Inspector is a series of tools that helps bootstrap investigations into web malware (trackers, etc.)
How it works
Inspector loads in a web page from a URL (or a local HAR file) and generates an HTTP Archive (HAR file) from it and saves it in ~/better.fyi/archive/.
It then analyses the HAR file and:
- Generates a draft entry for the site itself under ~/better.fyi/drafts/sites/
- Generates a draft list of third-party content that is accessed by the site and adds them to ~/better.fyi/drafts/trackers/
- Non-destructively updates the list of trackers in published site entries under ~/better.fyi/content/sites/
Drafts are just that, drafts. They are meant as a convenient starting point to an investigation with space to note what we find, not as final documents.
Drafts should never be checked into published content without manual review and editing.
This point cannot be stressed enough: the manual investigation and editing process is the heart and soul of Better.
Inquiry is a tool that runs inspections on the domains currently being tracked by Better.
./inspect <URL> : non-interactive ./inspect <URL> -i : interactive ./inspect -f <path> : analyse HTTP Archive file (.har/.har.gz) at path ./inquiry : start an inquiry ./inquiry --local : re-examine the existing HTTP Archives in the archive
Inspector is released under GNU AGPLv3.