-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy path.env.example
More file actions
215 lines (172 loc) · 7.57 KB
/
.env.example
File metadata and controls
215 lines (172 loc) · 7.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
# ============================================================================
# GEOPOLITICAL THREAT MAPPER - Environment Configuration
# ============================================================================
# Copy this file to .env and fill in your API keys
# All keys are FREE tier unless noted otherwise
# ============================================================================
# ============================================================================
# CYBER LAYER 1: INFRASTRUCTURE EXPOSURE (Shodan-style)
# Maps vulnerable systems, exposed services, and attack surface by country
# ============================================================================
# Shodan - Internet-wide device scanner
# Register: https://account.shodan.io/register
# Free tier: 100 results per search, no filters, 1 query credit/month
SHODAN_API_KEY=
# Criminal IP - Combined Shodan + GreyNoise + VirusTotal alternative
# Register: https://www.criminalip.io/register
# Free tier: Limited credits, 2 searches/day unauthenticated
CRIMINAL_IP_API_KEY=
# LeakIX - Exposed data and misconfigurations
# Register: https://leakix.net/auth/register
# Free tier: Available
LEAKIX_API_KEY=
# ZoomEye - Chinese cyberspace search engine
# Register: https://www.zoomeye.org/login
# Free tier: 20 searches/month
ZOOMEYE_API_KEY=
# Netlas - Attack surface discovery
# Register: https://app.netlas.io/registration/
# Free tier: 50 searches/month
NETLAS_API_KEY=
# ============================================================================
# CYBER LAYER 2: THREAT ACTOR IOCs (OTX-style)
# Correlates with news for APT tracking and campaign attribution
# ============================================================================
# AlienVault OTX - Open Threat Exchange (19M+ IOCs/day)
# Register: https://otx.alienvault.com/accounts/signup/
# Free tier: UNLIMITED - highly recommended
OTX_API_KEY=
# Pulsedive - Community threat intelligence
# Register: https://pulsedive.com/register
# Free tier: Available with limitations
PULSEDIVE_API_KEY=
# GreyNoise - Identifies mass scanners vs targeted attacks
# Register: https://viz.greynoise.io/signup
# Free tier: 10 lookups/day unauth, unlimited with key
GREYNOISE_API_KEY=
# MISP Instance (optional - self-hosted)
# Setup: https://www.misp-project.org/download/
# Free: Self-hosted, unlimited
MISP_URL=
MISP_API_KEY=
# OpenCTI Instance (optional - self-hosted)
# Setup: https://github.com/OpenCTI-Platform/opencti
# Free: Self-hosted, unlimited
OPENCTI_URL=
OPENCTI_API_KEY=
# ============================================================================
# CYBER LAYER 3: ATTACK TELEMETRY (Shadowserver/DShield-style)
# Real-time attack activity, honeypot data, and scan intelligence
# ============================================================================
# DShield/SANS ISC - Honeypot and attack data
# Register: https://isc.sans.edu/register.html
# Free tier: API available
DSHIELD_API_KEY=
# Shadowserver - Global honeypot network (for defenders)
# Register: https://www.shadowserver.org/contact/
# Free tier: Available for network owners/defenders
# Note: Request access via contact form
SHADOWSERVER_API_KEY=
# ============================================================================
# CYBER LAYER 4: VULNERABILITY INTELLIGENCE
# CVE data, exploit information, known exploited vulnerabilities
# ============================================================================
# NVD/NIST - National Vulnerability Database
# Register: https://nvd.nist.gov/developers/request-an-api-key
# Free tier: UNLIMITED (recommended to get key for higher rate limits)
NVD_API_KEY=
# Shodan CVEDB - Fast CVE lookups
# No registration needed for non-commercial use
# Endpoint: https://cvedb.shodan.io/
# Free tier: UNLIMITED
# (No API key required)
# VulDB - Vulnerability database
# Register: https://vuldb.com/?register
# Free tier: Limited
VULDB_API_KEY=
# ============================================================================
# BLOCKLISTS & FEEDS (No API keys required)
# ============================================================================
# These are pulled directly, no authentication needed:
# - FireHOL IP Lists: https://iplists.firehol.org/
# - abuse.ch ThreatFox: https://threatfox-api.abuse.ch/
# - abuse.ch URLhaus: https://urlhaus-api.abuse.ch/
# - abuse.ch MalwareBazaar: https://bazaar.abuse.ch/api/
# - abuse.ch Feodo Tracker: https://feodotracker.abuse.ch/
# - CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
# - DataPlane.org: https://dataplane.org/
# ============================================================================
# AVIATION LAYER (ADS-B)
# ============================================================================
# OpenSky Network - Free flight tracking
# Register: https://opensky-network.org/index.php?option=com_users&view=registration
# Free tier: Anonymous access available, better limits with account
OPENSKY_USERNAME=
OPENSKY_PASSWORD=
# ADS-B Exchange - Unfiltered (includes military)
# Register: https://rapidapi.com/adsbx/api/adsbexchange-com1
# Cost: ~$10/month via RapidAPI (optional but recommended for military)
ADSBX_API_KEY=
# ============================================================================
# GPS/GNSS INTERFERENCE
# ============================================================================
# GPSJAM - Daily interference maps
# No API - scrape from https://gpsjam.org/
# Free: Public data
# SkAI Spoofing Tracker
# No API - data from https://spoofing.skai-data-services.com/
# Free: Uses OpenSky data
# ============================================================================
# NEWS & GEOPOLITICAL EVENTS
# ============================================================================
# GDELT - Global event database
# No API key required
# Endpoint: https://api.gdeltproject.org/
# Free tier: UNLIMITED
# Your Google-News-Scraper
# Configure path to feed.json from your news scraper
NEWS_SCRAPER_FEED_PATH=../Google-News-Scraper/docs/feed.json
NEWS_SCRAPER_API_URL=
# ============================================================================
# MARITIME (from AIS_Tracker integration)
# ============================================================================
# AIS_Tracker API endpoint (your existing system)
AIS_TRACKER_API_URL=http://localhost:8080
# Global Fishing Watch (if not using via AIS_Tracker)
# Register: https://globalfishingwatch.org/our-apis/
# Free tier: Non-commercial use
GFW_API_KEY=
# ============================================================================
# SANCTIONS & ENTITY DATA
# ============================================================================
# OpenSanctions - Aggregated global sanctions
# Register: https://www.opensanctions.org/api/
# Free tier: Bulk downloads free, API has limits
OPENSANCTIONS_API_KEY=
# FleetLeaks (if not using via AIS_Tracker)
# Register: https://www.fleetleaks.com/
FLEETLEAKS_API_KEY=
# ============================================================================
# AI/LLM INTEGRATION (Optional)
# ============================================================================
# OpenAI - For threat analysis and summarization
# Register: https://platform.openai.com/signup
# Cost: Pay per use
OPENAI_API_KEY=
# ============================================================================
# SERVER CONFIGURATION
# ============================================================================
# Server settings
HOST=0.0.0.0
PORT=8081
DEBUG=false
# Database
DATABASE_PATH=./data/threats.db
# Logging
LOG_LEVEL=INFO
LOG_FILE=./logs/threat_mapper.log
# Update intervals (in seconds)
CYBER_UPDATE_INTERVAL=3600
NEWS_UPDATE_INTERVAL=900
AVIATION_UPDATE_INTERVAL=300
MARITIME_UPDATE_INTERVAL=60