2020-03-31 14:12:49 +02:00
|
|
|
{
|
|
|
|
"VirusTotal": {
|
2020-09-21 16:41:30 +02:00
|
|
|
"apikey": null,
|
2021-05-20 00:03:07 +02:00
|
|
|
"autosubmit": false,
|
|
|
|
"allow_auto_trigger": false
|
2020-05-19 17:47:55 +02:00
|
|
|
},
|
2020-06-09 15:06:35 +02:00
|
|
|
"PhishingInitiative": {
|
2020-09-21 16:41:30 +02:00
|
|
|
"apikey": null,
|
2021-05-20 00:03:07 +02:00
|
|
|
"autosubmit": false,
|
|
|
|
"allow_auto_trigger": false
|
2020-06-09 15:06:35 +02:00
|
|
|
},
|
2022-05-02 13:04:55 +02:00
|
|
|
"FOX": {
|
|
|
|
"apikey": null,
|
|
|
|
"autosubmit": false,
|
|
|
|
"allow_auto_trigger": false
|
|
|
|
},
|
2022-08-23 17:48:36 +02:00
|
|
|
"Pandora": {
|
|
|
|
"url": "http://127.0.0.1:6100",
|
|
|
|
"autosubmit": false,
|
|
|
|
"allow_auto_trigger": false
|
|
|
|
},
|
2020-05-19 17:47:55 +02:00
|
|
|
"SaneJS": {
|
2021-05-20 00:03:07 +02:00
|
|
|
"enabled": true,
|
|
|
|
"allow_auto_trigger": true
|
2020-09-21 16:41:30 +02:00
|
|
|
},
|
2023-08-28 17:25:55 +02:00
|
|
|
"MultipleMISPs": {
|
|
|
|
"default": "MISP",
|
|
|
|
"instances": {
|
|
|
|
"MISP": {
|
|
|
|
"apikey": null,
|
|
|
|
"url": "https://misp.url",
|
|
|
|
"verify_tls_cert": true,
|
|
|
|
"timeout": 10,
|
|
|
|
"enable_lookup": false,
|
|
|
|
"enable_push": false,
|
|
|
|
"default_tags": [
|
|
|
|
"source:lookyloo"
|
|
|
|
],
|
|
|
|
"auto_publish": false,
|
|
|
|
"allow_auto_trigger": false
|
|
|
|
}
|
|
|
|
}
|
2021-01-28 12:46:52 +01:00
|
|
|
},
|
2021-04-26 00:52:08 +02:00
|
|
|
"UniversalWhois": {
|
|
|
|
"enabled": false,
|
|
|
|
"ipaddress": "127.0.0.1",
|
2021-05-20 00:03:07 +02:00
|
|
|
"port": 4243,
|
|
|
|
"allow_auto_trigger": true
|
2021-04-26 00:52:08 +02:00
|
|
|
},
|
2021-08-10 17:38:47 +02:00
|
|
|
"UrlScan": {
|
|
|
|
"apikey": null,
|
|
|
|
"autosubmit": false,
|
2021-08-11 15:26:12 +02:00
|
|
|
"allow_auto_trigger": false,
|
|
|
|
"force_visibility": false
|
2021-08-10 17:38:47 +02:00
|
|
|
},
|
2021-09-16 16:33:44 +02:00
|
|
|
"Phishtank": {
|
|
|
|
"enabled": false,
|
2021-11-30 14:59:48 +01:00
|
|
|
"url": "https://phishtankapi.circl.lu/",
|
|
|
|
"allow_auto_trigger": true
|
|
|
|
},
|
2022-11-30 17:52:12 +01:00
|
|
|
"URLhaus": {
|
|
|
|
"enabled": false,
|
|
|
|
"url": "https://urlhaus-api.abuse.ch/v1/",
|
|
|
|
"allow_auto_trigger": true
|
|
|
|
},
|
2021-11-30 14:59:48 +01:00
|
|
|
"Hashlookup": {
|
|
|
|
"enabled": false,
|
|
|
|
"url": "https://hashlookup.circl.lu/",
|
2021-09-16 16:33:44 +02:00
|
|
|
"allow_auto_trigger": true
|
|
|
|
},
|
2022-07-15 18:53:49 +02:00
|
|
|
"RiskIQ": {
|
|
|
|
"user": null,
|
|
|
|
"apikey": null,
|
2022-07-18 13:08:26 +02:00
|
|
|
"allow_auto_trigger": false,
|
2022-07-19 11:24:14 +02:00
|
|
|
"default_first_seen_in_days": 5
|
2022-07-15 18:53:49 +02:00
|
|
|
},
|
2023-12-12 16:19:01 +01:00
|
|
|
"CIRCLPDNS": {
|
|
|
|
"user": null,
|
|
|
|
"password": null,
|
|
|
|
"allow_auto_trigger": false
|
|
|
|
},
|
2020-09-21 16:41:30 +02:00
|
|
|
"_notes": {
|
|
|
|
"apikey": "null disables the module. Pass a string otherwise.",
|
2021-01-28 12:46:52 +01:00
|
|
|
"autosubmit": "Automatically submits the URL to the 3rd party service.",
|
2021-05-20 00:03:07 +02:00
|
|
|
"allow_auto_trigger": "Allow auto trigger per module: some (i.e. VT) can be very expensive",
|
2021-01-28 12:46:52 +01:00
|
|
|
"VirusTotal": "Module to query Virustotal: https://www.virustotal.com/",
|
|
|
|
"PhishingInitiative": "Module to query phishing initiative: https://phishing-initiative.fr/contrib/",
|
|
|
|
"SaneJS": "Module to query SaneJS: https://github.com/Lookyloo/sanejs",
|
2023-08-29 17:33:33 +02:00
|
|
|
"MultipleMISPs": "Module to query one or more MISP(s): https://www.misp-project.org/",
|
2021-08-11 15:36:49 +02:00
|
|
|
"UniversalWhois": "Module to query a local instance of uWhoisd: https://github.com/Lookyloo/uwhoisd",
|
2021-09-16 16:33:44 +02:00
|
|
|
"UrlScan": "Module to query urlscan.io",
|
2021-11-30 14:59:48 +01:00
|
|
|
"Phishtank": "Module to query Phishtank Lookup (https://github.com/Lookyloo/phishtank-lookup). URL set to none means querying the public instance.",
|
2022-11-30 17:52:12 +01:00
|
|
|
"URLhaus": "Module to query URL Haus.",
|
2022-05-02 13:04:55 +02:00
|
|
|
"Hashlookup": "Module to query Hashlookup (https://github.com/adulau/hashlookup-server). URL set to none means querying the public instance.",
|
2022-07-15 18:53:49 +02:00
|
|
|
"FOX": "Submission only interface by and for CCCS",
|
2022-08-23 17:48:36 +02:00
|
|
|
"Pandora": "Submission only interface for https://github.com/pandora-analysis/",
|
2022-07-15 18:53:49 +02:00
|
|
|
"RiskIQ": "Module to query RiskIQ (https://community.riskiq.com/)"
|
2020-03-31 14:12:49 +02:00
|
|
|
}
|
|
|
|
}
|