lookyloo/config/modules.json.sample

{
  "VirusTotal": {
    "apikey": null,
    "trustenv": false,
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "PhishingInitiative": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "FOX": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "Pandora": {
    "url": "http://127.0.0.1:6100",
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "SaneJS": {
    "enabled": true,
    "allow_auto_trigger": true
  },
  "MultipleMISPs": {
    "default": "MISP",
    "instances": {
      "MISP": {
        "apikey": null,
        "url": "https://misp.url",
        "verify_tls_cert": true,
        "timeout": 10,
        "enable_lookup": false,
        "enable_push": false,
        "default_tags": [
          "source:lookyloo"
        ],
        "auto_publish": false,
        "allow_auto_trigger": false
      }
    }
  },
  "UniversalWhois": {
    "enabled": false,
    "ipaddress": "127.0.0.1",
    "port": 4243,
    "allow_auto_trigger": true
  },
  "UrlScan": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false,
    "force_visibility": false
  },
  "Phishtank": {
    "enabled": false,
    "url": "https://phishtankapi.circl.lu/",
    "allow_auto_trigger": true
  },
  "URLhaus": {
    "enabled": false,
    "url": "https://urlhaus-api.abuse.ch/v1/",
    "allow_auto_trigger": true
  },
  "Hashlookup": {
    "enabled": false,
    "url": "https://hashlookup.circl.lu/",
    "allow_auto_trigger": true
  },
  "RiskIQ": {
    "user": null,
    "apikey": null,
    "allow_auto_trigger": false,
    "default_first_seen_in_days": 5
  },
  "CIRCLPDNS": {
    "user": null,
    "password": null,
    "allow_auto_trigger": false
  },
  "_notes": {
    "apikey": "null disables the module. Pass a string otherwise.",
    "autosubmit": "Automatically submits the URL to the 3rd party service.",
    "allow_auto_trigger": "Allow auto trigger per module: some (i.e. VT) can be very expensive",
    "VirusTotal": "Module to query Virustotal: https://www.virustotal.com/",
    "PhishingInitiative": "Module to query phishing initiative: https://phishing-initiative.fr/contrib/",
    "SaneJS": "Module to query SaneJS: https://github.com/Lookyloo/sanejs",
    "MultipleMISPs": "Module to query one or more MISP(s): https://www.misp-project.org/",
    "UniversalWhois": "Module to query a local instance of uWhoisd: https://github.com/Lookyloo/uwhoisd",
    "UrlScan": "Module to query urlscan.io",
    "Phishtank": "Module to query Phishtank Lookup (https://github.com/Lookyloo/phishtank-lookup). URL set to none means querying the public instance.",
    "URLhaus": "Module to query URL Haus.",
    "Hashlookup": "Module to query Hashlookup (https://github.com/adulau/hashlookup-server). URL set to none means querying the public instance.",
    "FOX": "Submission only interface by and for CCCS",
    "Pandora": "Submission only interface for https://github.com/pandora-analysis/",
    "RiskIQ": "Module to query RiskIQ (https://community.riskiq.com/)",
    "CIRCLPDNS": "Module to query CIRCL Passive DNS (https://www.circl.lu/services/passive-dns/)"
  }
}
new: Add config files, initial support for 3rd party modules 2020-03-31 14:12:49 +02:00			`{`
			`"VirusTotal": {`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`"apikey": null,`
Add VT module trustenv Added "trustenv" config parameter for the VT module 2024-03-13 21:32:53 +01:00			`"trustenv": false,`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"autosubmit": false,`
			`"allow_auto_trigger": false`
chg: Improve popup, make sanejs a module, cache 2020-05-19 17:47:55 +02:00			`},`
new: Phishing Initiative module 2020-06-09 15:06:35 +02:00			`"PhishingInitiative": {`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`"apikey": null,`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"autosubmit": false,`
			`"allow_auto_trigger": false`
new: Phishing Initiative module 2020-06-09 15:06:35 +02:00			`},`
new: autosubmit to FOX, bump deps 2022-05-02 13:04:55 +02:00			`"FOX": {`
			`"apikey": null,`
			`"autosubmit": false,`
			`"allow_auto_trigger": false`
			`},`
new: Submit to Pandora button for file URLs 2022-08-23 17:48:36 +02:00			`"Pandora": {`
			`"url": "http://127.0.0.1:6100",`
			`"autosubmit": false,`
			`"allow_auto_trigger": false`
			`},`
chg: Improve popup, make sanejs a module, cache 2020-05-19 17:47:55 +02:00			`"SaneJS": {`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"enabled": true,`
			`"allow_auto_trigger": true`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`},`
new: (WiP) Add support for multiple MISPs 2023-08-28 17:25:55 +02:00			`"MultipleMISPs": {`
			`"default": "MISP",`
			`"instances": {`
			`"MISP": {`
			`"apikey": null,`
			`"url": "https://misp.url",`
			`"verify_tls_cert": true,`
			`"timeout": 10,`
			`"enable_lookup": false,`
			`"enable_push": false,`
			`"default_tags": [`
			`"source:lookyloo"`
			`],`
			`"auto_publish": false,`
			`"allow_auto_trigger": false`
			`}`
			`}`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`},`
new: Add support for uwhoisd 2021-04-26 00:52:08 +02:00			`"UniversalWhois": {`
			`"enabled": false,`
			`"ipaddress": "127.0.0.1",`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"port": 4243,`
			`"allow_auto_trigger": true`
new: Add support for uwhoisd 2021-04-26 00:52:08 +02:00			`},`
new: Integration with urlscan.io 2021-08-10 17:38:47 +02:00			`"UrlScan": {`
			`"apikey": null,`
			`"autosubmit": false,`
chg: Improve urlscan support, get results. 2021-08-11 15:26:12 +02:00			`"allow_auto_trigger": false,`
			`"force_visibility": false`
new: Integration with urlscan.io 2021-08-10 17:38:47 +02:00			`},`
new: Phishtank lookup. 2021-09-16 16:33:44 +02:00			`"Phishtank": {`
			`"enabled": false,`
new: Hashlookup integration 2021-11-30 14:59:48 +01:00			`"url": "https://phishtankapi.circl.lu/",`
			`"allow_auto_trigger": true`
			`},`
new: URL Haus module Related: #505 2022-11-30 17:52:12 +01:00			`"URLhaus": {`
			`"enabled": false,`
			`"url": "https://urlhaus-api.abuse.ch/v1/",`
			`"allow_auto_trigger": true`
			`},`
new: Hashlookup integration 2021-11-30 14:59:48 +01:00			`"Hashlookup": {`
			`"enabled": false,`
			`"url": "https://hashlookup.circl.lu/",`
new: Phishtank lookup. 2021-09-16 16:33:44 +02:00			`"allow_auto_trigger": true`
			`},`
new: Very basic RiskIQ support for PDNS. 2022-07-15 18:53:49 +02:00			`"RiskIQ": {`
			`"user": null,`
			`"apikey": null,`
chg: Improve RiskIQ module 2022-07-18 13:08:26 +02:00			`"allow_auto_trigger": false,`
fix: Typo in modules config file 2022-07-19 11:24:14 +02:00			`"default_first_seen_in_days": 5`
new: Very basic RiskIQ support for PDNS. 2022-07-15 18:53:49 +02:00			`},`
new: CIRCL Passive DNS module 2023-12-12 16:19:01 +01:00			`"CIRCLPDNS": {`
			`"user": null,`
			`"password": null,`
			`"allow_auto_trigger": false`
			`},`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`"_notes": {`
			`"apikey": "null disables the module. Pass a string otherwise.",`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`"autosubmit": "Automatically submits the URL to the 3rd party service.",`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"allow_auto_trigger": "Allow auto trigger per module: some (i.e. VT) can be very expensive",`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`"VirusTotal": "Module to query Virustotal: https://www.virustotal.com/",`
			`"PhishingInitiative": "Module to query phishing initiative: https://phishing-initiative.fr/contrib/",`
			`"SaneJS": "Module to query SaneJS: https://github.com/Lookyloo/sanejs",`
fix: Doc for MultipleMISPs in config file 2023-08-29 17:33:33 +02:00			`"MultipleMISPs": "Module to query one or more MISP(s): https://www.misp-project.org/",`
fix: Missing doc for urlscan module 2021-08-11 15:36:49 +02:00			`"UniversalWhois": "Module to query a local instance of uWhoisd: https://github.com/Lookyloo/uwhoisd",`
new: Phishtank lookup. 2021-09-16 16:33:44 +02:00			`"UrlScan": "Module to query urlscan.io",`
new: Hashlookup integration 2021-11-30 14:59:48 +01:00			`"Phishtank": "Module to query Phishtank Lookup (https://github.com/Lookyloo/phishtank-lookup). URL set to none means querying the public instance.",`
new: URL Haus module Related: #505 2022-11-30 17:52:12 +01:00			`"URLhaus": "Module to query URL Haus.",`
new: autosubmit to FOX, bump deps 2022-05-02 13:04:55 +02:00			`"Hashlookup": "Module to query Hashlookup (https://github.com/adulau/hashlookup-server). URL set to none means querying the public instance.",`
new: Very basic RiskIQ support for PDNS. 2022-07-15 18:53:49 +02:00			`"FOX": "Submission only interface by and for CCCS",`
new: Submit to Pandora button for file URLs 2022-08-23 17:48:36 +02:00			`"Pandora": "Submission only interface for https://github.com/pandora-analysis/",`
fix: Add missing entry in _notes 2023-12-12 17:08:58 +01:00			`"RiskIQ": "Module to query RiskIQ (https://community.riskiq.com/)",`
			`"CIRCLPDNS": "Module to query CIRCL Passive DNS (https://www.circl.lu/services/passive-dns/)"`
new: Add config files, initial support for 3rd party modules 2020-03-31 14:12:49 +02:00			`}`
			`}`