voidaccess 1.4.6__tar.gz → 1.5.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (204) hide show
  1. {voidaccess-1.4.6 → voidaccess-1.5.0}/PKG-INFO +57 -7
  2. voidaccess-1.4.6/voidaccess.egg-info/PKG-INFO → voidaccess-1.5.0/README.md +451 -447
  3. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/main.py +155 -11
  4. voidaccess-1.5.0/api/routes/actors.py +735 -0
  5. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/admin.py +124 -1
  6. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/export.py +235 -6
  7. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/investigations.py +1176 -271
  8. {voidaccess-1.4.6 → voidaccess-1.5.0}/config.py +5 -2
  9. voidaccess-1.5.0/db/migrations/versions/0021_add_search_engine_stats.py +34 -0
  10. voidaccess-1.5.0/db/migrations/versions/0022_add_actor_profiles.py +158 -0
  11. voidaccess-1.5.0/db/migrations/versions/0023_add_investigation_metadata.py +60 -0
  12. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/models.py +183 -0
  13. voidaccess-1.5.0/db/search_engine_stats.py +315 -0
  14. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/session.py +23 -4
  15. voidaccess-1.5.0/export/__init__.py +58 -0
  16. voidaccess-1.5.0/export/ioc_package.py +1055 -0
  17. voidaccess-1.5.0/export/snort_export.py +551 -0
  18. voidaccess-1.5.0/export/yara_export.py +664 -0
  19. {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/llm_extract.py +50 -38
  20. voidaccess-1.5.0/extractor/normalizer.py +1245 -0
  21. {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/pipeline.py +200 -6
  22. voidaccess-1.5.0/extractor/regex_patterns.py +2326 -0
  23. {voidaccess-1.4.6 → voidaccess-1.5.0}/fingerprint/profiler.py +26 -0
  24. {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/builder.py +262 -22
  25. {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/model.py +34 -0
  26. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/jobs.py +9 -15
  27. {voidaccess-1.4.6 → voidaccess-1.5.0}/pyproject.toml +1 -1
  28. {voidaccess-1.4.6 → voidaccess-1.5.0}/scraper/scrape.py +153 -2
  29. {voidaccess-1.4.6 → voidaccess-1.5.0}/search/__init__.py +118 -24
  30. voidaccess-1.5.0/search/circuit_breaker.py +79 -0
  31. voidaccess-1.5.0/search/query_builder.py +48 -0
  32. {voidaccess-1.4.6 → voidaccess-1.5.0}/search/search.py +119 -26
  33. voidaccess-1.5.0/sources/actor_profiles.py +1684 -0
  34. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/dns_enrichment.py +98 -3
  35. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/domain_reputation.py +68 -4
  36. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/email_reputation.py +60 -3
  37. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/hash_reputation.py +110 -5
  38. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/ip_reputation.py +57 -3
  39. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/rss_scraper.py +6 -6
  40. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/seed_manager.py +203 -8
  41. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_db.py +2 -1
  42. voidaccess-1.5.0/tests/test_filter_e2e_manual.py +50 -0
  43. voidaccess-1.5.0/tests/test_filter_parser_manual.py +60 -0
  44. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_pagination.py +7 -6
  45. voidaccess-1.5.0/tests/test_regex_patterns.py +2341 -0
  46. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_settings.py +3 -4
  47. voidaccess-1.5.0/tests/test_snort_export.py +431 -0
  48. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_vector.py +3 -1
  49. voidaccess-1.5.0/tests/test_yara_export.py +353 -0
  50. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/content_safety.py +59 -2
  51. voidaccess-1.5.0/utils/enrichment_cache.py +676 -0
  52. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/user_keys.py +10 -7
  53. {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/embedder.py +5 -1
  54. voidaccess-1.5.0/vector/model_singleton.py +87 -0
  55. {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/store.py +1 -1
  56. voidaccess-1.5.0/voidaccess/config.py +14 -0
  57. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess/llm.py +222 -33
  58. voidaccess-1.4.6/README.md → voidaccess-1.5.0/voidaccess.egg-info/PKG-INFO +497 -401
  59. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/SOURCES.txt +18 -0
  60. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/__init__.py +1 -1
  61. voidaccess-1.5.0/voidaccess_cli/adapters/sqlite.py +860 -0
  62. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/browser.py +203 -71
  63. voidaccess-1.5.0/voidaccess_cli/commands/actors.py +479 -0
  64. voidaccess-1.5.0/voidaccess_cli/commands/export.py +352 -0
  65. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/investigate.py +405 -16
  66. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/show.py +98 -0
  67. voidaccess-1.5.0/voidaccess_cli/main.py +430 -0
  68. voidaccess-1.4.6/export/__init__.py +0 -34
  69. voidaccess-1.4.6/extractor/normalizer.py +0 -638
  70. voidaccess-1.4.6/extractor/regex_patterns.py +0 -325
  71. voidaccess-1.4.6/search/circuit_breaker.py +0 -247
  72. voidaccess-1.4.6/vector/model_singleton.py +0 -49
  73. voidaccess-1.4.6/voidaccess_cli/adapters/sqlite.py +0 -329
  74. voidaccess-1.4.6/voidaccess_cli/commands/export.py +0 -162
  75. voidaccess-1.4.6/voidaccess_cli/main.py +0 -191
  76. {voidaccess-1.4.6 → voidaccess-1.5.0}/LICENSE +0 -0
  77. {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/__init__.py +0 -0
  78. {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/opsec.py +0 -0
  79. {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/patterns.py +0 -0
  80. {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/temporal.py +0 -0
  81. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/__init__.py +0 -0
  82. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/auth.py +0 -0
  83. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/__init__.py +0 -0
  84. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/auth.py +0 -0
  85. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/entities.py +0 -0
  86. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/monitors.py +0 -0
  87. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/search.py +0 -0
  88. {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/settings.py +0 -0
  89. {voidaccess-1.4.6 → voidaccess-1.5.0}/auth/__init__.py +0 -0
  90. {voidaccess-1.4.6 → voidaccess-1.5.0}/auth/token_blacklist.py +0 -0
  91. {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/__init__.py +0 -0
  92. {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/dedup.py +0 -0
  93. {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/frontier.py +0 -0
  94. {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/spider.py +0 -0
  95. {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/utils.py +0 -0
  96. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/__init__.py +0 -0
  97. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/__init__.py +0 -0
  98. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/env.py +0 -0
  99. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0001_initial_schema.py +0 -0
  100. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0002_add_investigation_status_column.py +0 -0
  101. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0002_add_missing_tables.py +0 -0
  102. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0003_add_canonical_value_and_entity_links.py +0 -0
  103. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0004_add_page_posted_at.py +0 -0
  104. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0005_add_extraction_method.py +0 -0
  105. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0006_add_monitor_alerts.py +0 -0
  106. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0007_add_actor_style_profiles.py +0 -0
  107. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0008_add_users_table.py +0 -0
  108. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0009_add_investigation_id_to_relationships.py +0 -0
  109. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0010_add_composite_index_entity_relationships.py +0 -0
  110. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0011_add_page_extraction_cache.py +0 -0
  111. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0013_add_graph_status.py +0 -0
  112. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0015_add_progress_fields.py +0 -0
  113. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0016_backfill_graph_status.py +0 -0
  114. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0017_add_user_api_keys.py +0 -0
  115. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0018_add_user_id_to_investigations.py +0 -0
  116. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0019_add_content_safety_log.py +0 -0
  117. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0020_add_entity_source_tracking.py +0 -0
  118. {voidaccess-1.4.6 → voidaccess-1.5.0}/db/queries.py +0 -0
  119. {voidaccess-1.4.6 → voidaccess-1.5.0}/export/misp.py +0 -0
  120. {voidaccess-1.4.6 → voidaccess-1.5.0}/export/sigma.py +0 -0
  121. {voidaccess-1.4.6 → voidaccess-1.5.0}/export/stix.py +0 -0
  122. {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/__init__.py +0 -0
  123. {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/ner.py +0 -0
  124. {voidaccess-1.4.6 → voidaccess-1.5.0}/fingerprint/__init__.py +0 -0
  125. {voidaccess-1.4.6 → voidaccess-1.5.0}/fingerprint/stylometry.py +0 -0
  126. {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/__init__.py +0 -0
  127. {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/export.py +0 -0
  128. {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/queries.py +0 -0
  129. {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/visualize.py +0 -0
  130. {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/__init__.py +0 -0
  131. {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/detect.py +0 -0
  132. {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/query_expand.py +0 -0
  133. {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/translate.py +0 -0
  134. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/__init__.py +0 -0
  135. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/_db.py +0 -0
  136. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/alerts.py +0 -0
  137. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/config.py +0 -0
  138. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/diff.py +0 -0
  139. {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/scheduler.py +0 -0
  140. {voidaccess-1.4.6 → voidaccess-1.5.0}/scraper/__init__.py +0 -0
  141. {voidaccess-1.4.6 → voidaccess-1.5.0}/scraper/scrape_js.py +0 -0
  142. {voidaccess-1.4.6 → voidaccess-1.5.0}/setup.cfg +0 -0
  143. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/__init__.py +0 -0
  144. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/blockchain.py +0 -0
  145. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/cache.py +0 -0
  146. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/cisa.py +0 -0
  147. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/engines.py +0 -0
  148. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/enrichment.py +0 -0
  149. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/github_scraper.py +0 -0
  150. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/gitlab_scraper.py +0 -0
  151. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/historical_intel.py +0 -0
  152. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/paste_scraper.py +0 -0
  153. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/pastes.py +0 -0
  154. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/seeds.py +0 -0
  155. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/shodan.py +0 -0
  156. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/telegram.py +0 -0
  157. {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/virustotal.py +0 -0
  158. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_analysis_opsec.py +0 -0
  159. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_analysis_stylometry.py +0 -0
  160. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_analysis_temporal.py +0 -0
  161. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_api.py +0 -0
  162. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_api_monitors.py +0 -0
  163. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_blockchain.py +0 -0
  164. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_config.py +0 -0
  165. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_crawler.py +0 -0
  166. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_dns_enrichment.py +0 -0
  167. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_domain_reputation.py +0 -0
  168. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_email_reputation.py +0 -0
  169. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_fingerprint.py +0 -0
  170. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_github_scraper.py +0 -0
  171. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_gitlab_scraper.py +0 -0
  172. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_graph.py +0 -0
  173. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_hash_reputation.py +0 -0
  174. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_i18n.py +0 -0
  175. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_ip_reputation.py +0 -0
  176. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_llm.py +0 -0
  177. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_llm_utils.py +0 -0
  178. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_model_singleton.py +0 -0
  179. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_monitor.py +0 -0
  180. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_paste_scraper.py +0 -0
  181. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_rss_scraper.py +0 -0
  182. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_scrape_js.py +0 -0
  183. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_sources.py +0 -0
  184. {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_sources_enrichment_new.py +0 -0
  185. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/__init__.py +0 -0
  186. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/async_utils.py +0 -0
  187. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/defang.py +0 -0
  188. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/encryption.py +0 -0
  189. {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/ioc_freshness.py +0 -0
  190. {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/__init__.py +0 -0
  191. {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/search.py +0 -0
  192. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess/__init__.py +0 -0
  193. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess/llm_utils.py +0 -0
  194. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/dependency_links.txt +0 -0
  195. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/entry_points.txt +0 -0
  196. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/requires.txt +0 -0
  197. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/top_level.txt +0 -0
  198. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/adapters/__init__.py +0 -0
  199. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/__init__.py +0 -0
  200. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/configure.py +0 -0
  201. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/enrich.py +0 -0
  202. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/config.py +0 -0
  203. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/display.py +0 -0
  204. {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/tor_detect.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: voidaccess
3
- Version: 1.4.6
3
+ Version: 1.5.0
4
4
  Summary: Dark web OSINT CLI — automated threat intelligence from query to report
5
5
  Author: VoidAccess
6
6
  License-Expression: MIT
@@ -65,6 +65,21 @@ Commercial threat intelligence platforms often charge prohibitive annual fees fo
65
65
 
66
66
  ---
67
67
 
68
+ ## What's New in v1.5.0
69
+
70
+ - 37 new entity types across crypto, credentials, messaging, and network/forensic indicators.
71
+ - YARA, Snort, Suricata, and IOC package ZIP exports.
72
+ - Persistent actor profiles with aliases, infrastructure, notes, and timelines.
73
+ - Cross-alias resolution using shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation.
74
+ - Backend graph community detection and path-between-nodes queries.
75
+ - CLI graph browser path finder and frontend Find Path highlighting.
76
+ - Per-phase pipeline timeouts for enrichment, graph, summary, finalize, and parallel sources.
77
+ - `sources_used` and `infrastructure_clusters` persist in investigation metadata.
78
+ - Cross-run enrichment cache with Redis, SQLite, and memory backends.
79
+ - Auto-discovery and weekly validation of `.onion` seeds.
80
+
81
+ ---
82
+
68
83
  ## Quick Start
69
84
 
70
85
  ### Option A - CLI (no Docker, 30 seconds)
@@ -75,6 +90,10 @@ voidaccess configure
75
90
  voidaccess investigate "LockBit ransomware"
76
91
  ```
77
92
 
93
+ <div align="center">
94
+ <img src="./public/cli_investigation_gif.gif" alt="VoidAccess CLI investigation walkthrough" width="900">
95
+ </div>
96
+
78
97
  Requires local Tor for dark web sources:
79
98
 
80
99
  - https://torproject.org
@@ -98,12 +117,28 @@ The Docker stack includes PostgreSQL, Tor, FastAPI, and Next.js.
98
117
  |---|---|
99
118
  | `voidaccess investigate` | Run an investigation |
100
119
  | `voidaccess show` | Interactive entity browser |
101
- | `voidaccess export` | Export STIX/MISP/Sigma/CSV/MD |
120
+ | `voidaccess export` | Export STIX/MISP/Sigma/YARA/Snort/Suricata/package/CSV/MD/JSON |
121
+ | `voidaccess package <file>` | Export an IOC ZIP bundle |
102
122
  | `voidaccess enrich` | Re-enrich saved results |
103
123
  | `voidaccess list` | List saved investigations |
104
- | `voidaccess status` | Config and API key status |
124
+ | `voidaccess status` | Config, API key, cache, engine, and seed status |
125
+ | `voidaccess actors` | List persistent actor profiles |
126
+ | `voidaccess actor <handle>` | Show an actor profile with aliases, infrastructure, notes, and history |
127
+ | `voidaccess actor <handle> --timeline` | Show an actor activity timeline |
128
+ | `voidaccess actor <handle> --note "text"` | Append an analyst note to an actor profile |
129
+ | `voidaccess timeline <handle>` | Shortcut for `voidaccess actor <handle> --timeline` |
105
130
  | `voidaccess configure` | Setup wizard |
106
131
 
132
+ Export examples:
133
+
134
+ ```bash
135
+ voidaccess package investigation.json
136
+ voidaccess export investigation.json --format yara
137
+ voidaccess export investigation.json --format snort
138
+ voidaccess export investigation.json --format suricata
139
+ voidaccess status --seeds
140
+ ```
141
+
107
142
  ### CLI vs Docker
108
143
 
109
144
  | Feature | CLI | Docker |
@@ -163,14 +198,17 @@ VoidAccess handles the complexity of dark web research through a rigorous sequen
163
198
 
164
199
  ## What It Extracts
165
200
 
166
- The extraction pipeline identifies these entity types:
201
+ The extraction pipeline identifies 55+ entity types:
167
202
 
168
203
  | Category | Examples |
169
204
  |---|---|
170
- | **Cryptocurrency** | Bitcoin, Ethereum, Monero wallet addresses |
205
+ | **Cryptocurrency** | Bitcoin, Ethereum, Monero, Litecoin, Zcash, Dogecoin, XRP, Solana, Tron, Bitcoin Cash, Dash, ENS |
171
206
  | **Network Indicators** | IPv4 addresses, .onion URLs, domains, email addresses, PGP keys |
172
207
  | **File Indicators** | MD5, SHA1, SHA256 hashes |
173
- | **Vulnerabilities** | CVE numbers, MITRE ATT&CK techniques |
208
+ | **Credentials** | AWS keys, GitHub tokens, Slack tokens, Discord tokens, JWTs, Google API keys, Stripe keys, generic API keys, stealer log entries |
209
+ | **Messaging Handles** | Telegram, Discord, XMPP, Tox, Session, Matrix, Wire, ICQ, Wickr |
210
+ | **Network/Forensic** | IPv6, MAC addresses, IPFS CIDs, combo-list entries, YARA rules, MITRE tactics, Exploit-DB IDs, Nuclei templates, seed phrases |
211
+ | **Vulnerabilities** | CVE numbers, MITRE ATT&CK techniques and tactics |
174
212
  | **Threat Actors** | Actor handles, malware families, ransomware group names |
175
213
  | **Paste Sites** | Pastebin, Ghostbin, Rentry, and similar links |
176
214
  | **People/Orgs** | Named persons, organization names, locations |
@@ -210,7 +248,19 @@ Export formats:
210
248
  - **STIX 2.1** — bundles with indicators, threat actors, malware objects
211
249
  - **MISP JSON** — events with galaxies for direct import
212
250
  - **Sigma rules** — auto-generated detection rules from extracted IOCs
213
- - **CSV** flat entity dumps for spreadsheet analysis
251
+ - **YARA rules** - generated rules for malware, credentials, infrastructure, and IOC strings
252
+ - **Snort rules** - network detection rules for IPs, domains, URLs, and selected IOC content
253
+ - **Suricata rules** - Suricata-compatible network rules with the same IOC coverage as Snort
254
+ - **IOC package ZIP** - 21-file bundle containing text IOC lists, STIX, MISP, Sigma, YARA, Snort, Suricata, summary, and CSV
255
+ - **CSV** - flat entity dumps for spreadsheet analysis
256
+
257
+ ---
258
+
259
+ ## Actor Intelligence
260
+
261
+ VoidAccess v1.5.0 persists actor profiles across investigations in `actor_profiles`, with linked aliases and infrastructure in `actor_aliases` and `actor_infrastructure`. Profiles are populated from threat actor, ransomware group, and handle entities, then enriched with co-occurring infrastructure and timeline events.
262
+
263
+ Cross-alias resolution scores five signals: shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation. Use `voidaccess actors` to list profiles, `voidaccess actor <handle>` for the full profile, `voidaccess actor <handle> --timeline` for chronology, and `voidaccess actor <handle> --note "text"` for analyst notes.
214
264
 
215
265
  ---
216
266