[general] # If they keyword must be visible separated from the domain by "." or "-". # Automatically set for keywords with four or less characters. separation_required = false # How the keyword is modified to generate potential phishing domains. # For shorter keywords it may be necessary to disable some scan modes to reduce the number of false positives. # Automatically set for keywords with four or less characters. # Options are: addition, bitsquatting, cyrillic, homoglyph, hyphenation, insertion, omission, plural, repetition, replacement, subdomain, transposition, vowel_swap, dictionary, baikal_char modes = ["addition", "bitsquatting", "cyrillic", "homoglyph", "hyphenation", "insertion", "omission", "plural", "repetition", "replacement", "subdomain", "transposition", "vowel-swap", "dictionary", "baikal-char"] [cert] # Should certificate transparency logs be searched for the keyword? active = true # Should subdomains with the keyword also be matched? subdomains = true [ti] # Should threat intelligence data be searched for the keyword? active = true # Should subdomains with the keyword also be matched? subdomains = true [dns] # Should domains be actively probed with DNS keywords? active = true