The end of onlooker

Oct 01, 2020 in #infosec #onlooker #development

In this post, I am going to write a little about a side project that I have been working on for the past couple of years, onlooker.

It all started with a pastebin scraper, using the official scraping API, before they messed that up for researchers. The initial idea was to monitor all pastes to spot for any data leaks related to $dayjob.

After the pastebin scraper and a lot of refactoring, several modules were added to onlooker:

All of the modules then delivered an alert to the user, either directly, or via a simple system that allowed me to review the alert and decide if it should be released to the customer or just closed.

Over the course of the two years, there was 8 "customers" who helped beta test. Based on the 64 domains monitored, over 16,000 alerts were generated.

Shutting down onlooker has been quite a difficult choice for me given the amount of time I have put into it over the years. It has provided value, seeing registrations of typo domains, which in turn allowing customers to issue take down requests to happen within hours of registration, to capturing DNS changes for domains used to phish customers. But my time is very limited and something had to give.

RIP onlooker, we hardly knew ye.