Webhood URL Scanner (Preview)
This is the Swagger 2.0 schema for the Webhood URL scanner API
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Webhood |
URL | https://webhood.io |
[email protected] |
Connector Metadata | |
---|---|
Publisher | Webhood |
Find out more about Webhood URL Scanner | https://docs.microsoft.com/connectors/webhoodurlscanner |
Website | https://www.webhood.io |
Privacy policy | https://www.webhood.io/docs/about/privacy |
Categories | Security;IT Operations |
Webhood is a private URL scanner used by threat hunters and security analysts for analyzing phishing and malicious sites. This connector allows you to control scans using Azure Logic Apps and Power Automate.
Prerequisites
- Webhood instance
The Webhood instance can be self-hosted by following the Webhood URL Scanner deployment instructions. The connector is tested with the latest version of Webhood.
You can also get a hosted version of Webhood by signing up at Webhood Cloud.
- API key
The API key is used to authenticate the connector to the Webhood instance. See Obtaining Credentials for instructions on how to create an API key.
- Valid https certificate for the Webhood instance if using HTTPS (required for Power Automate)
How to get credentials
- Login to your Webhood instance with an admin account.
- Go to
Settings
->Accounts
->API Tokens
to create a new API key. - Select
Add Token
and selectscanner
as the role. - Copy the generated API key (
Token
) and use it as theAPI Key
in the connector.
The API key will be displayed only once as it is not stored in your Webhood instance.
Note that all API keys expire after 365 days. You can create a new API key at any time. If you want to revoke an API key, you can delete it from the Webhood instance by selecting Revoke
. We recommend you note down ID of the token so that you can identify it later.
Get started with your connector
The key feature of this connector is the ability to scan URLs for phishing and malicious content. The connector provides actions to create a new scan, get past scans, get scan by ID, and get screenshot by scan ID.
This enables you to automate the scanning process and integrate it with other services. For example, you can create a new scan when a new URL is added to a SharePoint list, or get the scan results when a scan is completed.
You can also integrate this connector with Microsoft Sentinel to automatically scan URLs from security alerts.
Simple example flow:
Create a new scan
- Trigger a new scan for a URL with an input e.g.https://example.com
.Get scan by ID
- Get the scan details by providing the scan ID from the previous step.- Loop until the scan status is
done
orerror
. - Output a link to the scan results by combining
slug
from step 2. with the URL of your Webhood instance, for examplehttps://yourwebhoodinstance.example/scan/{slug}
.
The following example shows a Sentinel playbook with an Entity trigger:
Known issues and limitations
- The
Get screenshot by scan ID
returns a screenshot of the site. However, there is currently no way to display the image in Power Automate. Simple workaround is to use theGet scan by ID
action to get theurl
and open it in a browser.
Common errors and remedies
- Error:
401 Unauthorized
- The API key is invalid or expired. - Scan stays in
pending
status for a long time - Make sure you have deployed a Scanner instance and it is running. Check the Scanner logs for any errors.
FAQ
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
API Token | securestring | The API Token for your Webhood instance | True |
Webhood URL | string | Specify URL of your Webhood instance | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Create a new scan |
Create a new scan to be initiated by the scanner |
Get past scans, optionally filter by status |
Returns past scans, optionally filtered by status |
Get scan by ID |
Returns a single scan |
Get screenshot by Scan ID |
Returns a screenshot of a successful scan |
Create a new scan
Create a new scan to be initiated by the scanner
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Target URL
|
url | string |
Specify URL to be scanned |
Returns
- Body
- Scan
Get past scans, optionally filter by status
Returns past scans, optionally filtered by status
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Scan Status
|
status | string |
Status values that need to be considered for filter |
Returns
- response
- array of Scan
Get scan by ID
Returns a single scan
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Scan ID
|
scanId | True | string |
ID of scan to return |
Returns
- Body
- Scan
Get screenshot by Scan ID
Returns a screenshot of a successful scan
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Scan ID
|
scanId | True | string |
ID of scan to return screenshot from |
Definitions
Scan
Name | Path | Type | Description |
---|---|---|---|
Scan ID
|
id | string |
Unique identifier for the scan |
Created
|
created | date-time |
Date and time when the scan was created |
Updated
|
updated | date-time |
Date and time when the scan was last updated |
Done At
|
done_at | date-time |
Date and time when the scan was completed |
Slug
|
slug | string |
Unique identifier for the scan that can be used to generate a link to the scan |
Scan URL
|
url | string |
URL that was scanned |
Final URL
|
final_url | string |
URL that was scanned after redirects |
Status
|
status | string |
Scan Status |
Screenshot List
|
screenshots | array of string |
Identifiers for files containing the screenshots |
HTML List
|
html | array of string |
Identifiers for other files gathered during the scan |
Error Description
|
error | string |
Description of what error occurred during the scan if the scan did not finish successfully |