lookyloo/config/generic.json.sample

122 lines
6.0 KiB
Plaintext

{
"loglevel": "INFO",
"only_global_lookups": true,
"public_instance": false,
"public_domain": "lookyloo.myorg.local",
"website_listen_ip": "0.0.0.0",
"website_listen_port": 5100,
"systemd_service_name": "lookyloo",
"default_public": true,
"index_is_capture": false,
"users": {},
"time_delta_on_index": {
"weeks": 1,
"days": 0,
"hours": 0
},
"ignore_sri": false,
"async_capture_processes": 1,
"use_user_agents_users": false,
"enable_default_blur_screenshot": false,
"show_project_page": true,
"enable_context_by_users": false,
"enable_categorization": false,
"enable_bookmark": false,
"auto_trigger_modules": false,
"enable_mail_notification": false,
"remote_lacus": {
"enable": false,
"url": ""
},
"monitoring": {
"enable": false,
"url": "http://127.0.0.1:5200"
},
"tor_proxy": {
"server": "socks5://127.0.0.1:9050"
},
"global_proxy": {
"enable": false,
"server": "",
"username": "",
"password": ""
},
"email": {
"from": "Lookyloo <lookyloo@myorg.local>",
"to": "Investigation Team <investigation_unit@myorg.local>",
"subject": "Capture from Lookyloo to review",
"smtp_host": "localhost",
"smtp_port": "25",
"confirm_message": "Message the users need to confirm before they submit a notification.",
"defang_urls": true
},
"email_smtp_auth": {
"auth": false,
"smtp_user":"johndoe@myorg.local",
"smtp_pass":"password",
"smtp_use_starttls": true,
"verify_certificate": true
},
"priority": {
"sources": {
"web": 10,
"api": 0
},
"users": {
"_default_auth": 5,
"_default_anon": 0,
"admin": 10
}
},
"hide_captures_with_error": false,
"archive": 180,
"max_capture_time": 3600,
"max_tree_create_time": 120,
"s3fs": {
"archive_on_s3fs": false,
"config": {
"key": "",
"secret": "",
"endpoint_url": "",
"bucket_name": ""
}
},
"index_everything": false,
"_notes": {
"loglevel": "(lookyloo) Can be one of the value listed here: https://docs.python.org/3/library/logging.html#levels",
"only_global_lookups": "Set it to True if your instance is publicly available so users aren't able to scan your internal network",
"public_instance": "true means disabling features deemed unsafe on a public instance (such as indexing private captures)",
"public_domain": "Domain where the instance can be reached. Used for permalinks (e-mail, MISP export).",
"website_listen_ip": "IP Flask will listen on. Defaults to 0.0.0.0, meaning all interfaces.",
"website_listen_port": "Port Flask will listen on.",
"systemd_service_name": "(Optional) Name of the systemd service if your project has one.",
"default_public": "If true, the capture is public and will be visible on the index page by default (can be unticked on the capture page).",
"index_is_capture": "If true, the capture page is the default landing page (faster for big instances).",
"users": "It is some kind of an admin accounts. Format: {username: password}",
"time_delta_on_index": "Time interval of the capture displayed on the index",
"async_capture_processes": "Number of async_capture processes to start. This should not be higher than the number of splash instances you have running. A very high number will use *a lot* of ram.",
"use_user_agents_users": "Only usable for medium/high use instances: use the user agents of the users of the platform",
"enable_default_blur_screenshot": "If true, blur the screenshot by default (useful on public instances)",
"show_project_page": "If true, display a ribbon with a link to the githug projects page at the top right side of the screen",
"enable_context_by_users": "Allow the users to add context to a response body",
"enable_categorization": "Allow the users to add contextualization to a capture",
"enable_bookmark": "Allow to bookmark nodes on tree",
"auto_trigger_modules": "Automatically trigger the modules when the tree is loaded and when the capture is cached",
"enable_mail_notification": "Allow users to notify a pre-configured email address about a specific capture",
"remote_lacus": "By default, lookyloo will do the capture locally. Enabling this feature means you have a dedicated Lacus instance somewhere",
"monitoring": "Enable connection to a remote monitoring instance",
"tor_proxy": "URL to connect to a SOCKS 5 proxy for tor - If you capture via a lacus instance, this value is ignored",
"global_proxy": "Proxy configuration to use for *all* the requests (except .onions) - If you capture via a lacus instance, this value is ignored",
"email": "Configuration for sending email notifications.",
"email_smtp_auth": "Email SMTP auth configuration",
"priority": "Define the priority of a new capture. A capture from the web interface has priority over a capture from the API, same for authenticated user vs. anonymous.",
"hide_captures_with_error": "Capturing an URL may result in an error (domain non-existent, HTTP error, ...). They may be useful to see, but if you have a public instance, they will clutter the index.",
"archive": "The captures older than this value (in days) will be archived. They're not cached by default in the Lookyloo class.",
"max_capture_time": "The very maximal time we allow a capture to keep going. Should only be triggered by captures that cause playwright to never quit.",
"max_tree_create_time": "The max time the generation of a tree is allowed to take",
"s3fs": "The config to access a S3FS instance with the s3fs python module - it is not integrated properly for now as it requires urllib < 2.0 which is a non-started at this stage.",
"index_everything": "If true, index every capture, even if it's not public. This feature requires a dedicated kvrocks instance, and is only accessible when logged-in as admin.",
"ignore_sri": "If true, the sri values are ignored and not calculated so that there are no problems while developing and testing."
}
}