Share via


Webhood URL Scanner (Preview)

This is the Swagger 2.0 schema for the Webhood URL scanner API

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Webhood
URL https://webhood.io
Email contact@webhood.io
Connector Metadata
Publisher Webhood
Find out more about Webhood URL Scanner https://docs.microsoft.com/connectors/webhoodurlscanner
Website https://www.webhood.io
Privacy policy https://www.webhood.io/docs/about/privacy
Categories Security;IT Operations

Webhood is a private URL scanner used by threat hunters and security analysts for analyzing phishing and malicious sites. This connector allows you to control scans using Azure Logic Apps and Power Automate.

Prerequisites

  • Webhood instance

The Webhood instance can be self-hosted by following the Webhood URL Scanner deployment instructions. The connector is tested with the latest version of Webhood.

You can also get a hosted version of Webhood by signing up at Webhood Cloud.

  • API key

The API key is used to authenticate the connector to the Webhood instance. See Obtaining Credentials for instructions on how to create an API key.

  • Valid https certificate for the Webhood instance if using HTTPS (required for Power Automate)

How to get credentials

  1. Login to your Webhood instance with an admin account.
  2. Go to Settings -> Accounts -> API Tokens to create a new API key.
  3. Select Add Token and select scanner as the role.
  4. Copy the generated API key (Token) and use it as the API Key in the connector.

The API key will be displayed only once as it is not stored in your Webhood instance.

Note that all API keys expire after 365 days. You can create a new API key at any time. If you want to revoke an API key, you can delete it from the Webhood instance by selecting Revoke. We recommend you note down ID of the token so that you can identify it later.

Get started with your connector

The key feature of this connector is the ability to scan URLs for phishing and malicious content. The connector provides actions to create a new scan, get past scans, get scan by ID, and get screenshot by scan ID.

This enables you to automate the scanning process and integrate it with other services. For example, you can create a new scan when a new URL is added to a SharePoint list, or get the scan results when a scan is completed.

You can also integrate this connector with Microsoft Sentinel to automatically scan URLs from security alerts.

Simple example flow:

  1. Create a new scan - Trigger a new scan for a URL with an input e.g. https://example.com.
  2. Get scan by ID - Get the scan details by providing the scan ID from the previous step.
  3. Loop until the scan status is done or error.
  4. Output a link to the scan results by combining slug from step 2. with the URL of your Webhood instance, for example https://yourwebhoodinstance.example/scan/{slug}.

The following example shows a Sentinel playbook with an Entity trigger:

Example Sentinel flow in Azure Logic Apps

Known issues and limitations

  • The Get screenshot by scan ID returns a screenshot of the site. However, there is currently no way to display the image in Power Automate. Simple workaround is to use the Get scan by ID action to get the url and open it in a browser.

Common errors and remedies

  • Error: 401 Unauthorized - The API key is invalid or expired.
  • Scan stays in pending status for a long time - Make sure you have deployed a Scanner instance and it is running. Check the Scanner logs for any errors.

FAQ

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
API Token securestring The API Token for your Webhood instance True
Webhood URL string Specify URL of your Webhood instance True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Create a new scan

Create a new scan to be initiated by the scanner

Get past scans, optionally filter by status

Returns past scans, optionally filtered by status

Get scan by ID

Returns a single scan

Get screenshot by Scan ID

Returns a screenshot of a successful scan

Create a new scan

Create a new scan to be initiated by the scanner

Parameters

Name Key Required Type Description
Target URL
url string

Specify URL to be scanned

Returns

Body
Scan

Get past scans, optionally filter by status

Returns past scans, optionally filtered by status

Parameters

Name Key Required Type Description
Scan Status
status string

Status values that need to be considered for filter

Returns

response
array of Scan

Get scan by ID

Returns a single scan

Parameters

Name Key Required Type Description
Scan ID
scanId True string

ID of scan to return

Returns

Body
Scan

Get screenshot by Scan ID

Returns a screenshot of a successful scan

Parameters

Name Key Required Type Description
Scan ID
scanId True string

ID of scan to return screenshot from

Definitions

Scan

Name Path Type Description
Scan ID
id string

Unique identifier for the scan

Created
created date-time

Date and time when the scan was created

Updated
updated date-time

Date and time when the scan was last updated

Done At
done_at date-time

Date and time when the scan was completed

Slug
slug string

Unique identifier for the scan that can be used to generate a link to the scan

Scan URL
url string

URL that was scanned

Final URL
final_url string

URL that was scanned after redirects

Status
status string

Scan Status

Screenshot List
screenshots array of string

Identifiers for files containing the screenshots

HTML List
html array of string

Identifiers for other files gathered during the scan

Error Description
error string

Description of what error occurred during the scan if the scan did not finish successfully