HurricaneLabs / machinae

Machinae Security Intelligence Collector
MIT License
504 stars 101 forks source link

Ipvoid Issues #61

Closed kwolfe14 closed 4 years ago

kwolfe14 commented 4 years ago

When attempting to pull events from ipvoid I am unable to return any results. I am always provided with "[-] No IPVoid Results". I was going out of my way to use the command "-s ipvoid" to only use ipvoid since it does not require an API key according to the documentation.

It's possible this has been busted for a while. The scraping may no longer be working since IPvoid now appears to have a paid-for API key.

I was able to confirm that the regex for "ipvoid_status" and "ipvoid_blacklist" are working correctly.

I was testing with the IP "185.175.93.104" which is currently top attacker on SANS right now (https://isc.sans.edu/sources.html) which is blacklisted. https://www.ipvoid.com/ip-blacklist-check/

billford commented 4 years ago

After looking at it a little bit (and prematurely fixing the regex) you are correct. They've added some protections so, going forward, we will only be supporting the paid version of the API. This is the right thing to do in accordance with their wishes.

billford commented 4 years ago

This is fixed in the latest commit of machinae.xml but now defaults to false and requires a paid for api key from ipvoid. The previous configuration for it was removed as that just won't work anymore.