VoidAccess v1.2.0

v1.2.0 — Intelligence Coverage

Added

• Curated seed list — 31 known .onion addresses across 8 categories checked before search engine fan-out
• Paste site scraping — Pastebin, dpaste, paste.ee in parallel with Tor
• GitHub scraping — code search and repo READMEs
• GitLab scraping — same coverage as GitHub
• RSS feeds — 20 curated security blogs including Krebs, BleepingComputer, Talos, Mandiant, CrowdStrike, Unit 42, CISA, FBI
• CIRCL passive DNS + RDAP WHOIS enrichment
• Infrastructure cluster detection — shared IPs and nameservers across investigated domains
• Investigation cancellation with partial result preservation
• Sources panel showing which sources ran and what each contributed
• Graceful API key skip — missing keys never break the pipeline

VoidAccess v1.1.0

v1.1.0 — UX and Safety

Added

• Content safety filters across 6 layers — blocked at query, URL, LLM, content, entity value, and frontend layers
• Bloodhound-style graph — draggable nodes, pin/unpin, right-click context menu, confidence-based edges, node detail panel
• IOC freshness decay tagging — Fresh/Aging/Stale/Expired with type-specific thresholds
• Cross-source confidence scoring with source count badges
• Defanged output by default (hxxp://, 1.2.3[.]4)
• STIX, MISP, Sigma exports fixed
• Query validation (min 3 chars)
• Password reset enforcement on first login
• Progress SSE endpoint working
• Retry-After headers on rate limit responses

VoidAccess v1.0.0

Initial Release

Self-hosted dark web OSINT platform.

What it does

• 13-step investigation pipeline over Tor
• Extracts 18 entity types from dark web content
• Entity relationship graph with sigma.js
• Enrichment via OTX, MalwareBazaar, ThreatFox, URLhaus, Shodan, VirusTotal, CISA KEV
• STIX 2.1, MISP, Sigma, CSV exports
• JWT authentication
• Docker Compose deployment

Requirements

• Docker and Docker Compose
• One LLM API key (OpenRouter free tier works)

git clone https://github.com/KatrielMoses/voidaccess
cd voidaccess
bash setup.sh

VoidAccess v1.3.0

v1.3.0 — Entity Quality

Transforms raw extracted IOCs into confirmed threat indicators with behavioral context.

IP Intelligence (Step 6.1)

• Feodo Tracker + C2IntelFeeds — daily updated confirmed C2 IPs for Cobalt Strike, Sliver, Metasploit, Brute Ratel, Emotet, and more
• AbuseIPDB — community IP abuse reports (free, 1000/day)
• GreyNoise — suppresses benign scanner IPs (Shodan, Censys) from entity results entirely

Domain Intelligence (Step 6.2)

• crt.sh — certificate transparency logs reveal every subdomain ever certificated
• URLScan.io — live scan data, technology fingerprint, malicious verdicts
• Wayback Machine — historical content for taken-down domains, detects seizures

Hash Intelligence (Step 6.3)

• Hybrid Analysis — full behavioral sandbox analysis, network communication extracted as new entities
• MalwareBazaar + ThreatFox extended for family attribution
• MALWARE_FAMILY entities auto-created when confirmed by multiple sources

Email Intelligence (Step 6.4)

• HaveIBeenPwned — breach history and password exposure flags
• EmailRep — reputation scoring, disposable detection, platform presence
• Disposable email detection (local, no API)
• Custom email domains added as domain entities

New optional API keys

ABUSEIPDB_API_KEY, GREYNOISE_API_KEY, URLSCAN_API_KEY, HYBRID_ANALYSIS_API_KEY, HIBP_API_KEY, EMAILREP_API_KEY, GITHUB_TOKEN, GITLAB_TOKEN, SECURITYTRAILS_API_KEY

All optional — platform works without any of them.

Install

git clone https://github.com/KatrielMoses/voidaccess
cd voidaccess
bash setup.sh