{ "loglevel": "INFO", "only_global_lookups": true, "public_instance": false, "public_domain": "lookyloo.myorg.local", "website_listen_ip": "0.0.0.0", "website_listen_port": 5100, "systemd_service_name": "lookyloo", "default_public": true, "users": {}, "time_delta_on_index": { "weeks": 1, "days": 0, "hours": 0 }, "async_capture_processes": 1, "use_user_agents_users": false, "enable_default_blur_screenshot": false, "show_project_page": true, "enable_context_by_users": false, "enable_categorization": false, "enable_bookmark": false, "auto_trigger_modules": false, "enable_mail_notification": false, "remote_lacus": { "enable": false, "url": "" }, "monitoring": { "enable": false, "url": "http://127.0.0.1:5200" }, "tor_proxy": { "server": "socks5://127.0.0.1:9050" }, "global_proxy": { "enable": false, "server": "", "username": "", "password": "" }, "email": { "from": "Lookyloo ", "to": "Investigation Team ", "subject": "Capture from Lookyloo to review", "smtp_host": "localhost", "smtp_port": "25", "confirm_message": "Message the users need to confirm before they submit a notification.", "defang_urls": true }, "email_smtp_auth": { "auth": false, "smtp_user":"johndoe@myorg.local", "smtp_pass":"password", "smtp_use_starttls": true, "verify_certificate": true }, "priority": { "sources": { "web": 10, "api": 0 }, "users": { "_default_auth": 5, "_default_anon": 0, "admin": 10 } }, "hide_captures_with_error": false, "archive": 180, "max_capture_time": 3600, "max_tree_create_time": 120, "s3fs": { "archive_on_s3fs": false, "config": { "key": "", "secret": "", "endpoint_url": "", "bucket_name": "" } }, "index_everything": false, "_notes": { "loglevel": "(lookyloo) Can be one of the value listed here: https://docs.python.org/3/library/logging.html#levels", "only_global_lookups": "Set it to True if your instance is publicly available so users aren't able to scan your internal network", "public_instance": "true means disabling features deemed unsafe on a public instance (such as indexing private captures)", "public_domain": "Domain where the instance can be reached. Used for permalinks (e-mail, MISP export).", "website_listen_ip": "IP Flask will listen on. Defaults to 0.0.0.0, meaning all interfaces.", "website_listen_port": "Port Flask will listen on.", "systemd_service_name": "(Optional) Name of the systemd service if your project has one.", "default_public": "If true, the capture is public and will be visible on the index page by default (can be unticked on the capture page).", "users": "It is some kind of an admin accounts. Format: {username: password}", "time_delta_on_index": "Time interval of the capture displayed on the index", "async_capture_processes": "Number of async_capture processes to start. This should not be higher than the number of splash instances you have running. A very high number will use *a lot* of ram.", "use_user_agents_users": "Only usable for medium/high use instances: use the user agents of the users of the platform", "enable_default_blur_screenshot": "If true, blur the screenshot by default (useful on public instances)", "show_project_page": "If true, display a ribbon with a link to the githug projects page at the top right side of the screen", "enable_context_by_users": "Allow the users to add context to a response body", "enable_categorization": "Allow the users to add contextualization to a capture", "enable_bookmark": "Allow to bookmark nodes on tree", "auto_trigger_modules": "Automatically trigger the modules when the tree is loaded and when the capture is cached", "enable_mail_notification": "Allow users to notify a pre-configured email address about a specific capture", "remote_lacus": "By default, lookyloo will do the capture locally. Enabling this feature means you have a dedicated Lacus instance somewhere", "monitoring": "Enable connection to a remote monitoring instance", "tor_proxy": "URL to connect to a SOCKS 5 proxy for tor - If you capture via a lacus instance, this value is ignored", "global_proxy": "Proxy configuration to use for *all* the requests (except .onions) - If you capture via a lacus instance, this value is ignored", "email": "Configuration for sending email notifications.", "email_smtp_auth": "Email SMTP auth configuration", "priority": "Define the priority of a new capture. A capture from the web interface has priority over a capture from the API, same for authenticated user vs. anonymous.", "hide_captures_with_error": "Capturing an URL may result in an error (domain non-existent, HTTP error, ...). They may be useful to see, but if you have a public instance, they will clutter the index.", "archive": "The captures older than this value (in days) will be archived. They're not cached by default in the Lookyloo class.", "max_capture_time": "The very maximal time we allow a capture to keep going. Should only be triggered by captures that cause playwright to never quit.", "max_tree_create_time": "The max time the generation of a tree is allowed to take", "s3fs": "The config to access a S3FS instance with the s3fs python module - it is not integrated properly for now as it requires urllib < 2.0 which is a non-started at this stage.", "index_everything": "If true, index every capture, even if it's not public. This feature requires a dedicated kvrocks instance, and is only accessible when logged-in as admin." } }