Skip to main content

Detonate URL - JoeSecurity

This Playbook is part of the Joe Security Pack.#


Use the joe-submit-url command instead.

Deprecated. Use the joe-submit-url command instead.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • Joe Security


  • Set


  • joe-analysis-info
  • joe-download-report
  • joe-analysis-submit-url

Playbook Inputs#

NameDescriptionDefault ValueRequired
URLURL to detonate.URL.DataOptional
IntervalDuration for executing the pooling (in minutes)1Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes)15Optional
SystemsOperating system to run the analysis on (comma-separated). Supported values are: w7, w7x64, w7_1, w7_2, w7native, android2, android3, mac1, w7l, w7x64l, w10, android4, w7x64native, w7_3, w10native, android5native_1, w7_4, w7_5, w10x64, w7x64_hvm, android6, iphone1, w7_sec, macvm, w7_lang_packs, w7x64native_hvm, lnxubuntu1, lnxcentos1, android7_nougatOptional
CommentsComments for the analysis.Optional
InternetAccessEnable internet access (boolean). True= internet access (default), False= no internet access.TrueOptional
ReportFileTypeThe resource type to download. Default is html. Supported values are: html, lighthtml, executive, pdf, classhtml, xml, lightxml, classxml, clusterxml, irxml, json, jsonfixed, lightjson, lightjsonfixed, irjson, irjsonfixed, shoots (screenshots), openioc, maec, misp, graphreports, memstrings, binstrings, sample, cookbook, bins (dropped files), unpackpe (unpacked PE files), unpack, ida, pcap, pcapslim, memdumps, yarahtmlOptional

Playbook Outputs#

DBotScore.VendorThe vendor used to calculate the score.string
Joe.Analysis.IDWeb IDstring
Joe.Analysis.StatusAnalysis Statusstring
Joe.Analysis.CommentsAnalysis Commentsstring
Joe.Analysis.TimeSubmitted Timedate
Joe.Analysis.RunsSub-Analysis Informationunknown
Joe.Analysis.ResultAnalysis Resultsstring
Joe.Analysis.ErrorsRaised errors during samplingunknown
Joe.Analysis.SystemsAnalysis OSunknown
Joe.Analysis.MD5MD5 of analysis samplestring
Joe.Analysis.SHA1SHA1 of analysis samplestring
Joe.Analysis.SHA256SHA256 of analysis samplestring
Joe.Analysis.SampleNameSample Data, could be a file name or URLstring
DBotScore.IndicatorThe name of the sample file or URLstring
DBotScore.Type'url' for url samples, otherwise 'file'string
DBotScore.ScoreThe actual score.number
DBotScore.Malicious.VendorThe vendor used to calculate the score.string
DBotScore.Malicious.DetectionsThe sub analysis detection statusesstring
DBotScore.Malicious.SHA1The SHA1 of the filestring
InfoFile.EntryIDThe EntryID of the samplestring
InfoFile.SizeFile Sizenumber
InfoFile.TypeFile type e.g. "PE"string
InfoFile.InfoBasic information of the filestring
File.ExtensionFile Extensionstring
InfoFileReport file objectunknown
FileFile objectunknown
Joe.AnalysisJoe analysis objectunknown
DBotScoreDBotScore objectunknown
DBotScore.MaliciousDBotScore malicious objectunknown

Playbook Image#

Detonate URL - JoeSecurity