lookyloo/config/modules.json.sample

{
  "VirusTotal": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "PhishingInitiative": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "FOX": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false
  },
  "SaneJS": {
    "enabled": true,
    "allow_auto_trigger": true
  },
  "MISP": {
    "apikey": null,
    "url": "https://misp.url",
    "verify_tls_cert": true,
    "timeout": 10,
    "enable_lookup": false,
    "enable_push": false,
    "default_tags": [],
    "auto_publish": false,
    "allow_auto_trigger": false
  },
  "UniversalWhois": {
    "enabled": false,
    "ipaddress": "127.0.0.1",
    "port": 4243,
    "allow_auto_trigger": true
  },
  "UrlScan": {
    "apikey": null,
    "autosubmit": false,
    "allow_auto_trigger": false,
    "force_visibility": false
  },
  "Phishtank": {
    "enabled": false,
    "url": "https://phishtankapi.circl.lu/",
    "allow_auto_trigger": true
  },
  "Hashlookup": {
    "enabled": false,
    "url": "https://hashlookup.circl.lu/",
    "allow_auto_trigger": true
  },
  "RiskIQ": {
    "user": null,
    "apikey": null,
    "allow_auto_trigger": false,
    "default_first_seen_in_days": 5
  },
  "_notes": {
    "apikey": "null disables the module. Pass a string otherwise.",
    "autosubmit": "Automatically submits the URL to the 3rd party service.",
    "allow_auto_trigger": "Allow auto trigger per module: some (i.e. VT) can be very expensive",
    "VirusTotal": "Module to query Virustotal: https://www.virustotal.com/",
    "PhishingInitiative": "Module to query phishing initiative: https://phishing-initiative.fr/contrib/",
    "SaneJS": "Module to query SaneJS: https://github.com/Lookyloo/sanejs",
    "MISP": "Module to query MISP: https://www.misp-project.org/",
    "UniversalWhois": "Module to query a local instance of uWhoisd: https://github.com/Lookyloo/uwhoisd",
    "UrlScan": "Module to query urlscan.io",
    "Phishtank": "Module to query Phishtank Lookup (https://github.com/Lookyloo/phishtank-lookup). URL set to none means querying the public instance.",
    "Hashlookup": "Module to query Hashlookup (https://github.com/adulau/hashlookup-server). URL set to none means querying the public instance.",
    "FOX": "Submission only interface by and for CCCS",
    "RiskIQ": "Module to query RiskIQ (https://community.riskiq.com/)"
  }
}
new: Add config files, initial support for 3rd party modules 2020-03-31 14:12:49 +02:00			`{`
			`"VirusTotal": {`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`"apikey": null,`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"autosubmit": false,`
			`"allow_auto_trigger": false`
chg: Improve popup, make sanejs a module, cache 2020-05-19 17:47:55 +02:00			`},`
new: Phishing Initiative module 2020-06-09 15:06:35 +02:00			`"PhishingInitiative": {`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`"apikey": null,`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"autosubmit": false,`
			`"allow_auto_trigger": false`
new: Phishing Initiative module 2020-06-09 15:06:35 +02:00			`},`
new: autosubmit to FOX, bump deps 2022-05-02 13:04:55 +02:00			`"FOX": {`
			`"apikey": null,`
			`"autosubmit": false,`
			`"allow_auto_trigger": false`
			`},`
chg: Improve popup, make sanejs a module, cache 2020-05-19 17:47:55 +02:00			`"SaneJS": {`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"enabled": true,`
			`"allow_auto_trigger": true`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`},`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`"MISP": {`
			`"apikey": null,`
			`"url": "https://misp.url",`
new: Add push to MISP feature 2021-01-28 18:37:44 +01:00			`"verify_tls_cert": true,`
chg: Add support to timeout in the MISP module 2021-02-01 13:01:44 +01:00			`"timeout": 10,`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`"enable_lookup": false,`
chg: Improve MISP export * IPs of redirects * default tags * auto publish 2021-02-01 18:07:10 +01:00			`"enable_push": false,`
			`"default_tags": [],`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"auto_publish": false,`
			`"allow_auto_trigger": false`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`},`
new: Add support for uwhoisd 2021-04-26 00:52:08 +02:00			`"UniversalWhois": {`
			`"enabled": false,`
			`"ipaddress": "127.0.0.1",`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"port": 4243,`
			`"allow_auto_trigger": true`
new: Add support for uwhoisd 2021-04-26 00:52:08 +02:00			`},`
new: Integration with urlscan.io 2021-08-10 17:38:47 +02:00			`"UrlScan": {`
			`"apikey": null,`
			`"autosubmit": false,`
chg: Improve urlscan support, get results. 2021-08-11 15:26:12 +02:00			`"allow_auto_trigger": false,`
			`"force_visibility": false`
new: Integration with urlscan.io 2021-08-10 17:38:47 +02:00			`},`
new: Phishtank lookup. 2021-09-16 16:33:44 +02:00			`"Phishtank": {`
			`"enabled": false,`
new: Hashlookup integration 2021-11-30 14:59:48 +01:00			`"url": "https://phishtankapi.circl.lu/",`
			`"allow_auto_trigger": true`
			`},`
			`"Hashlookup": {`
			`"enabled": false,`
			`"url": "https://hashlookup.circl.lu/",`
new: Phishtank lookup. 2021-09-16 16:33:44 +02:00			`"allow_auto_trigger": true`
			`},`
new: Very basic RiskIQ support for PDNS. 2022-07-15 18:53:49 +02:00			`"RiskIQ": {`
			`"user": null,`
			`"apikey": null,`
chg: Improve RiskIQ module 2022-07-18 13:08:26 +02:00			`"allow_auto_trigger": false,`
fix: Typo in modules config file 2022-07-19 11:24:14 +02:00			`"default_first_seen_in_days": 5`
new: Very basic RiskIQ support for PDNS. 2022-07-15 18:53:49 +02:00			`},`
new: Config option for Flask IP and Port, reorganize config loading 2020-09-21 16:41:30 +02:00			`"_notes": {`
			`"apikey": "null disables the module. Pass a string otherwise.",`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`"autosubmit": "Automatically submits the URL to the 3rd party service.",`
chg: Improve module auto trigger 2021-05-20 00:03:07 +02:00			`"allow_auto_trigger": "Allow auto trigger per module: some (i.e. VT) can be very expensive",`
new: config to interact with a MISP instance 2021-01-28 12:46:52 +01:00			`"VirusTotal": "Module to query Virustotal: https://www.virustotal.com/",`
			`"PhishingInitiative": "Module to query phishing initiative: https://phishing-initiative.fr/contrib/",`
			`"SaneJS": "Module to query SaneJS: https://github.com/Lookyloo/sanejs",`
new: Add support for uwhoisd 2021-04-26 00:52:08 +02:00			`"MISP": "Module to query MISP: https://www.misp-project.org/",`
fix: Missing doc for urlscan module 2021-08-11 15:36:49 +02:00			`"UniversalWhois": "Module to query a local instance of uWhoisd: https://github.com/Lookyloo/uwhoisd",`
new: Phishtank lookup. 2021-09-16 16:33:44 +02:00			`"UrlScan": "Module to query urlscan.io",`
new: Hashlookup integration 2021-11-30 14:59:48 +01:00			`"Phishtank": "Module to query Phishtank Lookup (https://github.com/Lookyloo/phishtank-lookup). URL set to none means querying the public instance.",`
new: autosubmit to FOX, bump deps 2022-05-02 13:04:55 +02:00			`"Hashlookup": "Module to query Hashlookup (https://github.com/adulau/hashlookup-server). URL set to none means querying the public instance.",`
new: Very basic RiskIQ support for PDNS. 2022-07-15 18:53:49 +02:00			`"FOX": "Submission only interface by and for CCCS",`
			`"RiskIQ": "Module to query RiskIQ (https://community.riskiq.com/)"`
new: Add config files, initial support for 3rd party modules 2020-03-31 14:12:49 +02:00			`}`
			`}`