voidaccess 1.4.7__tar.gz → 1.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {voidaccess-1.4.7 → voidaccess-1.5.0}/PKG-INFO +53 -7
- voidaccess-1.4.7/voidaccess.egg-info/PKG-INFO → voidaccess-1.5.0/README.md +451 -451
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/main.py +155 -11
- voidaccess-1.5.0/api/routes/actors.py +735 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/admin.py +124 -1
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/export.py +235 -6
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/investigations.py +1176 -271
- {voidaccess-1.4.7 → voidaccess-1.5.0}/config.py +5 -2
- voidaccess-1.5.0/db/migrations/versions/0021_add_search_engine_stats.py +34 -0
- voidaccess-1.5.0/db/migrations/versions/0022_add_actor_profiles.py +158 -0
- voidaccess-1.5.0/db/migrations/versions/0023_add_investigation_metadata.py +60 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/models.py +183 -0
- voidaccess-1.5.0/db/search_engine_stats.py +315 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/session.py +23 -4
- voidaccess-1.5.0/export/__init__.py +58 -0
- voidaccess-1.5.0/export/ioc_package.py +1055 -0
- voidaccess-1.5.0/export/snort_export.py +551 -0
- voidaccess-1.5.0/export/yara_export.py +664 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/llm_extract.py +50 -38
- voidaccess-1.5.0/extractor/normalizer.py +1245 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/pipeline.py +200 -6
- voidaccess-1.5.0/extractor/regex_patterns.py +2326 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/fingerprint/profiler.py +26 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/builder.py +262 -22
- {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/model.py +34 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/jobs.py +9 -15
- {voidaccess-1.4.7 → voidaccess-1.5.0}/pyproject.toml +1 -1
- {voidaccess-1.4.7 → voidaccess-1.5.0}/scraper/scrape.py +153 -2
- {voidaccess-1.4.7 → voidaccess-1.5.0}/search/__init__.py +118 -24
- voidaccess-1.5.0/search/circuit_breaker.py +79 -0
- voidaccess-1.5.0/search/query_builder.py +48 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/search/search.py +119 -26
- voidaccess-1.5.0/sources/actor_profiles.py +1684 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/dns_enrichment.py +98 -3
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/domain_reputation.py +68 -4
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/email_reputation.py +60 -3
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/hash_reputation.py +110 -5
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/ip_reputation.py +57 -3
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/rss_scraper.py +6 -6
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/seed_manager.py +203 -8
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_db.py +2 -1
- voidaccess-1.5.0/tests/test_filter_e2e_manual.py +50 -0
- voidaccess-1.5.0/tests/test_filter_parser_manual.py +60 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_pagination.py +7 -6
- voidaccess-1.5.0/tests/test_regex_patterns.py +2341 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_settings.py +3 -4
- voidaccess-1.5.0/tests/test_snort_export.py +431 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_vector.py +3 -1
- voidaccess-1.5.0/tests/test_yara_export.py +353 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/content_safety.py +59 -2
- voidaccess-1.5.0/utils/enrichment_cache.py +676 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/user_keys.py +10 -7
- {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/embedder.py +5 -1
- voidaccess-1.5.0/vector/model_singleton.py +87 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/store.py +1 -1
- voidaccess-1.5.0/voidaccess/config.py +14 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess/llm.py +222 -33
- voidaccess-1.4.7/README.md → voidaccess-1.5.0/voidaccess.egg-info/PKG-INFO +497 -405
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/SOURCES.txt +18 -0
- voidaccess-1.5.0/voidaccess_cli/adapters/sqlite.py +860 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/browser.py +203 -71
- voidaccess-1.5.0/voidaccess_cli/commands/actors.py +479 -0
- voidaccess-1.5.0/voidaccess_cli/commands/export.py +352 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/investigate.py +404 -15
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/show.py +98 -0
- voidaccess-1.5.0/voidaccess_cli/main.py +430 -0
- voidaccess-1.4.7/export/__init__.py +0 -34
- voidaccess-1.4.7/extractor/normalizer.py +0 -638
- voidaccess-1.4.7/extractor/regex_patterns.py +0 -325
- voidaccess-1.4.7/search/circuit_breaker.py +0 -247
- voidaccess-1.4.7/vector/model_singleton.py +0 -49
- voidaccess-1.4.7/voidaccess_cli/adapters/sqlite.py +0 -329
- voidaccess-1.4.7/voidaccess_cli/commands/export.py +0 -162
- voidaccess-1.4.7/voidaccess_cli/main.py +0 -191
- {voidaccess-1.4.7 → voidaccess-1.5.0}/LICENSE +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/opsec.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/patterns.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/analysis/temporal.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/auth.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/auth.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/entities.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/monitors.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/search.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/api/routes/settings.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/auth/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/auth/token_blacklist.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/dedup.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/frontier.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/spider.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/crawler/utils.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/env.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0001_initial_schema.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0002_add_investigation_status_column.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0002_add_missing_tables.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0003_add_canonical_value_and_entity_links.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0004_add_page_posted_at.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0005_add_extraction_method.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0006_add_monitor_alerts.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0007_add_actor_style_profiles.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0008_add_users_table.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0009_add_investigation_id_to_relationships.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0010_add_composite_index_entity_relationships.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0011_add_page_extraction_cache.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0013_add_graph_status.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0015_add_progress_fields.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0016_backfill_graph_status.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0017_add_user_api_keys.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0018_add_user_id_to_investigations.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0019_add_content_safety_log.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/migrations/versions/0020_add_entity_source_tracking.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/db/queries.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/export/misp.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/export/sigma.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/export/stix.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/extractor/ner.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/fingerprint/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/fingerprint/stylometry.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/export.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/queries.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/graph/visualize.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/detect.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/query_expand.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/i18n/translate.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/_db.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/alerts.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/config.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/diff.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/monitor/scheduler.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/scraper/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/scraper/scrape_js.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/setup.cfg +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/blockchain.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/cache.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/cisa.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/engines.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/enrichment.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/github_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/gitlab_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/historical_intel.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/paste_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/pastes.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/seeds.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/shodan.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/telegram.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/sources/virustotal.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_analysis_opsec.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_analysis_stylometry.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_analysis_temporal.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_api.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_api_monitors.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_blockchain.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_config.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_crawler.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_dns_enrichment.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_domain_reputation.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_email_reputation.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_fingerprint.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_github_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_gitlab_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_graph.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_hash_reputation.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_i18n.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_ip_reputation.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_llm.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_llm_utils.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_model_singleton.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_monitor.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_paste_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_rss_scraper.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_scrape_js.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_sources.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/tests/test_sources_enrichment_new.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/async_utils.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/defang.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/encryption.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/utils/ioc_freshness.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/vector/search.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess/llm_utils.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/dependency_links.txt +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/entry_points.txt +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/requires.txt +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess.egg-info/top_level.txt +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/adapters/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/__init__.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/configure.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/commands/enrich.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/config.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/display.py +0 -0
- {voidaccess-1.4.7 → voidaccess-1.5.0}/voidaccess_cli/tor_detect.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: voidaccess
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.5.0
|
|
4
4
|
Summary: Dark web OSINT CLI — automated threat intelligence from query to report
|
|
5
5
|
Author: VoidAccess
|
|
6
6
|
License-Expression: MIT
|
|
@@ -65,6 +65,21 @@ Commercial threat intelligence platforms often charge prohibitive annual fees fo
|
|
|
65
65
|
|
|
66
66
|
---
|
|
67
67
|
|
|
68
|
+
## What's New in v1.5.0
|
|
69
|
+
|
|
70
|
+
- 37 new entity types across crypto, credentials, messaging, and network/forensic indicators.
|
|
71
|
+
- YARA, Snort, Suricata, and IOC package ZIP exports.
|
|
72
|
+
- Persistent actor profiles with aliases, infrastructure, notes, and timelines.
|
|
73
|
+
- Cross-alias resolution using shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation.
|
|
74
|
+
- Backend graph community detection and path-between-nodes queries.
|
|
75
|
+
- CLI graph browser path finder and frontend Find Path highlighting.
|
|
76
|
+
- Per-phase pipeline timeouts for enrichment, graph, summary, finalize, and parallel sources.
|
|
77
|
+
- `sources_used` and `infrastructure_clusters` persist in investigation metadata.
|
|
78
|
+
- Cross-run enrichment cache with Redis, SQLite, and memory backends.
|
|
79
|
+
- Auto-discovery and weekly validation of `.onion` seeds.
|
|
80
|
+
|
|
81
|
+
---
|
|
82
|
+
|
|
68
83
|
## Quick Start
|
|
69
84
|
|
|
70
85
|
### Option A - CLI (no Docker, 30 seconds)
|
|
@@ -102,12 +117,28 @@ The Docker stack includes PostgreSQL, Tor, FastAPI, and Next.js.
|
|
|
102
117
|
|---|---|
|
|
103
118
|
| `voidaccess investigate` | Run an investigation |
|
|
104
119
|
| `voidaccess show` | Interactive entity browser |
|
|
105
|
-
| `voidaccess export` | Export STIX/MISP/Sigma/CSV/MD |
|
|
120
|
+
| `voidaccess export` | Export STIX/MISP/Sigma/YARA/Snort/Suricata/package/CSV/MD/JSON |
|
|
121
|
+
| `voidaccess package <file>` | Export an IOC ZIP bundle |
|
|
106
122
|
| `voidaccess enrich` | Re-enrich saved results |
|
|
107
123
|
| `voidaccess list` | List saved investigations |
|
|
108
|
-
| `voidaccess status` | Config
|
|
124
|
+
| `voidaccess status` | Config, API key, cache, engine, and seed status |
|
|
125
|
+
| `voidaccess actors` | List persistent actor profiles |
|
|
126
|
+
| `voidaccess actor <handle>` | Show an actor profile with aliases, infrastructure, notes, and history |
|
|
127
|
+
| `voidaccess actor <handle> --timeline` | Show an actor activity timeline |
|
|
128
|
+
| `voidaccess actor <handle> --note "text"` | Append an analyst note to an actor profile |
|
|
129
|
+
| `voidaccess timeline <handle>` | Shortcut for `voidaccess actor <handle> --timeline` |
|
|
109
130
|
| `voidaccess configure` | Setup wizard |
|
|
110
131
|
|
|
132
|
+
Export examples:
|
|
133
|
+
|
|
134
|
+
```bash
|
|
135
|
+
voidaccess package investigation.json
|
|
136
|
+
voidaccess export investigation.json --format yara
|
|
137
|
+
voidaccess export investigation.json --format snort
|
|
138
|
+
voidaccess export investigation.json --format suricata
|
|
139
|
+
voidaccess status --seeds
|
|
140
|
+
```
|
|
141
|
+
|
|
111
142
|
### CLI vs Docker
|
|
112
143
|
|
|
113
144
|
| Feature | CLI | Docker |
|
|
@@ -167,14 +198,17 @@ VoidAccess handles the complexity of dark web research through a rigorous sequen
|
|
|
167
198
|
|
|
168
199
|
## What It Extracts
|
|
169
200
|
|
|
170
|
-
The extraction pipeline identifies
|
|
201
|
+
The extraction pipeline identifies 55+ entity types:
|
|
171
202
|
|
|
172
203
|
| Category | Examples |
|
|
173
204
|
|---|---|
|
|
174
|
-
| **Cryptocurrency** | Bitcoin, Ethereum, Monero
|
|
205
|
+
| **Cryptocurrency** | Bitcoin, Ethereum, Monero, Litecoin, Zcash, Dogecoin, XRP, Solana, Tron, Bitcoin Cash, Dash, ENS |
|
|
175
206
|
| **Network Indicators** | IPv4 addresses, .onion URLs, domains, email addresses, PGP keys |
|
|
176
207
|
| **File Indicators** | MD5, SHA1, SHA256 hashes |
|
|
177
|
-
| **
|
|
208
|
+
| **Credentials** | AWS keys, GitHub tokens, Slack tokens, Discord tokens, JWTs, Google API keys, Stripe keys, generic API keys, stealer log entries |
|
|
209
|
+
| **Messaging Handles** | Telegram, Discord, XMPP, Tox, Session, Matrix, Wire, ICQ, Wickr |
|
|
210
|
+
| **Network/Forensic** | IPv6, MAC addresses, IPFS CIDs, combo-list entries, YARA rules, MITRE tactics, Exploit-DB IDs, Nuclei templates, seed phrases |
|
|
211
|
+
| **Vulnerabilities** | CVE numbers, MITRE ATT&CK techniques and tactics |
|
|
178
212
|
| **Threat Actors** | Actor handles, malware families, ransomware group names |
|
|
179
213
|
| **Paste Sites** | Pastebin, Ghostbin, Rentry, and similar links |
|
|
180
214
|
| **People/Orgs** | Named persons, organization names, locations |
|
|
@@ -214,7 +248,19 @@ Export formats:
|
|
|
214
248
|
- **STIX 2.1** — bundles with indicators, threat actors, malware objects
|
|
215
249
|
- **MISP JSON** — events with galaxies for direct import
|
|
216
250
|
- **Sigma rules** — auto-generated detection rules from extracted IOCs
|
|
217
|
-
- **
|
|
251
|
+
- **YARA rules** - generated rules for malware, credentials, infrastructure, and IOC strings
|
|
252
|
+
- **Snort rules** - network detection rules for IPs, domains, URLs, and selected IOC content
|
|
253
|
+
- **Suricata rules** - Suricata-compatible network rules with the same IOC coverage as Snort
|
|
254
|
+
- **IOC package ZIP** - 21-file bundle containing text IOC lists, STIX, MISP, Sigma, YARA, Snort, Suricata, summary, and CSV
|
|
255
|
+
- **CSV** - flat entity dumps for spreadsheet analysis
|
|
256
|
+
|
|
257
|
+
---
|
|
258
|
+
|
|
259
|
+
## Actor Intelligence
|
|
260
|
+
|
|
261
|
+
VoidAccess v1.5.0 persists actor profiles across investigations in `actor_profiles`, with linked aliases and infrastructure in `actor_aliases` and `actor_infrastructure`. Profiles are populated from threat actor, ransomware group, and handle entities, then enriched with co-occurring infrastructure and timeline events.
|
|
262
|
+
|
|
263
|
+
Cross-alias resolution scores five signals: shared infrastructure, shared PGP, string similarity, temporal co-activity, and co-investigation. Use `voidaccess actors` to list profiles, `voidaccess actor <handle>` for the full profile, `voidaccess actor <handle> --timeline` for chronology, and `voidaccess actor <handle> --note "text"` for analyst notes.
|
|
218
264
|
|
|
219
265
|
---
|
|
220
266
|
|