-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtemplate_chickadee.ini
122 lines (106 loc) · 4.01 KB
/
template_chickadee.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Config file to specify defaults for running chickadee
#
# Any setting in this file will be overwritten by arguments provided at
# the command line.
#
# Think of this file as a way to set the columns you most often use and the
# output format you prefer (if it differs from chickadee's defaults).
#
# All fields are defined in the file, though may be commented out. Uncomment
# to modify the behavior of the script through the configuration option.
#
# You may specify this file as an argument with `chickadee -c <filename>`
# This can be useful if you frequently switch between certain use cases.
#
# To be recognized, this file must be named either chickadee.ini or
# .chickadee.ini.
#
# Please store the file in one of the below locations for ease of detection
# by chickadee (this is the search order the script uses):
# * Your current working folder
# * The base of your home directory (ie ~/ or %USERPROFILE%)
# * ~/.config/chickadee on Linux/macOS
# * %APPDATA%\chickadee on Windows
# * /etc/chickadee on Linux/macOS
# * C:\ProgramData\chickadee on Windows
#!!!!!
#
# Do not commit to git or share publicly if you store your API key(s) in this
# file!
#
#!!!!!
[main]
# A location to store primary configurations such as output format, fields,
# and logging information.
# The source of IP addresses or files/folders containing IP addresses to parse.
# This is generally assigned via command line argument, though you can specify
# one or more IP addresses, a file path, or a folder path for chickadee to
# scan for IP addresses.
#
# data =
# A list of one or more fields to display
# Allows any valid field supported by the selected resolver. (See next section.)
# Must be comma delimited.
#
# fields = query,count,as,isp,org,country,mobile,proxy,hosting,status,message
# Change the default output format
# Can be one of:
# * csv - comma separated with header row
# * json - json format with a list of objects
# * jsonl - json lines format, with one object per line
#
# output-format = json
# Enable progress bars. Requires tqdm install (pip3 install tqdm)
#
# progress = true
# Disable GeoIP resolution.
# Useful in cases where you only want to extract distinct values from a source.
#
# no-resolve = true
# Disable counts of extracted IP addresses.
# Useful in reducing the number of fields .
#
# no-count = true
# Log location
# Set a new default log location
#
# log =
# Log verbosity
# While the text log will always contain debug output, this option can increase
# the verbosity of the log in standard out.
#
# verbose = true
[resolvers]
# A location to store information about default resolver and API keys used
# by Chickadee
# Specify the resolver GeoIP service to use. Can be one of:
# * ip_api (ip-api.com)
# * Supported fields: status,message,continent,continentCode,country,
# countryCode,region,regionName,city,district,zip,lat,lon,timezone,
# currency,isp,org,as,asname,reverse,mobile,proxy,hosting,query
# * API Documentation: https://ip-api.com/docs/api:json
# * Notes: If selected, chickadee will look for the `ip_api` config option and use
# any discovered value as the Pro API key.
# * virustotal (virustotal.com)
# * Supported fields: 'query', 'count', 'asn', 'country', 'subnet', 'resolution_count', 'detected_sample_count',
# 'undetected_sample_count', 'detected_url_count', 'undetected_url_count',
# 'resolutions', 'detected_samples', 'undetected_samples', 'detected_urls', 'undetected_urls',
# 'status', 'message'
# * API Documentation: https://developers.virustotal.com/reference
# * Notes: Any counts following a hash value or resolved domain name represent the number of positive hits on VT.
#
# resolver = ip_api
#!!!!!!!
#
# If you are using this section, please protect this file as it will contain
# sensitive API keys
#
#!!!!!!!
# Pro key for ip-api.com
# The `resolver` parameter must equal `ip_api` for this to apply
#
# ip_api =
# Pro key for virustotal.com
# The `resolver` parameter must equal `virustotal` for this to apply
#
# virustotal =