v1.3.0 — Entity Quality
Transforms raw extracted IOCs into confirmed threat indicators with behavioral context.
IP Intelligence (Step 6.1)
- Feodo Tracker + C2IntelFeeds — daily updated confirmed C2 IPs for Cobalt Strike, Sliver, Metasploit, Brute Ratel, Emotet, and more
- AbuseIPDB — community IP abuse reports (free, 1000/day)
- GreyNoise — suppresses benign scanner IPs (Shodan, Censys) from entity results entirely
Domain Intelligence (Step 6.2)
- crt.sh — certificate transparency logs reveal every subdomain ever certificated
- URLScan.io — live scan data, technology fingerprint, malicious verdicts
- Wayback Machine — historical content for taken-down domains, detects seizures
Hash Intelligence (Step 6.3)
- Hybrid Analysis — full behavioral sandbox analysis, network communication extracted as new entities
- MalwareBazaar + ThreatFox extended for family attribution
- MALWARE_FAMILY entities auto-created when confirmed by multiple sources
Email Intelligence (Step 6.4)
- HaveIBeenPwned — breach history and password exposure flags
- EmailRep — reputation scoring, disposable detection, platform presence
- Disposable email detection (local, no API)
- Custom email domains added as domain entities
New optional API keys
ABUSEIPDB_API_KEY, GREYNOISE_API_KEY, URLSCAN_API_KEY, HYBRID_ANALYSIS_API_KEY, HIBP_API_KEY, EMAILREP_API_KEY, GITHUB_TOKEN, GITLAB_TOKEN, SECURITYTRAILS_API_KEY
All optional — platform works without any of them.
Install
git clone https://github.com/KatrielMoses/voidaccess
cd voidaccess
bash setup.sh