LoglineLeviathan/data/entities.yaml

bip39:
  entity_type: bip39
  gui_name: BIP39 Wordlist
  gui_tooltip: Outputs BIP39 wordlists, which is parsed from the text by the required
    length, with 0-5 characters in between the words.
  parent_type: category_cryptocurrency
  parser_enabled: true
  regex_pattern: null
  script_parser: bip39.py
btcaddr:
  entity_type: btcaddr
  gui_name: Bitcoin Address
  gui_tooltip: Outputs BTC addresses of the common formats P2PKH, P2SH and Bech32.
  parent_type: category_bitcoin
  parser_enabled: true
  regex_pattern: \b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b
  script_parser: btcaddr.py
btctxid:
  entity_type: btctxid
  gui_name: Bitcoin TXID
  gui_tooltip: Outputs BTC TXIDs.
  parent_type: category_bitcoin
  parser_enabled: true
  regex_pattern: \b[a-fA-F0-9]{64}\b
  script_parser: null
category_bitcoin:
  entity_type: category_bitcoin
  gui_name: Bitcoin
  gui_tooltip: Bitcoin related entities.
  parent_type: category_cryptocurrency
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_communication:
  entity_type: category_communication
  gui_name: Communication
  gui_tooltip: Communication related entities.
  parent_type: root
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_cryptocurrency:
  entity_type: category_cryptocurrency
  gui_name: Cryptocurrency
  gui_tooltip: Cryptocurrency related entities.
  parent_type: root
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_cybersecurity:
  entity_type: category_cybersecurity
  gui_name: Cybersecurity
  gui_tooltip: Cybersecurity related entities.
  parent_type: root
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_internet:
  entity_type: category_internet
  gui_name: Internet
  gui_tooltip: Internet related entities.
  parent_type: root
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_monero:
  entity_type: category_monero
  gui_name: Monero
  gui_tooltip: Monero related entities.
  parent_type: category_cryptocurrency
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_networking:
  entity_type: category_networking
  gui_name: Networking
  gui_tooltip: Networking related entities.
  parent_type: root
  parser_enabled: true
  regex_pattern: null
  script_parser: null
category_special:
  entity_type: category_special
  gui_name: Special Parsers
  gui_tooltip: Special parsers, e.g. created wordlists.
  parent_type: root
  parser_enabled: true
  regex_pattern: null
  script_parser: null
gdocurl:
  entity_type: gdocurl
  gui_name: Google Docs URL
  gui_tooltip: Outputs any possible Google Docs URLs.
  parent_type: url
  parser_enabled: true
  regex_pattern: \bhttps:\/\/docs\.google\.com\/[\w\/.-]*\/d\/[a-zA-Z0-9_-]+(?:\/\S*)?
  script_parser: null
generated_wordlist_match:
  entity_type: generated_wordlist_match
  gui_name: Generated Wordlist Match
  gui_tooltip: Outputs any wordlist matches which are specified by the generated wordlist
    present in the parser directory.
  parent_type: category_special
  parser_enabled: true
  regex_pattern: null
  script_parser: generated_wordlist.py
github:
  entity_type: github
  gui_name: GitHub
  gui_tooltip: Outputs any possible GitHub repositories.
  parent_type: url
  parser_enabled: true
  regex_pattern: \bhttps?:\/\/github\.com\/[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+\/?\S*
  script_parser: null
ipv4:
  entity_type: ipv4
  gui_name: IPv4 Address
  gui_tooltip: Outputs any IPv4 addresses.
  parent_type: category_networking
  parser_enabled: true
  regex_pattern: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
  script_parser: ipv4.py
ipv4pr:
  entity_type: ipv4pr
  gui_name: Private Address Range
  gui_tooltip: Outputs any IPv4 addresses of the private address range.
  parent_type: ipv4
  parser_enabled: true
  regex_pattern: \b(10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2[0-9]|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})\b
  script_parser: ipv4pr.py
ipv4pu:
  entity_type: ipv4pu
  gui_name: Public Address Range
  gui_tooltip: Outputs any IPv4 addresses of the public address range.
  parent_type: ipv4
  parser_enabled: true
  regex_pattern: \b((?!10\.)(?!172\.(1[6-9]|2[0-9]|3[0-1]))(?!192\.168)(?:[0-9]{1,3}\.){3}[0-9]{1,3})\b
  script_parser: ipv4pu.py
ipv6:
  entity_type: ipv6
  gui_name: IPv6 Address
  gui_tooltip: Outputs any IPv6 addresses.
  parent_type: category_networking
  parser_enabled: true
  regex_pattern: (([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))
  script_parser: ipv6.py
macaddr:
  entity_type: macaddr
  gui_name: MAC Address
  gui_tooltip: Outputs any possible MAC addresses.
  parent_type: category_networking
  parser_enabled: true
  regex_pattern: \b(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}\b
  script_parser: null
mailaddr:
  entity_type: mailaddr
  gui_name: EMail Address
  gui_tooltip: Outputs any possible email-addresses.
  parent_type: category_communication
  parser_enabled: true
  regex_pattern: \b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b
  script_parser: null
onionurl:
  entity_type: onionurl
  gui_name: Onion URL
  gui_tooltip: Outputs any possible onion URL.
  parent_type: category_internet
  parser_enabled: true
  regex_pattern: \bhttps?:\/\/[a-z2-7]{16,56}\.onion(?:\/\S*)?
  script_parser: null
telnum:
  entity_type: telnum
  gui_name: Possible Telephone Number
  gui_tooltip: Outputs any possible telephone numbers, this may have some 0-positives.
  parent_type: category_communication
  parser_enabled: true
  regex_pattern: \b(?:\+\d{1,4}\s?)?\d{3}[-.\s]?\d{3}[-.\s]?\d{4}\b
  script_parser: telnum.py
toxid:
  entity_type: toxid
  gui_name: Tox ID
  gui_tooltip: Outputs any possible tox ID, including QTOX. Unverified Regex Pattern.
  parent_type: category_communication
  parser_enabled: true
  regex_pattern: (?<![0-9a-fA-F])[0-9a-fA-F]{76}(?![0-9a-fA-F])
  script_parser: null
url:
  entity_type: url
  gui_name: URL
  gui_tooltip: Outputs any possible URL.
  parent_type: category_internet
  parser_enabled: true
  regex_pattern: \b(?:https?|s?ftp):\/\/[\w\/.-]+(?:\.[a-z]{2,})+\S*
  script_parser: url.py
vulnerability_CVE:
  entity_type: vulnerability_CVE
  gui_name: CVE String
  gui_tooltip: Outputs any possible CVE Vulnerability Identifier.
  parent_type: category_cybersecurity
  parser_enabled: true
  regex_pattern: cve-\d{4}-\d+
  script_parser: null
xmraddr:
  entity_type: xmraddr
  gui_name: Monero Address
  gui_tooltip: Outputs Monero addresses.
  parent_type: category_monero
  parser_enabled: true
  regex_pattern: \b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b
  script_parser: xmraddr.py
category_metadata:
  entity_type: category_metadata
  gui_name: Metadata
  gui_tooltip: Metadata related entities.
  parent_type: root
  parser_enabled: false
  regex_pattern: null
  script_parser: null
timestamp:
  entity_type: timestamp
  gui_name: Timestamp
  gui_tooltip: Timestamp-like entities.
  parent_type: category_metadata
  parser_enabled: false
  regex_pattern: \b\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z\b
  script_parser: timestamp.py