-
Notifications
You must be signed in to change notification settings - Fork 4
/
config.ini
256 lines (206 loc) · 10.1 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
[CONVEY]
# Main section.
# File names are searched at current working directory, program directory and user/convey config directory.
# Boolean values may be set as 0/false/off OR 1/true/on (case insensitive).
# When adding new columns, show few first computed values.
# Ex: you're adding a new country field so that whois is request for first four lines.
compute_preview = True
# Submit crashes to GitHub
github_crash_submit = True
# If testing is True, do not be afraid, e-mail messages will not be sent.
# They will get forwarded to the testing e-mail (and e-mails in Cc will not be sent at all)
testing = True
# If testing is True, all e-mails will be forwarded to this testing e-mail.
testing_mail = [email protected]
# Development only: If debug is True, increases verbosity and gets the prompt in the case of an exception
# or when encountering an invalid line.
debug = False
# Get prompt if program crashes.
crash_post_mortem = False
# Verbosity level
# If omitted, default level is set to 20 (INFO level)
# See https://docs.python.org/3/library/logging.html#logging-levels
verbosity =
# Open GUI editor with mail templates when analysis starts if splitting by a column
autoopen_editor = False
# DEPRECATED
# Sometimes, we are provided with unvalid files that change the pattern in the middle.
# If True and invalid line exist, it is written to a special file.
# After Whois analysis, administrator may manually change the file contents and let the lines reanalyse.
# If False, the lines are just counted but not written to special file.
#
# redo_invalids = True
# In the command line we specify a file name or input text (if file does not exist).
# If this parameter is omitted what should convey do?
# 0 or empty ~ ask what to do
# 1 ~ input from stdin
# 2 ~ choose file name
# 3 ~ input from stdin, then choose file name
# 4 ~ choose file name, then input from stdin
# 5 ~ allow only input text (unless flag --file present), even if parameter omitted
# 6 ~ allow only file name (unless flag --input present), even if parameter omitted
file_or_input = 1
# When processing input text (not a file on disk), should we save the output to a file at program exit?
# 4 or True ~ always save
# 3 ~ if processed, save, otherwise do not save
# 2 ~ always ask
# 1 ~ if processed, ask, otherwise do not save
# 0 or empty ~ do not save, just display
# This value gets overwritten if --output flag is used to specify the destination file.
# Note: We do not save single value input but only CSV STDIN input unless --output flag specified.
# Ex: $ convey example.com # single value input - no output unless --output flag
# Ex: $ convey < file.csv # CSV STDIN input - output savable
save_stdin_output = 1
# If True, hit enter to process further whenever it is possible.
# Useful for automatic processing.
yes =
# Launch program in a headless mode which imposes --yes and --quiet. No menu is shown.
headless =
# True if you want to write "statistics.txt" file next to the analyzed file, containing whois info, like:
# "Totally 17 of unique IPs; information for 5 countries (16 unique IPs), no contact for 1 countries without national/government CSIRT (1 unique IPs)"
write_statistics = False
# Filepath to local country team contacts. CSV file is in the format: domain,cc. (Mails can be delimited by semicolon.)
contacts_cc = contacts_cc.csv
# Filepath to foreign countries contacts. CSV file is in the format: country,email
contacts_abroad = contacts_abroad.csv
# Template for basic e-mails.
mail_template = template.eml
# Template for abroad e-mails.
mail_template_abroad = template_abroad.eml
# To start up convey could take around 0.75 s notably because of the external libraries (pint (0.2 s), bs4, requests).
# When doing a single query or a headless processing (no menu involved), we may reduce this time significantly (to cca 0.03 s) with a daemon that would parse our CLI arguments and if everything went ok print out the results.
# True ~ start the daemon at the end of the first convey call
# False ~ do not start the daemon automatically, just wait for `convey --daemon start` call.
daemonize = True
# Processing threads
# If set to threads = auto, threads will be used if convey think it is reasonable.
# If True, threads will be always used when processing.
# If number, that number of threads will be created.
# If False, 0 or left blank, no thread used.
threads = auto
[FIELDS]
# Fields 'code' and 'external' are considered unsafe, an attacker might take possession of your server.
# With 'code', you can launch an arbitrary code on the machine.
# With 'external', you can load any file from your machine and launch it.
# These unsafe fields are not available via the web service.
# You may specifically allow them here, ex: webservice_allow_unsafe_fields = code, external
# Leave this field empty if you are not sure what are you doing!
webservice_allow_unsafe_fields =
# These fields shall not be computed when using single value check
# (delimit by comma)
single_query_ignored_fields = html
# When single value input contains a web page, we could fetch it and add "status" (HTTP code) and "text" fields. Text is just mere text, no tags, style, script, or head.
# True, empty ~ allowed
# False ~ forbidden
web =
# Change user agent to be used when scraping a URL
user_agent =
# timeout used when scraping a URL
web_timeout = 3
# Allow whois module
# True/empty ~ allowed
# False ~ forbidden
whois = True
# If you have a whois mirror server, put it in here. You may append a -r flag if this is a RIPE mirror.
# Ex: ripedb.nic.cz -r
whois_mirror =
# Use whois records cache.
whois_cache = True
# How many seconds will a WHOIS answer cache will be considered fresh. For unlimited put -1
whois_ttl = 86400
# If True, when some IP addresses prefix was not identified, delete such addresses from the cache so that WHOIS will be re-asked
# for a prefix if processing. If empty or False, such addresses remain in the cache and when processing,
# they are automatically considered as having an unknown prefix. Useful when we hit an undocumented WHOIS server quota and
# we want to reprocess the file, keeping cache but ignoring IP addresses mistakenly marked as unknown.
whois_delete_unknown =
# When fetching whois records, sometimes the abusemail field (abuse e-mail address) is unavailable – unknown.
# If there is no contact e-mail in contacts_abroad, incident-contact field is unknown as well.
#
# When splitting by an unknown value, such lines are always reprocessable.
# When processing single file (no splitting), cells with unknown information are left empty by default.
# However if you set `whois_reprocessable_unknown` to True, lines with unknown abusemail will be pulled out
# to be reprocessed at the end to the bottom,
# no matter if you are not computing abusemail but incident-contact which may be available.
whois_reprocessable_unknown =
# whois country code abbreviation (or their list) for local country(countries),
# other countries will be treated as "abroad" if listed in contacts_abroad
# This is important for incident-contact field; when generating e-mail messages, "abroad" e-mails use another template.
# * local country record uses whois abuse e-mail and template.eml
# * abroad (non-local) record try to get the csirtmail from contacts_abroad and uses template_abroad.csv
# * if the csirtmail is not available, it uses whois abuse e-mail and template_abroad.csv
# Ex: cz
local_country =
# LACNIC has rate limits that lets the script wait for 5 minutes.
# False ~ wait 5 minutes
# True ~ skip lines and try to resolve them afterwards
lacnic_quota_skip_lines = True
#
# True ~ resolve after processing other lines
# False ~ left skipped unprocessed (user have to launch reprocessing from menu)
# empty ~ ask
lacnic_quota_resolve_immediately = True
# Allow DNS dig module
# True/empty ~ allowed
# False ~ forbidden
dig = True
# Allow nmap module
# True/empty ~ allowed
# False ~ forbidden
nmap = True
# NMAP may generate a single string with ports and their services, ex:
# 53/tcp open domain
# 443/tcp open https
# or may generate a list of open ports as integers, ex: [53, 443]
# False ~ take single string
# True ~ take all of them and duplicate whole row
multiple_nmap_ports = False
# Hostname can be resolved into multiple IP addresses.
# False ~ take single IP address
# True ~ take all of them and duplicate whole row
multiple_hostname_ip = False
# CIDR can be resolved into many IP addresses.
# False ~ take single IP address
# True ~ take all of them and duplicate whole row
multiple_cidr_ip = False
[EXTERNAL]
# You may define custom fields. Providing paths to the entrypoint Python files.
# Methods in these files will be taken as the names for the custom fields.
# Delimit the paths by a comma, ex: `external_fields = /tmp/myfile.py, /tmp/anotherfile.py`
# /tmp/myfile.py may have the contents: `def hello_world(val): return "hello world"`
#
# If you do not want to register all methods from the file,
# list chosen methods as new parameters while delimiting the method names by a colon.
# Ex: hello_world = /tmp/myfile.py:hello_world
#
external_fields =
[CSV]
# Default CSV dialect parameters; you can force delimiter, quoting character and set True or False if file is considered having the header.
# For tab-sign use either \t or tab.
delimiter =
quote_char =
header =
# Output dialect. For tab-sign use either \t or tab.
delimiter_output = ,
quote_char_output = "
header_output = True
[SMTP]
smtp_host = localhost
email_from_name = "My cool mail" <[email protected]>
# Process e-mail messages with jinja2 templating system
jinja = True
# Split CSV files are added as e-mail attachments.
attach_files = True
# Files from a column of the Path type are added as e-mail attachments
# Note for security reasons, files must not be symlinks, be readable for others `chmod o+r`, and be in the same directory.
# So that a crafted CSV would not pull up ~/.ssh or /etc/ files.
attach_paths_from_path_column = False
[OTRS]
# OTRS specific options. We may send all the e-mails by it.
otrs_enabled = True
otrs_host = localhost
baseuri = /otrs/index.pl
signkeyid = PGP::Sign::-
# Default ticket records (for testing, may be left empty), it will be used during CSV processing.
# It's handier to define that with the use of cmd flags.
ticketid =
ticketnum =