# This is an example ThreatIngestor config file with some preconfigured RSS # sources, feeding extracted artifacts into a CSV file. general: # Run forever, check feeds once an hour. daemon: False sleep: 3600 elasticsearch: index: darkweb port : 9200 host : 127.0.0.1 sources: # A few threat intel blogs to get you started! - name: source-gist module: gist url: https://gist.github.com/search?l=Text&q=.onion # - name: source-reddit # module: reddit # url: https://api.pushshift.io/reddit/search/comment/?subreddit=onions&limit=1000000 # feed_type: messy # # - name: pastebin # module: pastebin-account # url: https://gist.github.com/search?l=Text&q=.onion # feed_type: messy # # - name: hunchly-report # module: gmail-hunchly # url: https://gist.github.com/search?l=Text&q=.onion # feed_type: messy # # - name: onionland-search # module: collect-onions # url: http://3bbaaaccczcbdddz.onion/discover # feed_type: messy # # - name: torch # module: collect-onions # url: http://xmh57jrzrnw6insl.onion # feed_type: messy operators: - name: onionscan-go module: onionscan binpath: /home/tony/go/bin/onionscan socks5: http: 'socks5h://127.0.0.1:9050' https: 'socks5h://127.0.0.1:9050' TorController: port: 9051 password: Xk5QP2haFMh8Y8D1060F1D7xaWEFG timeout: 300 retries: 2 screenshots_path: null blacklist: pedo,xxx,infant,loli,porn,child,abuse,sex,drug,cocaine,dope,zoo,daddy,daughter,boy,girl,young,muder interestingKeywords: t.me,feed,rss,xml,atom,dataleak,breach,blog,ransomware,source code,data breach # - name: yara-rule # module: yara # filename: categories.yar # base_score: 50 # # - name: regex-match # module: regex # keywords: test,test2 # base_score: 20 notifiers: # Simple telegram notifier - name: telegram-notifer module: telegram chat_id: token: