voidaccess 1.4.7__tar.gz → 1.5.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (204) hide show
  1. {voidaccess-1.4.7 → voidaccess-1.5.0}/PKG-INFO +53 -7
  2. voidaccess-1.4.7/voidaccess.egg-info/PKG-INFO → voidaccess-1.5.0/README.md +451 -451
  3. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/main.py +155 -11
  4. voidaccess-1.5.0/api/routes/actors.py +735 -0
  5. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/admin.py +124 -1
  6. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/export.py +235 -6
  7. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/investigations.py +1176 -271
  8. {voidaccess-1.4.7 → voidaccess-1.5.0}/config.py +5 -2
  9. voidaccess-1.5.0/db/migrations/versions/0021_add_search_engine_stats.py +34 -0
  10. voidaccess-1.5.0/db/migrations/versions/0022_add_actor_profiles.py +158 -0
  11. voidaccess-1.5.0/db/migrations/versions/0023_add_investigation_metadata.py +60 -0
  12. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/models.py +183 -0
  13. voidaccess-1.5.0/db/search_engine_stats.py +315 -0
  14. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/session.py +23 -4
  15. voidaccess-1.5.0/export/__init__.py +58 -0
  16. voidaccess-1.5.0/export/ioc_package.py +1055 -0
  17. voidaccess-1.5.0/export/snort_export.py +551 -0
  18. voidaccess-1.5.0/export/yara_export.py +664 -0
  19. {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/llm_extract.py +50 -38
  20. voidaccess-1.5.0/extractor/normalizer.py +1245 -0
  21. {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/pipeline.py +200 -6
  22. voidaccess-1.5.0/extractor/regex_patterns.py +2326 -0
  23. {voidaccess-1.4.7 → voidaccess-1.5.0}/fingerprint/profiler.py +26 -0
  24. {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/builder.py +262 -22
  25. {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/model.py +34 -0
  26. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/jobs.py +9 -15
  27. {voidaccess-1.4.7 → voidaccess-1.5.0}/pyproject.toml +1 -1
  28. {voidaccess-1.4.7 → voidaccess-1.5.0}/scraper/scrape.py +153 -2
  29. {voidaccess-1.4.7 → voidaccess-1.5.0}/search/__init__.py +118 -24
  30. voidaccess-1.5.0/search/circuit_breaker.py +79 -0
  31. voidaccess-1.5.0/search/query_builder.py +48 -0
  32. {voidaccess-1.4.7 → voidaccess-1.5.0}/search/search.py +119 -26
  33. voidaccess-1.5.0/sources/actor_profiles.py +1684 -0
  34. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/dns_enrichment.py +98 -3
  35. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/domain_reputation.py +68 -4
  36. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/email_reputation.py +60 -3
  37. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/hash_reputation.py +110 -5
  38. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/ip_reputation.py +57 -3
  39. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/rss_scraper.py +6 -6
  40. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/seed_manager.py +203 -8
  41. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_db.py +2 -1
  42. voidaccess-1.5.0/tests/test_filter_e2e_manual.py +50 -0
  43. voidaccess-1.5.0/tests/test_filter_parser_manual.py +60 -0
  44. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_pagination.py +7 -6
  45. voidaccess-1.5.0/tests/test_regex_patterns.py +2341 -0
  46. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_settings.py +3 -4
  47. voidaccess-1.5.0/tests/test_snort_export.py +431 -0
  48. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_vector.py +3 -1
  49. voidaccess-1.5.0/tests/test_yara_export.py +353 -0
  50. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/content_safety.py +59 -2
  51. voidaccess-1.5.0/utils/enrichment_cache.py +676 -0
  52. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/user_keys.py +10 -7
  53. {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/embedder.py +5 -1
  54. voidaccess-1.5.0/vector/model_singleton.py +87 -0
  55. {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/store.py +1 -1
  56. voidaccess-1.5.0/voidaccess/config.py +14 -0
  57. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess/llm.py +222 -33
  58. voidaccess-1.4.7/README.md → voidaccess-1.5.0/voidaccess.egg-info/PKG-INFO +497 -405
  59. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/SOURCES.txt +18 -0
  60. voidaccess-1.5.0/voidaccess_cli/adapters/sqlite.py +860 -0
  61. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/browser.py +203 -71
  62. voidaccess-1.5.0/voidaccess_cli/commands/actors.py +479 -0
  63. voidaccess-1.5.0/voidaccess_cli/commands/export.py +352 -0
  64. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/investigate.py +404 -15
  65. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/show.py +98 -0
  66. voidaccess-1.5.0/voidaccess_cli/main.py +430 -0
  67. voidaccess-1.4.7/export/__init__.py +0 -34
  68. voidaccess-1.4.7/extractor/normalizer.py +0 -638
  69. voidaccess-1.4.7/extractor/regex_patterns.py +0 -325
  70. voidaccess-1.4.7/search/circuit_breaker.py +0 -247
  71. voidaccess-1.4.7/vector/model_singleton.py +0 -49
  72. voidaccess-1.4.7/voidaccess_cli/adapters/sqlite.py +0 -329
  73. voidaccess-1.4.7/voidaccess_cli/commands/export.py +0 -162
  74. voidaccess-1.4.7/voidaccess_cli/main.py +0 -191
  75. {voidaccess-1.4.7 → voidaccess-1.5.0}/LICENSE +0 -0
  76. {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/__init__.py +0 -0
  77. {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/opsec.py +0 -0
  78. {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/patterns.py +0 -0
  79. {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/temporal.py +0 -0
  80. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/__init__.py +0 -0
  81. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/auth.py +0 -0
  82. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/__init__.py +0 -0
  83. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/auth.py +0 -0
  84. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/entities.py +0 -0
  85. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/monitors.py +0 -0
  86. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/search.py +0 -0
  87. {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/settings.py +0 -0
  88. {voidaccess-1.4.7 → voidaccess-1.5.0}/auth/__init__.py +0 -0
  89. {voidaccess-1.4.7 → voidaccess-1.5.0}/auth/token_blacklist.py +0 -0
  90. {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/__init__.py +0 -0
  91. {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/dedup.py +0 -0
  92. {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/frontier.py +0 -0
  93. {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/spider.py +0 -0
  94. {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/utils.py +0 -0
  95. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/__init__.py +0 -0
  96. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/__init__.py +0 -0
  97. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/env.py +0 -0
  98. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0001_initial_schema.py +0 -0
  99. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0002_add_investigation_status_column.py +0 -0
  100. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0002_add_missing_tables.py +0 -0
  101. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0003_add_canonical_value_and_entity_links.py +0 -0
  102. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0004_add_page_posted_at.py +0 -0
  103. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0005_add_extraction_method.py +0 -0
  104. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0006_add_monitor_alerts.py +0 -0
  105. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0007_add_actor_style_profiles.py +0 -0
  106. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0008_add_users_table.py +0 -0
  107. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0009_add_investigation_id_to_relationships.py +0 -0
  108. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0010_add_composite_index_entity_relationships.py +0 -0
  109. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0011_add_page_extraction_cache.py +0 -0
  110. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0013_add_graph_status.py +0 -0
  111. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0015_add_progress_fields.py +0 -0
  112. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0016_backfill_graph_status.py +0 -0
  113. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0017_add_user_api_keys.py +0 -0
  114. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0018_add_user_id_to_investigations.py +0 -0
  115. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0019_add_content_safety_log.py +0 -0
  116. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0020_add_entity_source_tracking.py +0 -0
  117. {voidaccess-1.4.7 → voidaccess-1.5.0}/db/queries.py +0 -0
  118. {voidaccess-1.4.7 → voidaccess-1.5.0}/export/misp.py +0 -0
  119. {voidaccess-1.4.7 → voidaccess-1.5.0}/export/sigma.py +0 -0
  120. {voidaccess-1.4.7 → voidaccess-1.5.0}/export/stix.py +0 -0
  121. {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/__init__.py +0 -0
  122. {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/ner.py +0 -0
  123. {voidaccess-1.4.7 → voidaccess-1.5.0}/fingerprint/__init__.py +0 -0
  124. {voidaccess-1.4.7 → voidaccess-1.5.0}/fingerprint/stylometry.py +0 -0
  125. {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/__init__.py +0 -0
  126. {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/export.py +0 -0
  127. {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/queries.py +0 -0
  128. {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/visualize.py +0 -0
  129. {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/__init__.py +0 -0
  130. {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/detect.py +0 -0
  131. {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/query_expand.py +0 -0
  132. {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/translate.py +0 -0
  133. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/__init__.py +0 -0
  134. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/_db.py +0 -0
  135. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/alerts.py +0 -0
  136. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/config.py +0 -0
  137. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/diff.py +0 -0
  138. {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/scheduler.py +0 -0
  139. {voidaccess-1.4.7 → voidaccess-1.5.0}/scraper/__init__.py +0 -0
  140. {voidaccess-1.4.7 → voidaccess-1.5.0}/scraper/scrape_js.py +0 -0
  141. {voidaccess-1.4.7 → voidaccess-1.5.0}/setup.cfg +0 -0
  142. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/__init__.py +0 -0
  143. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/blockchain.py +0 -0
  144. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/cache.py +0 -0
  145. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/cisa.py +0 -0
  146. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/engines.py +0 -0
  147. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/enrichment.py +0 -0
  148. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/github_scraper.py +0 -0
  149. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/gitlab_scraper.py +0 -0
  150. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/historical_intel.py +0 -0
  151. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/paste_scraper.py +0 -0
  152. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/pastes.py +0 -0
  153. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/seeds.py +0 -0
  154. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/shodan.py +0 -0
  155. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/telegram.py +0 -0
  156. {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/virustotal.py +0 -0
  157. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_analysis_opsec.py +0 -0
  158. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_analysis_stylometry.py +0 -0
  159. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_analysis_temporal.py +0 -0
  160. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_api.py +0 -0
  161. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_api_monitors.py +0 -0
  162. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_blockchain.py +0 -0
  163. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_config.py +0 -0
  164. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_crawler.py +0 -0
  165. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_dns_enrichment.py +0 -0
  166. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_domain_reputation.py +0 -0
  167. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_email_reputation.py +0 -0
  168. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_fingerprint.py +0 -0
  169. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_github_scraper.py +0 -0
  170. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_gitlab_scraper.py +0 -0
  171. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_graph.py +0 -0
  172. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_hash_reputation.py +0 -0
  173. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_i18n.py +0 -0
  174. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_ip_reputation.py +0 -0
  175. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_llm.py +0 -0
  176. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_llm_utils.py +0 -0
  177. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_model_singleton.py +0 -0
  178. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_monitor.py +0 -0
  179. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_paste_scraper.py +0 -0
  180. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_rss_scraper.py +0 -0
  181. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_scrape_js.py +0 -0
  182. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_sources.py +0 -0
  183. {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_sources_enrichment_new.py +0 -0
  184. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/__init__.py +0 -0
  185. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/async_utils.py +0 -0
  186. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/defang.py +0 -0
  187. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/encryption.py +0 -0
  188. {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/ioc_freshness.py +0 -0
  189. {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/__init__.py +0 -0
  190. {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/search.py +0 -0
  191. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess/__init__.py +0 -0
  192. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess/llm_utils.py +0 -0
  193. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/dependency_links.txt +0 -0
  194. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/entry_points.txt +0 -0
  195. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/requires.txt +0 -0
  196. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/top_level.txt +0 -0
  197. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/__init__.py +0 -0
  198. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/adapters/__init__.py +0 -0
  199. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/__init__.py +0 -0
  200. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/configure.py +0 -0
  201. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/enrich.py +0 -0
  202. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/config.py +0 -0
  203. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/display.py +0 -0
  204. {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/tor_detect.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: voidaccess
3
- Version: 1.4.7
3
+ Version: 1.5.0
4
4
  Summary: Dark web OSINT CLI — automated threat intelligence from query to report
5
5
  Author: VoidAccess
6
6
  License-Expression: MIT
@@ -65,6 +65,21 @@ Commercial threat intelligence platforms often charge prohibitive annual fees fo
65
65
 
66
66
  ---
67
67
 
68
+ ## What's New in v1.5.0
69
+
70
+ - 37 new entity types across crypto, credentials, messaging, and network/forensic indicators.
71
+ - YARA, Snort, Suricata, and IOC package ZIP exports.
72
+ - Persistent actor profiles with aliases, infrastructure, notes, and timelines.
73
+ - Cross-alias resolution using shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation.
74
+ - Backend graph community detection and path-between-nodes queries.
75
+ - CLI graph browser path finder and frontend Find Path highlighting.
76
+ - Per-phase pipeline timeouts for enrichment, graph, summary, finalize, and parallel sources.
77
+ - `sources_used` and `infrastructure_clusters` persist in investigation metadata.
78
+ - Cross-run enrichment cache with Redis, SQLite, and memory backends.
79
+ - Auto-discovery and weekly validation of `.onion` seeds.
80
+
81
+ ---
82
+
68
83
  ## Quick Start
69
84
 
70
85
  ### Option A - CLI (no Docker, 30 seconds)
@@ -102,12 +117,28 @@ The Docker stack includes PostgreSQL, Tor, FastAPI, and Next.js.
102
117
  |---|---|
103
118
  | `voidaccess investigate` | Run an investigation |
104
119
  | `voidaccess show` | Interactive entity browser |
105
- | `voidaccess export` | Export STIX/MISP/Sigma/CSV/MD |
120
+ | `voidaccess export` | Export STIX/MISP/Sigma/YARA/Snort/Suricata/package/CSV/MD/JSON |
121
+ | `voidaccess package <file>` | Export an IOC ZIP bundle |
106
122
  | `voidaccess enrich` | Re-enrich saved results |
107
123
  | `voidaccess list` | List saved investigations |
108
- | `voidaccess status` | Config and API key status |
124
+ | `voidaccess status` | Config, API key, cache, engine, and seed status |
125
+ | `voidaccess actors` | List persistent actor profiles |
126
+ | `voidaccess actor <handle>` | Show an actor profile with aliases, infrastructure, notes, and history |
127
+ | `voidaccess actor <handle> --timeline` | Show an actor activity timeline |
128
+ | `voidaccess actor <handle> --note "text"` | Append an analyst note to an actor profile |
129
+ | `voidaccess timeline <handle>` | Shortcut for `voidaccess actor <handle> --timeline` |
109
130
  | `voidaccess configure` | Setup wizard |
110
131
 
132
+ Export examples:
133
+
134
+ ```bash
135
+ voidaccess package investigation.json
136
+ voidaccess export investigation.json --format yara
137
+ voidaccess export investigation.json --format snort
138
+ voidaccess export investigation.json --format suricata
139
+ voidaccess status --seeds
140
+ ```
141
+
111
142
  ### CLI vs Docker
112
143
 
113
144
  | Feature | CLI | Docker |
@@ -167,14 +198,17 @@ VoidAccess handles the complexity of dark web research through a rigorous sequen
167
198
 
168
199
  ## What It Extracts
169
200
 
170
- The extraction pipeline identifies these entity types:
201
+ The extraction pipeline identifies 55+ entity types:
171
202
 
172
203
  | Category | Examples |
173
204
  |---|---|
174
- | **Cryptocurrency** | Bitcoin, Ethereum, Monero wallet addresses |
205
+ | **Cryptocurrency** | Bitcoin, Ethereum, Monero, Litecoin, Zcash, Dogecoin, XRP, Solana, Tron, Bitcoin Cash, Dash, ENS |
175
206
  | **Network Indicators** | IPv4 addresses, .onion URLs, domains, email addresses, PGP keys |
176
207
  | **File Indicators** | MD5, SHA1, SHA256 hashes |
177
- | **Vulnerabilities** | CVE numbers, MITRE ATT&CK techniques |
208
+ | **Credentials** | AWS keys, GitHub tokens, Slack tokens, Discord tokens, JWTs, Google API keys, Stripe keys, generic API keys, stealer log entries |
209
+ | **Messaging Handles** | Telegram, Discord, XMPP, Tox, Session, Matrix, Wire, ICQ, Wickr |
210
+ | **Network/Forensic** | IPv6, MAC addresses, IPFS CIDs, combo-list entries, YARA rules, MITRE tactics, Exploit-DB IDs, Nuclei templates, seed phrases |
211
+ | **Vulnerabilities** | CVE numbers, MITRE ATT&CK techniques and tactics |
178
212
  | **Threat Actors** | Actor handles, malware families, ransomware group names |
179
213
  | **Paste Sites** | Pastebin, Ghostbin, Rentry, and similar links |
180
214
  | **People/Orgs** | Named persons, organization names, locations |
@@ -214,7 +248,19 @@ Export formats:
214
248
  - **STIX 2.1** — bundles with indicators, threat actors, malware objects
215
249
  - **MISP JSON** — events with galaxies for direct import
216
250
  - **Sigma rules** — auto-generated detection rules from extracted IOCs
217
- - **CSV** flat entity dumps for spreadsheet analysis
251
+ - **YARA rules** - generated rules for malware, credentials, infrastructure, and IOC strings
252
+ - **Snort rules** - network detection rules for IPs, domains, URLs, and selected IOC content
253
+ - **Suricata rules** - Suricata-compatible network rules with the same IOC coverage as Snort
254
+ - **IOC package ZIP** - 21-file bundle containing text IOC lists, STIX, MISP, Sigma, YARA, Snort, Suricata, summary, and CSV
255
+ - **CSV** - flat entity dumps for spreadsheet analysis
256
+
257
+ ---
258
+
259
+ ## Actor Intelligence
260
+
261
+ VoidAccess v1.5.0 persists actor profiles across investigations in `actor_profiles`, with linked aliases and infrastructure in `actor_aliases` and `actor_infrastructure`. Profiles are populated from threat actor, ransomware group, and handle entities, then enriched with co-occurring infrastructure and timeline events.
262
+
263
+ Cross-alias resolution scores five signals: shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation. Use `voidaccess actors` to list profiles, `voidaccess actor <handle>` for the full profile, `voidaccess actor <handle> --timeline` for chronology, and `voidaccess actor <handle> --note "text"` for analyst notes.
218
264
 
219
265
  ---
220
266