mirror of https://github.com/CIRCL/lookyloo
122 lines
6.0 KiB
Plaintext
122 lines
6.0 KiB
Plaintext
{
|
|
"loglevel": "INFO",
|
|
"only_global_lookups": true,
|
|
"public_instance": false,
|
|
"public_domain": "lookyloo.myorg.local",
|
|
"website_listen_ip": "0.0.0.0",
|
|
"website_listen_port": 5100,
|
|
"systemd_service_name": "lookyloo",
|
|
"default_public": true,
|
|
"index_is_capture": false,
|
|
"users": {},
|
|
"time_delta_on_index": {
|
|
"weeks": 1,
|
|
"days": 0,
|
|
"hours": 0
|
|
},
|
|
"ignore_sri": false,
|
|
"async_capture_processes": 1,
|
|
"use_user_agents_users": false,
|
|
"enable_default_blur_screenshot": false,
|
|
"show_project_page": true,
|
|
"enable_context_by_users": false,
|
|
"enable_categorization": false,
|
|
"enable_bookmark": false,
|
|
"auto_trigger_modules": false,
|
|
"enable_mail_notification": false,
|
|
"remote_lacus": {
|
|
"enable": false,
|
|
"url": ""
|
|
},
|
|
"monitoring": {
|
|
"enable": false,
|
|
"url": "http://127.0.0.1:5200"
|
|
},
|
|
"tor_proxy": {
|
|
"server": "socks5://127.0.0.1:9050"
|
|
},
|
|
"global_proxy": {
|
|
"enable": false,
|
|
"server": "",
|
|
"username": "",
|
|
"password": ""
|
|
},
|
|
"email": {
|
|
"from": "Lookyloo <lookyloo@myorg.local>",
|
|
"to": "Investigation Team <investigation_unit@myorg.local>",
|
|
"subject": "Capture from Lookyloo to review",
|
|
"smtp_host": "localhost",
|
|
"smtp_port": "25",
|
|
"confirm_message": "Message the users need to confirm before they submit a notification.",
|
|
"defang_urls": true
|
|
},
|
|
"email_smtp_auth": {
|
|
"auth": false,
|
|
"smtp_user":"johndoe@myorg.local",
|
|
"smtp_pass":"password",
|
|
"smtp_use_starttls": true,
|
|
"verify_certificate": true
|
|
},
|
|
"priority": {
|
|
"sources": {
|
|
"web": 10,
|
|
"api": 0
|
|
},
|
|
"users": {
|
|
"_default_auth": 5,
|
|
"_default_anon": 0,
|
|
"admin": 10
|
|
}
|
|
},
|
|
"hide_captures_with_error": false,
|
|
"archive": 180,
|
|
"max_capture_time": 3600,
|
|
"max_tree_create_time": 120,
|
|
"s3fs": {
|
|
"archive_on_s3fs": false,
|
|
"config": {
|
|
"key": "",
|
|
"secret": "",
|
|
"endpoint_url": "",
|
|
"bucket_name": ""
|
|
}
|
|
},
|
|
"index_everything": false,
|
|
"_notes": {
|
|
"loglevel": "(lookyloo) Can be one of the value listed here: https://docs.python.org/3/library/logging.html#levels",
|
|
"only_global_lookups": "Set it to True if your instance is publicly available so users aren't able to scan your internal network",
|
|
"public_instance": "true means disabling features deemed unsafe on a public instance (such as indexing private captures)",
|
|
"public_domain": "Domain where the instance can be reached. Used for permalinks (e-mail, MISP export).",
|
|
"website_listen_ip": "IP Flask will listen on. Defaults to 0.0.0.0, meaning all interfaces.",
|
|
"website_listen_port": "Port Flask will listen on.",
|
|
"systemd_service_name": "(Optional) Name of the systemd service if your project has one.",
|
|
"default_public": "If true, the capture is public and will be visible on the index page by default (can be unticked on the capture page).",
|
|
"index_is_capture": "If true, the capture page is the default landing page (faster for big instances).",
|
|
"users": "It is some kind of an admin accounts. Format: {username: password}",
|
|
"time_delta_on_index": "Time interval of the capture displayed on the index",
|
|
"async_capture_processes": "Number of async_capture processes to start. This should not be higher than the number of splash instances you have running. A very high number will use *a lot* of ram.",
|
|
"use_user_agents_users": "Only usable for medium/high use instances: use the user agents of the users of the platform",
|
|
"enable_default_blur_screenshot": "If true, blur the screenshot by default (useful on public instances)",
|
|
"show_project_page": "If true, display a ribbon with a link to the githug projects page at the top right side of the screen",
|
|
"enable_context_by_users": "Allow the users to add context to a response body",
|
|
"enable_categorization": "Allow the users to add contextualization to a capture",
|
|
"enable_bookmark": "Allow to bookmark nodes on tree",
|
|
"auto_trigger_modules": "Automatically trigger the modules when the tree is loaded and when the capture is cached",
|
|
"enable_mail_notification": "Allow users to notify a pre-configured email address about a specific capture",
|
|
"remote_lacus": "By default, lookyloo will do the capture locally. Enabling this feature means you have a dedicated Lacus instance somewhere",
|
|
"monitoring": "Enable connection to a remote monitoring instance",
|
|
"tor_proxy": "URL to connect to a SOCKS 5 proxy for tor - If you capture via a lacus instance, this value is ignored",
|
|
"global_proxy": "Proxy configuration to use for *all* the requests (except .onions) - If you capture via a lacus instance, this value is ignored",
|
|
"email": "Configuration for sending email notifications.",
|
|
"email_smtp_auth": "Email SMTP auth configuration",
|
|
"priority": "Define the priority of a new capture. A capture from the web interface has priority over a capture from the API, same for authenticated user vs. anonymous.",
|
|
"hide_captures_with_error": "Capturing an URL may result in an error (domain non-existent, HTTP error, ...). They may be useful to see, but if you have a public instance, they will clutter the index.",
|
|
"archive": "The captures older than this value (in days) will be archived. They're not cached by default in the Lookyloo class.",
|
|
"max_capture_time": "The very maximal time we allow a capture to keep going. Should only be triggered by captures that cause playwright to never quit.",
|
|
"max_tree_create_time": "The max time the generation of a tree is allowed to take",
|
|
"s3fs": "The config to access a S3FS instance with the s3fs python module - it is not integrated properly for now as it requires urllib < 2.0 which is a non-started at this stage.",
|
|
"index_everything": "If true, index every capture, even if it's not public. This feature requires a dedicated kvrocks instance, and is only accessible when logged-in as admin.",
|
|
"ignore_sri": "If true, the sri values are ignored and not calculated so that there are no problems while developing and testing."
|
|
}
|
|
}
|