worker-osint-toolkit/config.yaml at main · myshkin42/worker-osint-toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# Worker OSINT MCP Server Configuration

# Privacy level settings
privacy_levels:
  conservative:
    description: "Passive reconnaissance only - no active scanning"
    tools:
      - whois
      - dns
      - public_registries
    rate_limit: slow
    timeout: 30
    aggressive_scanning: false

  moderate:
    description: "Standard OSINT techniques - balanced approach"
    tools:
      - whois
      - dns
      - subdomains
      - certificates
      - email_harvest
    rate_limit: normal
    timeout: 60
    aggressive_scanning: false

  aggressive:
    description: "Comprehensive investigation - all techniques"
    tools:
      - all
    rate_limit: fast
    timeout: 120
    aggressive_scanning: true

# Jurisdiction-specific settings
jurisdictions:
  australia:
    enabled: true
    registries:
      - abn_lookup: "https://abr.business.gov.au"
      - asic_search: "https://asic.gov.au"
    domain_extensions:
      - .com.au
      - .net.au
      - .org.au
      - .edu.au
      - .gov.au

  ireland:
    enabled: true
    registries:
      - cro_lookup: "https://core.cro.ie"
      - revenue_search: "https://revenue.ie"
    domain_extensions:
      - .ie
      - .co.ie

# Tool-specific settings
tools:
  subdomain_scan:
    sources:
      - bing
      - duckduckgo
      - certspotter
      - crtsh
    max_subdomains: 100
    timeout: 120

  email_harvest:
    sources:
      - bing
      - duckduckgo
      - certspotter
    max_emails: 50
    timeout: 90

  dns_recon:
    record_types:
      - A
      - AAAA
      - MX
      - NS
      - TXT
      - CNAME
      - SOA
    timeout: 30

  whois:
    timeout: 20
    retry_attempts: 3

  certificate_search:
    sources:
      - crt.sh
      - certspotter
    max_certs: 50

  wayback:
    api_url: "https://web.archive.org"
    max_snapshots: 10

  social_media:
    platforms:
      - linkedin
      - twitter
      - facebook
      - instagram
      - youtube
    max_profiles_per_platform: 10

  google_dork:
    max_results: 20
    rate_limit: 10  # requests per minute
    note: "Respect robots.txt and Google's ToS"

  image_metadata:
    supported_formats:
      - jpg
      - jpeg
      - png
      - tiff
      - heic
    extract_thumbnails: false

  ip_investigation:
    include_whois: true
    include_reverse_dns: true
    port_scan_timeout: 60
    note: "Port scanning requires aggressive privacy level"

  breach_check:
    api_url: "https://haveibeenpwned.com/api/v3"
    rate_limit: 1  # request per 1.5 seconds (HIBP requirement)
    note: "Requires HIBP API key for automation"

# Output settings
output:
  formats:
    - json
    - markdown
  save_to_file: true
  results_directory: "/app/results"

# Logging settings
logging:
  level: INFO
  directory: "/app/logs"
  audit_trail: true

# Rate limiting
rate_limiting:
  slow:
    requests_per_minute: 10
    delay_between_requests: 6
  normal:
    requests_per_minute: 30
    delay_between_requests: 2
  fast:
    requests_per_minute: 60
    delay_between_requests: 1

# API Keys (set via environment variables or Docker secrets)
# These should be set via: docker mcp secret set <name> <value>
api_keys:
  shodan: ${SHODAN_API_KEY}
  censys_id: ${CENSYS_API_ID}
  censys_secret: ${CENSYS_API_SECRET}
  virustotal: ${VIRUSTOTAL_API_KEY}
  hibp: ${HIBP_API_KEY}