timeout = self.get_param("config.Capture_timeout", 120) # Default timeout set at 120s
         self.listing = self.get_param("config.Capture_listing", False) # If True, capture will appear on Lookyloo's public index page
+        self.api_key = self.get_param("config.api_key", None)
+        self.categories = self.get_param("config.categories", None)
 
         # The proxy will be automatically setup by Cortex
         self.lookyloo = LK(self.lookyloo_instance)
 
         if not self.lookyloo.is_up:  # to make sure it is up and reachable
             self.error("Lookyloo is not reachable or not up. Exit")
 
+        if self.categories and not self.api_key:
+            self.error("Categories require an API key. Please set the api_key configuration.")
+
+        if self.api_key:
+            self.lookyloo.init_apikey(apikey=self.api_key)
+
     def summary(self, raw):
         taxonomies = []
         level = "info" # Put the report in blue
@@ -91,7 +99,7 @@ def submit(self, site):
         print("Submitting the url " + site + " to Lookyloo")
         # parameter listing: If False, the capture will be not be on the publicly accessible index page of lookyloo
         # parameter quiet: Returns the UUID only, instead of the whole URL
-        return self.lookyloo.submit(url=site, listing=self.listing, quiet=True)
+        return self.lookyloo.submit(url=site, listing=self.listing, categories=self.categories, quiet=True)
 
     # Query Lookyloo each seconds to get status. If status is 1 (capture OK), then return.
     # If timeout of 120s is exceeded, return the status code
