This repository has been archived by the owner on Oct 1, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathonioningestor.yml
117 lines (98 loc) · 3.38 KB
/
onioningestor.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# This is an example ThreatIngestor config file with some preconfigured RSS
# sources, feeding extracted artifacts into a CSV file.
general:
# Run forever, check feeds once an hour.
daemon: True
sleep: 10
onion_validation: ([a-z2-7]{16,56}\.onion)
blacklist: blacklist,keywords,go,here
interestingKeywords: Interesting,Keywords,Go,Here
save-thread: no # Use a separate thread to save onions
TorController:
port: 9051
password: YOUR-TOR-CONTROLLER-PASSWORD
monitor:
filename: monitoring.txt
sources:
# A few threat intel blogs to get you started!
- name: simple-text-file
module: simplefile
filename: onion_master_list.txt
- name: hunchly
module: hunchly
domain: https://www.dropbox.com/sh/wdleu9o7jj1kk7v/AADq2sapbxm7rVtoLOnFJ7HHa/HiddenServices.xlsx
- name: pystemon
module: pystemon
dirname: pystemon/alerts/
- name: dark.fail
module: dark.fail
domain: https://dark.fail/
# - name: source-gist
# module: gist
# url: https://gist.github.com/search?l=Text&q=.onion
# - name: source-reddit
# module: reddit
# url: https://api.pushshift.io/reddit/search/comment/?subreddit=onions&limit=1000000
# feed_type: messy
#
# - name: pastebin
# module: pastebin-account
# url: https://gist.github.com/search?l=Text&q=.onion
# feed_type: messy
#
# - name: hunchly-report
# module: gmail-hunchly
# url: https://gist.github.com/search?l=Text&q=.onion
# feed_type: messy
#
# - name: onionland-search
# module: collect-onions
# url: http://3bbaaaccczcbdddz.onion/discover
# feed_type: messy
#
# - name: torch
# module: collect-onions
# url: http://xmh57jrzrnw6insl.onion
# feed_type: messy
operators:
- name: simple-html
module: html
timeout: 300
retries: 2
interestingKeywords: YOUR,INTERESTING,KEYWORDS,GO,HERE
socks5:
http: 'socks5h://127.0.0.1:9050'
https: 'socks5h://127.0.0.1:9050'
# - name: onionscan-go
# module: onionscan
# binpath: /PATH/TO/YOUR/ONIONSCAN/GO/BINARY
# - name: simple-screenshot
# module: screenshot
# screenshots_path: null
# - name: yara-rule
# module: yara
# filename: categories.yar
# base_score: 50
database_Engines:
# Simple telegram notifier
- name: telegram-notifer # see https://core.telegram.org/bots/api#authorizing-your-bot
module: telegram
chat_id: YOUR-TELEGRAM-CHAT
token: YOUR-TELEGRAM-TOKEN
# - name: elasticsearch
# module: elasticsearch
# index: YOUR-ELASTICSEARCH-INDEX_NAME
# port : 9200
# host : 127.0.0.1
# - name: email
# module: send_email
# alert: no # Enable/disable email alerts
# from: alert@example.com
# to: alert@example.com
# server: 127.0.0.1 # Address of the server (hostname or IP)
# port: 25 # Outgoing SMTP port: 25, 587, ...
# tls: no # Enable/disable tls support
# username: '' # (optional) Username for authentication. Leave blank for no authentication.
# password: '' # (optional) Password for authentication. Leave blank for no authentication.
# subject: '[onioningestor] - {subject}'
# size-limit: 1048576 # Size limit for pastie, above it's sent as attachement