README
ยถ
Vautour
By the original author of Clair, Vautour is a distributed & extensible web hunter. Crawling the internet, Vautour lists, scrapes, processes (e.g. YARA) & persists documents asynchronously, looking for content that may be of interest for organizations or security researchers.
Supported Modules
Below are the modules currently supported by Vautour. Contributing new modules
is straight-forward, as it merely requires to implement the desired interface
as a new Go package in src/modules & importing it in cmd/vautour/main.go
(or within your custom main file).
| Name | Status | Notes |
|---|---|---|
| Inputs | ||
| Pastebin | โ | (Requires Pastebin PRO) |
| Github / Gists | ๐ | (Planned) |
| Stack Exchange | ๐ | (Planned) |
| Processors | ||
| YARA | โ | (Sample rules) |
| Outputs | ||
| ElasticSearch | โ | |
| Mailer | ||
| Queues | ||
| Redis | โ |
Getting started
- Read & acknowledge the DISCLAIMER, as well the LICENSE
- Run
docker-compose up - Wait a minute for the ELK stack to start, and for the first documents to be published
- In the meantime, take a look at the default config
- Head to Kibana
- Create an Index Pattern:
- Name it "Vautour"
- Choose "CreatedAt" as the time field,
- Edit the "Content" field, set the format to "String" and the transform to "Base64 Decode"
- Profit.
- Documents that matched the examples rules will have their
Score: >0
- Documents that matched the examples rules will have their
Directories
Click to show internal directories.
Click to hide internal directories.