Mirrors/nox-project-nox-framework
1
0
Fork 0
mirror of https://github.com/nox-project/nox-framework.git synced 2026-06-13 10:21:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

v1.0.1 — quarterly maintenance: source audit, engine fixes, WAF hardening

Browse Source
This commit is contained in:
nox-project
2026-04-11 14:12:06 +02:00
parent 913e764133
commit 7febdc60f5
30 changed files with 703 additions and 449 deletions
Download Patch File Download Diff File Expand all files Collapse all files
build_sources.py
+114 -72
View File
@@ -240,24 +240,6 @@ FREE_PUBLIC_SOURCES: List[SourceConfig] = [
tags=["passive"],
health_check_url="https://urlscan.io", reliability_score=5),
_base("threatcrowd_email", "threat_intel",
"https://www.threatcrowd.org/searchApi/v2/email/report/?email={target}", "GET",
{"domains": "$.domains"},
rate_limit=5.0,
input_type="email", output_type=["domain"],
tags=["passive", "threat"],
health_check_url="https://www.threatcrowd.org", reliability_score=3,
is_volatile=True, bypass_required=["cloudflare"], user_agent_type="browser"),
_base("threatcrowd_domain", "threat_intel",
"https://www.threatcrowd.org/searchApi/v2/domain/report/?domain={target}", "GET",
{"ips": "$.resolutions[*].ip_address"},
rate_limit=5.0,
input_type="domain", output_type=["ip"],
tags=["passive", "threat"],
health_check_url="https://www.threatcrowd.org", reliability_score=3,
is_volatile=True, bypass_required=["cloudflare"], user_agent_type="browser"),
_base("pulsedive", "threat_intel",
"https://pulsedive.com/api/info.php?indicator={target}", "GET",
{"risk": "$.risk", "threats": "$.threats"},
@@ -267,9 +249,9 @@ FREE_PUBLIC_SOURCES: List[SourceConfig] = [
health_check_url="https://pulsedive.com", reliability_score=4),
_base("hudsonrock_osint", "breach_data",
"https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-login?username={target}", "GET",
"https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-email?email={target}", "GET",
{"stealers": "$.stealers"},
input_type="username", output_type=["email", "domain"],
input_type="email", output_type=["email", "domain", "username"],
normalization_map={"stealers": "breach_record"},
tags=["passive", "stealth"],
health_check_url="https://cavalier.hudsonrock.com", reliability_score=4),
@@ -296,12 +278,14 @@ FREE_PUBLIC_SOURCES: List[SourceConfig] = [
{"prefixes": "$.data.prefixes[*].prefix"},
input_type="ip", output_type=["ip"],
tags=["passive", "infrastructure"],
health_check_url="https://api.bgpview.io", reliability_score=4),
health_check_url="https://api.bgpview.io", reliability_score=2, is_volatile=True),
_base("emailrep_io", "email_rep",
_auth("emailrep_io", "email_rep",
"https://emailrep.io/{target}", "GET",
{"reputation": "$.reputation"},
rate_limit=2.0,
headers={"Key": "{EMAILREP_API_KEY}"},
api_key_slots=["{EMAILREP_API_KEY}"],
input_type="email", output_type=["email"],
normalization_map={"reputation": "email_reputation"},
tags=["passive", "fast"],
@@ -446,11 +430,12 @@ FREE_PUBLIC_SOURCES: List[SourceConfig] = [
health_check_url="https://checkurl.phishtank.com", reliability_score=4),
_base("duckduckgo_api", "search",
"https://api.duckduckgo.com/?q={target}&format=json", "GET",
{"abstract": "$.Abstract"},
"https://searx.tiekoetter.com/search?q={target}&format=json&categories=general", "GET",
{"results": "$.results"},
input_type="any", output_type=["url"],
normalization_map={"url": "url", "title": "title"},
tags=["passive", "fast"],
health_check_url="https://api.duckduckgo.com", reliability_score=5),
health_check_url="https://searx.tiekoetter.com", reliability_score=3, is_volatile=True),
_base("cve_search", "vulns",
"https://cve.circl.lu/api/cve/{target}", "GET",
@@ -474,21 +459,14 @@ FREE_PUBLIC_SOURCES: List[SourceConfig] = [
tags=["passive"],
health_check_url="https://packetstormsecurity.com", reliability_score=4),
_base("checkleaked", "breaches",
"https://api.checkleaked.cc/check/{target}", "GET",
{"found": "$.found"},
input_type="email", output_type=["email"],
tags=["passive", "stealth"],
health_check_url="https://api.checkleaked.cc", reliability_score=2, is_volatile=True,
backup_endpoints=["https://checkleaked.cc/api/check/{target}"]),
_base("scylla_sh_search", "breaches",
"https://scylla.sh/search?q={target}", "GET",
"https://scylla.so/search?q={target}", "GET",
{"results": "$.*"},
input_type="email", output_type=["email", "domain"],
tags=["passive", "stealth"],
health_check_url="https://scylla.sh", reliability_score=2, is_volatile=True,
backup_endpoints=["https://scylla.sh/api/search?q={target}"]),
health_check_url="https://scylla.so", reliability_score=2, is_volatile=True,
bypass_required=["cloudflare"], user_agent_type="browser",
backup_endpoints=["https://scylla.so/api/search?q={target}"]),
_base("vigilante_pw", "breaches",
"https://vigilante.pw/api/search?q={target}", "GET",
@@ -496,6 +474,44 @@ FREE_PUBLIC_SOURCES: List[SourceConfig] = [
input_type="email", output_type=["email"],
tags=["passive", "stealth"],
health_check_url="https://vigilante.pw", reliability_score=2, is_volatile=True),
# ── New free sources (v1.0.1) ─────────────────────────────────────────────
_base("proxynova_comb", "breaches",
"https://api.proxynova.com/comb?query={target}", "GET",
{"lines": "$.lines"},
input_type="email", output_type=["email"],
normalization_map={"lines": "credential_line"},
tags=["passive", "stealth"],
health_check_url="https://api.proxynova.com",
reliability_score=3, is_volatile=True),
_base("shodan_internetdb", "scanners",
"https://internetdb.shodan.io/{target}", "GET",
{"hostnames": "$.hostnames", "ports": "$.ports", "vulns": "$.vulns"},
input_type="ip", output_type=["domain", "ip"],
normalization_map={"hostnames": "domain", "vulns": "cve"},
tags=["passive", "fast", "infrastructure"],
health_check_url="https://internetdb.shodan.io",
reliability_score=5),
_base("circl_hashlookup", "hashes",
"https://hashlookup.circl.lu/lookup/md5/{target}", "GET",
{"filename": "$.FileName", "known_malicious": "$.KnownMalicious"},
input_type="hash", output_type=["hash"],
normalization_map={"FileName": "filename", "MD5": "hash_md5"},
tags=["passive", "fast"],
health_check_url="https://hashlookup.circl.lu",
reliability_score=5),
_base("ipapi_is", "geolocation",
"https://api.ipapi.is/?q={target}", "GET",
{"org": "$.org", "asn": "$.asn.asn", "abuse": "$.abuse.email"},
input_type="ip", output_type=["domain"],
normalization_map={"org": "asn_org", "asn": "asn_number", "abuse": "abuse_contact"},
tags=["passive", "fast"],
health_check_url="https://api.ipapi.is",
reliability_score=4),
]
# ---------------------------------------------------------------------------
@@ -586,24 +602,6 @@ AUTHENTICATED_PREMIUM_SOURCES: List[SourceConfig] = [
tags=["passive", "infrastructure"],
health_check_url="https://fofa.info", reliability_score=4),
_auth("spyse_domain", "scanners",
"https://api.spyse.com/v1/domain/details/{target}", "GET",
{"asn": "$.data.asn"},
headers={"Authorization": "Bearer {SPYSE_API_KEY}"},
api_key_slots=["{SPYSE_API_KEY}"],
input_type="domain", output_type=["ip"],
tags=["passive"],
health_check_url="https://api.spyse.com", reliability_score=3),
_auth("spyse_ip", "scanners",
"https://api.spyse.com/v1/ip/details/{target}", "GET",
{"geo": "$.data.geo"},
headers={"Authorization": "Bearer {SPYSE_API_KEY}"},
api_key_slots=["{SPYSE_API_KEY}"],
input_type="ip", output_type=["ip"],
tags=["passive"],
health_check_url="https://api.spyse.com", reliability_score=3),
_auth("onyphe_datascan", "scanners",
"https://www.onyphe.io/api/v2/simple/datascan/{target}", "GET",
{"results": "$.results"},
@@ -824,7 +822,7 @@ AUTHENTICATED_PREMIUM_SOURCES += [
health_check_url="https://haveibeenpwned.com", reliability_score=5),
_auth("dehashed", "breaches",
"https://api.dehashed.com/search?query={target}", "GET",
"https://api.dehashed.com/v2/search?query={target}", "GET",
{"entries": "$.entries"},
headers={"Authorization": "Basic {DEHASHED_AUTH_BASE64}", "Accept": "application/json"},
api_key_slots=["{DEHASHED_AUTH_BASE64}"],
@@ -924,15 +922,6 @@ AUTHENTICATED_PREMIUM_SOURCES += [
tags=["passive"],
health_check_url="https://api.tines.com", reliability_score=3),
_auth("leakstats_pw", "breaches",
"https://leakstats.net/api/password/{target}", "GET",
{"count": "$.count"},
headers={"api-key": "{LEAKSTATS_API_KEY}"},
api_key_slots=["{LEAKSTATS_API_KEY}"],
input_type="hash", output_type=["hash"],
tags=["passive"],
health_check_url="https://leakstats.net", reliability_score=3, is_volatile=True),
_base("leak_lookup", "breaches",
"https://leak-lookup.com/api/search", "POST",
{"results": "$.message"},
@@ -1238,14 +1227,7 @@ AUTHENTICATED_PREMIUM_SOURCES += [
health_check_url="http://apilayer.net", reliability_score=4),
# ── Hashes ────────────────────────────────────────────────────────────────
_auth("hashes_org", "hashes",
"https://hashes.org/api.php?key={HASHES_API_KEY}&query={target}", "GET",
{"found": "$.results"},
api_key_slots=["{HASHES_API_KEY}"],
input_type="hash", output_type=["hash"],
tags=["passive"],
health_check_url="https://hashes.org", reliability_score=3),
# hashes_org removed — service unavailable
# ── Search ────────────────────────────────────────────────────────────────
@@ -1265,6 +1247,66 @@ AUTHENTICATED_PREMIUM_SOURCES += [
input_type="any", output_type=["url"],
tags=["passive"],
health_check_url="https://api.bing.microsoft.com", reliability_score=5),
# ── New authenticated sources (v1.0.1) ───────────────────────────────────
_auth("threatfox", "threat_intel",
"https://threatfox-api.abuse.ch/api/v1/", "POST",
{"results": "$.data"},
headers={"API-KEY": "{THREATFOX_API_KEY}", "Content-Type": "application/json"},
payload_template={"query": "search_ioc", "search_term": "{target}"},
api_key_slots=["{THREATFOX_API_KEY}"],
input_type="any", output_type=["ip", "domain", "hash"],
normalization_map={"ioc": "indicator", "malware": "malware_family"},
tags=["passive", "threat"],
health_check_url="https://threatfox-api.abuse.ch",
reliability_score=5),
_auth("urlhaus", "threat_intel",
"https://urlhaus-api.abuse.ch/v1/host/", "POST",
{"urls": "$.urls"},
headers={"Auth-Key": "{URLHAUS_API_KEY}"},
payload_template={"host": "{target}"},
api_key_slots=["{URLHAUS_API_KEY}"],
input_type="domain", output_type=["url", "domain"],
normalization_map={"url": "malware_url", "threat": "threat_type"},
tags=["passive", "threat"],
health_check_url="https://urlhaus-api.abuse.ch",
reliability_score=5),
_auth("malwarebazaar", "hashes",
"https://mb-api.abuse.ch/api/v1/", "POST",
{"data": "$.data"},
headers={"API-KEY": "{MALWAREBAZAAR_API_KEY}"},
payload_template={"query": "get_info", "hash": "{target}"},
api_key_slots=["{MALWAREBAZAAR_API_KEY}"],
input_type="hash", output_type=["hash"],
normalization_map={"file_name": "filename", "tags": "tags"},
tags=["passive", "threat"],
health_check_url="https://mb-api.abuse.ch",
reliability_score=5),
_auth("fullhunt_subdomains", "dns_recon",
"https://fullhunt.io/api/v1/domain/{target}/subdomains", "GET",
{"hosts": "$.hosts"},
headers={"X-API-KEY": "{FULLHUNT_API_KEY}"},
api_key_slots=["{FULLHUNT_API_KEY}"],
input_type="domain", output_type=["domain", "ip"],
normalization_map={"host": "domain"},
tags=["passive", "infrastructure"],
health_check_url="https://fullhunt.io",
reliability_score=4),
_auth("netlas_search", "scanners",
"https://app.netlas.io/api/responses/?q={target}&source_type=include&start=0&fields=", "GET",
{"items": "$.items"},
headers={"X-API-Key": "{NETLAS_API_KEY}"},
api_key_slots=["{NETLAS_API_KEY}"],
input_type="ip", output_type=["ip", "domain"],
normalization_map={"data.ip": "ip_address", "data.domain": "domain"},
tags=["passive", "infrastructure"],
health_check_url="https://app.netlas.io",
reliability_score=4),
]