Overview
Redis and ARDB overview
Database Map:
DB0 - Core:
Update keys:
Key |
Value |
|
|
ail:version |
current version |
|
|
ail:update_update_version |
background update name |
|
background update name |
|
... |
|
|
ail:update_error |
update message error |
|
|
ail:update_in_progress |
update version in progress |
ail:current_background_update |
current update version |
|
|
ail:current_background_script |
name of the background script currently executed |
ail:current_background_script_stat |
progress in % of the background script |
Hset Key |
Field |
Value |
ail:update_date |
update tag |
update date |
User Management:
Hset Key |
Field |
Value |
user:all |
user id |
password hash |
|
|
|
user:tokens |
token |
user id |
|
|
|
user_metadata:user id |
token |
token |
|
change_passwd |
boolean |
Set Key |
Value |
user:request_password_change |
user id |
user:admin |
user id |
|
|
user_role:role |
user id |
Zrank Key |
Field |
Value |
ail:all_role |
role |
int, role priority (1=admin) |
DB2 - TermFreq:
Set:
Key |
Value |
TrackedSetTermSet |
tracked_term |
TrackedSetSet |
tracked_set |
TrackedRegexSet |
tracked_regex |
|
|
tracked_tracked_term |
item_path |
set_tracked_set |
item_path |
regex_tracked_regex |
item_path |
|
|
TrackedNotifications |
tracked_trem / set / regex |
|
|
TrackedNotificationTags_tracked_trem / set / regex |
tag |
|
|
TrackedNotificationEmails_tracked_trem / set / regex |
email |
Zset:
Key |
Field |
Value |
per_paste_TopTermFreq_set_month |
term |
nb_seen |
per_paste_TopTermFreq_set_week |
term |
nb_seen |
per_paste_TopTermFreq_set_day_epoch |
term |
nb_seen |
|
|
|
TopTermFreq_set_month |
term |
nb_seen |
TopTermFreq_set_week |
term |
nb_seen |
TopTermFreq_set_day_epoch |
term |
nb_seen |
Hset:
Key |
Field |
Value |
TrackedTermDate |
tracked_term |
epoch |
TrackedSetDate |
tracked_set |
epoch |
TrackedRegexDate |
tracked_regex |
epoch |
|
|
|
BlackListTermDate |
blacklisted_term |
epoch |
|
|
|
epoch |
term |
nb_seen |
DB6 - Tags:
Hset:
Key |
Field |
Value |
per_paste_epoch |
term |
nb_seen |
|
|
|
tag_metadata:tag |
first_seen |
date |
tag_metadata:tag |
last_seen |
date |
Set:
Key |
Value |
list_tags |
tag |
active_taxonomies |
taxonomie |
active_galaxies |
galaxie |
active_tag_taxonomie or galaxy |
tag |
synonym_tag_misp-galaxy:galaxy |
tag synonym |
list_export_tags |
user_tag |
tag:date |
paste |
old:
DB7 - Metadata:
Crawled Items:
Hset:
Key |
Field |
Value |
paste_metadata:item path |
super_father |
first url crawled |
|
father |
item father |
|
domain |
crawled domain:domain port |
|
screenshot |
screenshot hash |
Set:
Key |
Field |
tag:item path |
tag |
|
|
paste_children:item path |
item path |
|
|
hash_paste:item path |
hash |
base64_paste:item path |
hash |
hexadecimal_paste:item path |
hash |
binary_paste:item path |
hash |
Zset:
Key |
Field |
Value |
nb_seen_hash:hash |
item |
nb_seen |
base64_hash:hash |
item |
nb_seen |
binary_hash:hash |
item |
nb_seen |
hexadecimal_hash:hash |
item |
nb_seen |
PgpDump
Hset:
Key |
Field |
Value |
pgpdump_metadata_key:key id |
first_seen |
date |
|
last_seen |
date |
|
|
|
pgpdump_metadata_name:name |
first_seen |
date |
|
last_seen |
date |
|
|
|
pgpdump_metadata_mail:mail |
first_seen |
date |
|
last_seen |
date |
set:
Key |
Value |
set_pgpdump_key:key id |
item_path |
|
|
set_pgpdump_name:name |
item_path |
|
|
set_pgpdump_mail:mail |
item_path |
Hset date:
| Key | Field | Value |
| ------ | ------ |
| pgpdump🔑date | key | nb seen |
| | |
| pgpdump:name:date | name | nb seen |
| | |
| pgpdump:mail:date | mail | nb seen |
zset:
Key |
Field |
Value |
pgpdump_all:key |
key |
nb seen |
|
|
|
pgpdump_all:name |
name |
nb seen |
|
|
|
pgpdump_all:mail |
mail |
nb seen |
set:
Key |
Value |
item_pgpdump_key:item_path |
key |
|
|
item_pgpdump_name:item_path |
name |
|
|
item_pgpdump_mail:item_path |
mail |
Cryptocurrency
Supported cryptocurrency:
Hset:
Key |
Field |
Value |
cryptocurrency_metadata_cryptocurrency name:cryptocurrency address |
first_seen |
date |
|
last_seen |
date |
set:
Key |
Value |
set_cryptocurrency_cryptocurrency name:cryptocurrency address |
item_path |
Hset date:
| Key | Field | Value |
| ------ | ------ |
| cryptocurrency:cryptocurrency name:date | cryptocurrency address | nb seen |
zset:
Key |
Field |
Value |
cryptocurrency_all:cryptocurrency name |
cryptocurrency address |
nb seen |
set:
Key |
Value |
item_cryptocurrency_cryptocurrency name:item_path |
cryptocurrency address |
DB9 - Crawler:
Hset:
Key |
Field |
Value |
service type_metadata:domain |
first_seen |
date |
|
last_check |
date |
|
ports |
port;port;port ... |
|
paste_parent |
parent last crawling (can be auto or manual) |
Zset:
Key |
Field |
Value |
crawler_history_service type:domain:port |
item root (first crawled item) |
epoch (seconds) |
Set:
Key |
Value |
|
screenshot:sha256 |
item path |
|
crawler config:
Key |
Value |
crawler_config:crawler mode:service type:domain |
json config |
automatic crawler config:
Key |
Value |
crawler_config:crawler mode:service type:domain:url |
json config |
exemple json config:
{
"closespider_pagecount": 1,
"time": 3600,
"depth_limit": 0,
"har": 0,
"png": 0
}
ARDB overview
----------------------------------------- SENTIMENT ------------------------------------
SET - 'Provider_set' Provider
KEY - 'UniqID' INT
SET - provider_timestamp UniqID
SET - UniqID avg_score
-
DB 7 - Metadata:
----------------------------------------- BASE64 ----------------------------------------
HSET - 'metadata_hash:'+hash 'saved_path' saved_path
'size' size
'first_seen' first_seen
'last_seen' last_seen
'estimated_type' estimated_type
'vt_link' vt_link
'vt_report' vt_report
'nb_seen_in_all_pastes' nb_seen_in_all_pastes
'base64_decoder' nb_encoded
'binary_decoder' nb_encoded
SET - 'all_decoder' decoder*
SET - 'hash_all_type' hash_type *
SET - 'hash_base64_all_type' hash_type *
SET - 'hash_binary_all_type' hash_type *
ZADD - 'hash_date:'+20180622 hash * nb_seen_this_day
ZADD - 'base64_date:'+20180622 hash * nb_seen_this_day
ZADD - 'binary_date:'+20180622 hash * nb_seen_this_day
ZADD - 'base64_type:'+type date nb_seen
ZADD - 'binary_type:'+type date nb_seen
GET - 'base64_decoded:'+date nd_decoded
GET - 'binary_decoded:'+date nd_decoded