{ "VirusTotal": { "apikey": null, "autosubmit": false, "allow_auto_trigger": false }, "PhishingInitiative": { "apikey": null, "autosubmit": false, "allow_auto_trigger": false }, "FOX": { "apikey": null, "autosubmit": false, "allow_auto_trigger": false }, "Pandora": { "url": "http://127.0.0.1:6100", "autosubmit": false, "allow_auto_trigger": false }, "SaneJS": { "enabled": true, "allow_auto_trigger": true }, "MultipleMISPs": { "default": "MISP", "instances": { "MISP": { "apikey": null, "url": "https://misp.url", "verify_tls_cert": true, "timeout": 10, "enable_lookup": false, "enable_push": false, "default_tags": [ "source:lookyloo" ], "auto_publish": false, "allow_auto_trigger": false } } }, "UniversalWhois": { "enabled": false, "ipaddress": "127.0.0.1", "port": 4243, "allow_auto_trigger": true }, "UrlScan": { "apikey": null, "autosubmit": false, "allow_auto_trigger": false, "force_visibility": false }, "Phishtank": { "enabled": false, "url": "https://phishtankapi.circl.lu/", "allow_auto_trigger": true }, "URLhaus": { "enabled": false, "url": "https://urlhaus-api.abuse.ch/v1/", "allow_auto_trigger": true }, "Hashlookup": { "enabled": false, "url": "https://hashlookup.circl.lu/", "allow_auto_trigger": true }, "RiskIQ": { "user": null, "apikey": null, "allow_auto_trigger": false, "default_first_seen_in_days": 5 }, "_notes": { "apikey": "null disables the module. Pass a string otherwise.", "autosubmit": "Automatically submits the URL to the 3rd party service.", "allow_auto_trigger": "Allow auto trigger per module: some (i.e. VT) can be very expensive", "VirusTotal": "Module to query Virustotal: https://www.virustotal.com/", "PhishingInitiative": "Module to query phishing initiative: https://phishing-initiative.fr/contrib/", "SaneJS": "Module to query SaneJS: https://github.com/Lookyloo/sanejs", "MISP": "Module to query MISP: https://www.misp-project.org/", "UniversalWhois": "Module to query a local instance of uWhoisd: https://github.com/Lookyloo/uwhoisd", "UrlScan": "Module to query urlscan.io", "Phishtank": "Module to query Phishtank Lookup (https://github.com/Lookyloo/phishtank-lookup). URL set to none means querying the public instance.", "URLhaus": "Module to query URL Haus.", "Hashlookup": "Module to query Hashlookup (https://github.com/adulau/hashlookup-server). URL set to none means querying the public instance.", "FOX": "Submission only interface by and for CCCS", "Pandora": "Submission only interface for https://github.com/pandora-analysis/", "RiskIQ": "Module to query RiskIQ (https://community.riskiq.com/)" } }