voidaccess 1.4.6__tar.gz → 1.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {voidaccess-1.4.6 → voidaccess-1.5.0}/PKG-INFO +57 -7
- voidaccess-1.4.6/voidaccess.egg-info/PKG-INFO → voidaccess-1.5.0/README.md +451 -447
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/main.py +155 -11
- voidaccess-1.5.0/api/routes/actors.py +735 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/admin.py +124 -1
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/export.py +235 -6
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/investigations.py +1176 -271
- {voidaccess-1.4.6 → voidaccess-1.5.0}/config.py +5 -2
- voidaccess-1.5.0/db/migrations/versions/0021_add_search_engine_stats.py +34 -0
- voidaccess-1.5.0/db/migrations/versions/0022_add_actor_profiles.py +158 -0
- voidaccess-1.5.0/db/migrations/versions/0023_add_investigation_metadata.py +60 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/models.py +183 -0
- voidaccess-1.5.0/db/search_engine_stats.py +315 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/session.py +23 -4
- voidaccess-1.5.0/export/__init__.py +58 -0
- voidaccess-1.5.0/export/ioc_package.py +1055 -0
- voidaccess-1.5.0/export/snort_export.py +551 -0
- voidaccess-1.5.0/export/yara_export.py +664 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/llm_extract.py +50 -38
- voidaccess-1.5.0/extractor/normalizer.py +1245 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/pipeline.py +200 -6
- voidaccess-1.5.0/extractor/regex_patterns.py +2326 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/fingerprint/profiler.py +26 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/builder.py +262 -22
- {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/model.py +34 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/jobs.py +9 -15
- {voidaccess-1.4.6 → voidaccess-1.5.0}/pyproject.toml +1 -1
- {voidaccess-1.4.6 → voidaccess-1.5.0}/scraper/scrape.py +153 -2
- {voidaccess-1.4.6 → voidaccess-1.5.0}/search/__init__.py +118 -24
- voidaccess-1.5.0/search/circuit_breaker.py +79 -0
- voidaccess-1.5.0/search/query_builder.py +48 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/search/search.py +119 -26
- voidaccess-1.5.0/sources/actor_profiles.py +1684 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/dns_enrichment.py +98 -3
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/domain_reputation.py +68 -4
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/email_reputation.py +60 -3
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/hash_reputation.py +110 -5
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/ip_reputation.py +57 -3
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/rss_scraper.py +6 -6
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/seed_manager.py +203 -8
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_db.py +2 -1
- voidaccess-1.5.0/tests/test_filter_e2e_manual.py +50 -0
- voidaccess-1.5.0/tests/test_filter_parser_manual.py +60 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_pagination.py +7 -6
- voidaccess-1.5.0/tests/test_regex_patterns.py +2341 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_settings.py +3 -4
- voidaccess-1.5.0/tests/test_snort_export.py +431 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_vector.py +3 -1
- voidaccess-1.5.0/tests/test_yara_export.py +353 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/content_safety.py +59 -2
- voidaccess-1.5.0/utils/enrichment_cache.py +676 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/user_keys.py +10 -7
- {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/embedder.py +5 -1
- voidaccess-1.5.0/vector/model_singleton.py +87 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/store.py +1 -1
- voidaccess-1.5.0/voidaccess/config.py +14 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess/llm.py +222 -33
- voidaccess-1.4.6/README.md → voidaccess-1.5.0/voidaccess.egg-info/PKG-INFO +497 -401
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/SOURCES.txt +18 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/__init__.py +1 -1
- voidaccess-1.5.0/voidaccess_cli/adapters/sqlite.py +860 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/browser.py +203 -71
- voidaccess-1.5.0/voidaccess_cli/commands/actors.py +479 -0
- voidaccess-1.5.0/voidaccess_cli/commands/export.py +352 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/investigate.py +405 -16
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/show.py +98 -0
- voidaccess-1.5.0/voidaccess_cli/main.py +430 -0
- voidaccess-1.4.6/export/__init__.py +0 -34
- voidaccess-1.4.6/extractor/normalizer.py +0 -638
- voidaccess-1.4.6/extractor/regex_patterns.py +0 -325
- voidaccess-1.4.6/search/circuit_breaker.py +0 -247
- voidaccess-1.4.6/vector/model_singleton.py +0 -49
- voidaccess-1.4.6/voidaccess_cli/adapters/sqlite.py +0 -329
- voidaccess-1.4.6/voidaccess_cli/commands/export.py +0 -162
- voidaccess-1.4.6/voidaccess_cli/main.py +0 -191
- {voidaccess-1.4.6 → voidaccess-1.5.0}/LICENSE +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/opsec.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/patterns.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/analysis/temporal.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/auth.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/auth.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/entities.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/monitors.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/search.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/api/routes/settings.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/auth/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/auth/token_blacklist.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/dedup.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/frontier.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/spider.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/crawler/utils.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/env.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0001_initial_schema.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0002_add_investigation_status_column.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0002_add_missing_tables.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0003_add_canonical_value_and_entity_links.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0004_add_page_posted_at.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0005_add_extraction_method.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0006_add_monitor_alerts.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0007_add_actor_style_profiles.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0008_add_users_table.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0009_add_investigation_id_to_relationships.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0010_add_composite_index_entity_relationships.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0011_add_page_extraction_cache.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0013_add_graph_status.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0015_add_progress_fields.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0016_backfill_graph_status.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0017_add_user_api_keys.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0018_add_user_id_to_investigations.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0019_add_content_safety_log.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/migrations/versions/0020_add_entity_source_tracking.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/db/queries.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/export/misp.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/export/sigma.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/export/stix.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/extractor/ner.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/fingerprint/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/fingerprint/stylometry.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/export.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/queries.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/graph/visualize.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/detect.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/query_expand.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/i18n/translate.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/_db.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/alerts.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/config.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/diff.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/monitor/scheduler.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/scraper/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/scraper/scrape_js.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/setup.cfg +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/blockchain.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/cache.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/cisa.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/engines.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/enrichment.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/github_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/gitlab_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/historical_intel.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/paste_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/pastes.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/seeds.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/shodan.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/telegram.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/sources/virustotal.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_analysis_opsec.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_analysis_stylometry.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_analysis_temporal.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_api.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_api_monitors.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_blockchain.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_config.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_crawler.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_dns_enrichment.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_domain_reputation.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_email_reputation.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_fingerprint.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_github_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_gitlab_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_graph.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_hash_reputation.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_i18n.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_ip_reputation.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_llm.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_llm_utils.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_model_singleton.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_monitor.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_paste_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_rss_scraper.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_scrape_js.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_sources.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/tests/test_sources_enrichment_new.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/async_utils.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/defang.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/encryption.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/utils/ioc_freshness.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/vector/search.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess/llm_utils.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/dependency_links.txt +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/entry_points.txt +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/requires.txt +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess.egg-info/top_level.txt +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/adapters/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/__init__.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/configure.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/commands/enrich.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/config.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/display.py +0 -0
- {voidaccess-1.4.6 → voidaccess-1.5.0}/voidaccess_cli/tor_detect.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: voidaccess
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.5.0
|
|
4
4
|
Summary: Dark web OSINT CLI — automated threat intelligence from query to report
|
|
5
5
|
Author: VoidAccess
|
|
6
6
|
License-Expression: MIT
|
|
@@ -65,6 +65,21 @@ Commercial threat intelligence platforms often charge prohibitive annual fees fo
|
|
|
65
65
|
|
|
66
66
|
---
|
|
67
67
|
|
|
68
|
+
## What's New in v1.5.0
|
|
69
|
+
|
|
70
|
+
- 37 new entity types across crypto, credentials, messaging, and network/forensic indicators.
|
|
71
|
+
- YARA, Snort, Suricata, and IOC package ZIP exports.
|
|
72
|
+
- Persistent actor profiles with aliases, infrastructure, notes, and timelines.
|
|
73
|
+
- Cross-alias resolution using shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation.
|
|
74
|
+
- Backend graph community detection and path-between-nodes queries.
|
|
75
|
+
- CLI graph browser path finder and frontend Find Path highlighting.
|
|
76
|
+
- Per-phase pipeline timeouts for enrichment, graph, summary, finalize, and parallel sources.
|
|
77
|
+
- `sources_used` and `infrastructure_clusters` persist in investigation metadata.
|
|
78
|
+
- Cross-run enrichment cache with Redis, SQLite, and memory backends.
|
|
79
|
+
- Auto-discovery and weekly validation of `.onion` seeds.
|
|
80
|
+
|
|
81
|
+
---
|
|
82
|
+
|
|
68
83
|
## Quick Start
|
|
69
84
|
|
|
70
85
|
### Option A - CLI (no Docker, 30 seconds)
|
|
@@ -75,6 +90,10 @@ voidaccess configure
|
|
|
75
90
|
voidaccess investigate "LockBit ransomware"
|
|
76
91
|
```
|
|
77
92
|
|
|
93
|
+
<div align="center">
|
|
94
|
+
<img src="./public/cli_investigation_gif.gif" alt="VoidAccess CLI investigation walkthrough" width="900">
|
|
95
|
+
</div>
|
|
96
|
+
|
|
78
97
|
Requires local Tor for dark web sources:
|
|
79
98
|
|
|
80
99
|
- https://torproject.org
|
|
@@ -98,12 +117,28 @@ The Docker stack includes PostgreSQL, Tor, FastAPI, and Next.js.
|
|
|
98
117
|
|---|---|
|
|
99
118
|
| `voidaccess investigate` | Run an investigation |
|
|
100
119
|
| `voidaccess show` | Interactive entity browser |
|
|
101
|
-
| `voidaccess export` | Export STIX/MISP/Sigma/CSV/MD |
|
|
120
|
+
| `voidaccess export` | Export STIX/MISP/Sigma/YARA/Snort/Suricata/package/CSV/MD/JSON |
|
|
121
|
+
| `voidaccess package <file>` | Export an IOC ZIP bundle |
|
|
102
122
|
| `voidaccess enrich` | Re-enrich saved results |
|
|
103
123
|
| `voidaccess list` | List saved investigations |
|
|
104
|
-
| `voidaccess status` | Config
|
|
124
|
+
| `voidaccess status` | Config, API key, cache, engine, and seed status |
|
|
125
|
+
| `voidaccess actors` | List persistent actor profiles |
|
|
126
|
+
| `voidaccess actor <handle>` | Show an actor profile with aliases, infrastructure, notes, and history |
|
|
127
|
+
| `voidaccess actor <handle> --timeline` | Show an actor activity timeline |
|
|
128
|
+
| `voidaccess actor <handle> --note "text"` | Append an analyst note to an actor profile |
|
|
129
|
+
| `voidaccess timeline <handle>` | Shortcut for `voidaccess actor <handle> --timeline` |
|
|
105
130
|
| `voidaccess configure` | Setup wizard |
|
|
106
131
|
|
|
132
|
+
Export examples:
|
|
133
|
+
|
|
134
|
+
```bash
|
|
135
|
+
voidaccess package investigation.json
|
|
136
|
+
voidaccess export investigation.json --format yara
|
|
137
|
+
voidaccess export investigation.json --format snort
|
|
138
|
+
voidaccess export investigation.json --format suricata
|
|
139
|
+
voidaccess status --seeds
|
|
140
|
+
```
|
|
141
|
+
|
|
107
142
|
### CLI vs Docker
|
|
108
143
|
|
|
109
144
|
| Feature | CLI | Docker |
|
|
@@ -163,14 +198,17 @@ VoidAccess handles the complexity of dark web research through a rigorous sequen
|
|
|
163
198
|
|
|
164
199
|
## What It Extracts
|
|
165
200
|
|
|
166
|
-
The extraction pipeline identifies
|
|
201
|
+
The extraction pipeline identifies 55+ entity types:
|
|
167
202
|
|
|
168
203
|
| Category | Examples |
|
|
169
204
|
|---|---|
|
|
170
|
-
| **Cryptocurrency** | Bitcoin, Ethereum, Monero
|
|
205
|
+
| **Cryptocurrency** | Bitcoin, Ethereum, Monero, Litecoin, Zcash, Dogecoin, XRP, Solana, Tron, Bitcoin Cash, Dash, ENS |
|
|
171
206
|
| **Network Indicators** | IPv4 addresses, .onion URLs, domains, email addresses, PGP keys |
|
|
172
207
|
| **File Indicators** | MD5, SHA1, SHA256 hashes |
|
|
173
|
-
| **
|
|
208
|
+
| **Credentials** | AWS keys, GitHub tokens, Slack tokens, Discord tokens, JWTs, Google API keys, Stripe keys, generic API keys, stealer log entries |
|
|
209
|
+
| **Messaging Handles** | Telegram, Discord, XMPP, Tox, Session, Matrix, Wire, ICQ, Wickr |
|
|
210
|
+
| **Network/Forensic** | IPv6, MAC addresses, IPFS CIDs, combo-list entries, YARA rules, MITRE tactics, Exploit-DB IDs, Nuclei templates, seed phrases |
|
|
211
|
+
| **Vulnerabilities** | CVE numbers, MITRE ATT&CK techniques and tactics |
|
|
174
212
|
| **Threat Actors** | Actor handles, malware families, ransomware group names |
|
|
175
213
|
| **Paste Sites** | Pastebin, Ghostbin, Rentry, and similar links |
|
|
176
214
|
| **People/Orgs** | Named persons, organization names, locations |
|
|
@@ -210,7 +248,19 @@ Export formats:
|
|
|
210
248
|
- **STIX 2.1** — bundles with indicators, threat actors, malware objects
|
|
211
249
|
- **MISP JSON** — events with galaxies for direct import
|
|
212
250
|
- **Sigma rules** — auto-generated detection rules from extracted IOCs
|
|
213
|
-
- **
|
|
251
|
+
- **YARA rules** - generated rules for malware, credentials, infrastructure, and IOC strings
|
|
252
|
+
- **Snort rules** - network detection rules for IPs, domains, URLs, and selected IOC content
|
|
253
|
+
- **Suricata rules** - Suricata-compatible network rules with the same IOC coverage as Snort
|
|
254
|
+
- **IOC package ZIP** - 21-file bundle containing text IOC lists, STIX, MISP, Sigma, YARA, Snort, Suricata, summary, and CSV
|
|
255
|
+
- **CSV** - flat entity dumps for spreadsheet analysis
|
|
256
|
+
|
|
257
|
+
---
|
|
258
|
+
|
|
259
|
+
## Actor Intelligence
|
|
260
|
+
|
|
261
|
+
VoidAccess v1.5.0 persists actor profiles across investigations in `actor_profiles`, with linked aliases and infrastructure in `actor_aliases` and `actor_infrastructure`. Profiles are populated from threat actor, ransomware group, and handle entities, then enriched with co-occurring infrastructure and timeline events.
|
|
262
|
+
|
|
263
|
+
Cross-alias resolution scores five signals: shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation. Use `voidaccess actors` to list profiles, `voidaccess actor <handle>` for the full profile, `voidaccess actor <handle> --timeline` for chronology, and `voidaccess actor <handle> --note "text"` for analyst notes.
|
|
214
264
|
|
|
215
265
|
---
|
|
216
266
|
|