mirror of
https://github.com/danieleperera/OnionIngestor
synced 2024-10-31 15:20:21 +00:00
b05599b389
New source dark.fail Added
118 lines
3.4 KiB
YAML
118 lines
3.4 KiB
YAML
# This is an example ThreatIngestor config file with some preconfigured RSS
|
|
# sources, feeding extracted artifacts into a CSV file.
|
|
|
|
general:
|
|
# Run forever, check feeds once an hour.
|
|
daemon: True
|
|
sleep: 10
|
|
onion_validation: ([a-z2-7]{16,56}\.onion)
|
|
blacklist: blacklist,keywords,go,here
|
|
interestingKeywords: Interesting,Keywords,Go,Here
|
|
save-thread: no # Use a separate thread to save onions
|
|
TorController:
|
|
port: 9051
|
|
password: YOUR-TOR-CONTROLLER-PASSWORD
|
|
|
|
monitor:
|
|
filename: monitoring.txt
|
|
|
|
sources:
|
|
# A few threat intel blogs to get you started!
|
|
- name: simple-text-file
|
|
module: simplefile
|
|
filename: onion_master_list.txt
|
|
|
|
- name: hunchly
|
|
module: hunchly
|
|
domain: https://www.dropbox.com/sh/wdleu9o7jj1kk7v/AADq2sapbxm7rVtoLOnFJ7HHa/HiddenServices.xlsx
|
|
|
|
- name: pystemon
|
|
module: pystemon
|
|
dirname: pystemon/alerts/
|
|
|
|
- name: dark.fail
|
|
module: dark.fail
|
|
domain: https://dark.fail/
|
|
|
|
# - name: source-gist
|
|
# module: gist
|
|
# url: https://gist.github.com/search?l=Text&q=.onion
|
|
|
|
# - name: source-reddit
|
|
# module: reddit
|
|
# url: https://api.pushshift.io/reddit/search/comment/?subreddit=onions&limit=1000000
|
|
# feed_type: messy
|
|
#
|
|
# - name: pastebin
|
|
# module: pastebin-account
|
|
# url: https://gist.github.com/search?l=Text&q=.onion
|
|
# feed_type: messy
|
|
#
|
|
# - name: hunchly-report
|
|
# module: gmail-hunchly
|
|
# url: https://gist.github.com/search?l=Text&q=.onion
|
|
# feed_type: messy
|
|
#
|
|
# - name: onionland-search
|
|
# module: collect-onions
|
|
# url: http://3bbaaaccczcbdddz.onion/discover
|
|
# feed_type: messy
|
|
#
|
|
# - name: torch
|
|
# module: collect-onions
|
|
# url: http://xmh57jrzrnw6insl.onion
|
|
# feed_type: messy
|
|
|
|
|
|
operators:
|
|
- name: simple-html
|
|
module: html
|
|
timeout: 300
|
|
retries: 2
|
|
interestingKeywords: YOUR,INTERESTING,KEYWORDS,GO,HERE
|
|
socks5:
|
|
http: 'socks5h://127.0.0.1:9050'
|
|
https: 'socks5h://127.0.0.1:9050'
|
|
|
|
# - name: onionscan-go
|
|
# module: onionscan
|
|
# binpath: /PATH/TO/YOUR/ONIONSCAN/GO/BINARY
|
|
|
|
|
|
# - name: simple-screenshot
|
|
# module: screenshot
|
|
# screenshots_path: null
|
|
|
|
|
|
# - name: yara-rule
|
|
# module: yara
|
|
# filename: categories.yar
|
|
# base_score: 50
|
|
|
|
|
|
database_Engines:
|
|
# Simple telegram notifier
|
|
- name: telegram-notifer # see https://core.telegram.org/bots/api#authorizing-your-bot
|
|
module: telegram
|
|
chat_id: YOUR-TELEGRAM-CHAT
|
|
token: YOUR-TELEGRAM-TOKEN
|
|
|
|
# - name: elasticsearch
|
|
# module: elasticsearch
|
|
# index: YOUR-ELASTICSEARCH-INDEX_NAME
|
|
# port : 9200
|
|
# host : 127.0.0.1
|
|
|
|
# - name: email
|
|
# module: send_email
|
|
# alert: no # Enable/disable email alerts
|
|
# from: alert@example.com
|
|
# to: alert@example.com
|
|
# server: 127.0.0.1 # Address of the server (hostname or IP)
|
|
# port: 25 # Outgoing SMTP port: 25, 587, ...
|
|
# tls: no # Enable/disable tls support
|
|
# username: '' # (optional) Username for authentication. Leave blank for no authentication.
|
|
# password: '' # (optional) Password for authentication. Leave blank for no authentication.
|
|
# subject: '[onioningestor] - {subject}'
|
|
# size-limit: 1048576 # Size limit for pastie, above it's sent as attachement
|