A curses-style interface for automatic takedown notification based on MISP events.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
templates clarified subject Apr 14, 2017
.gitignore keys file added Apr 14, 2017
LICENSE Create LICENSE Mar 2, 2018
README.md Nit-picking Mar 2, 2018
ascii.py initial commit Apr 14, 2017
asciiconfig.py-sample initial commit Apr 14, 2017
keys.py-sample keys file added Apr 14, 2017



A curses-style interface for generating automatic takedown notifications through RT/RTIR using MISP events as input.


This code is a surprisingly well working result of an experiment. However, the code needs improvements here and there. Also, the installation process regarding urlabuse, uwhoisd, MISP and RT/RTIR is not the most straight forward. We'd be happy to find contributors for code improvements and installation documentation. Both could be part of an internship at CIRCL. Reach out if you are interested.


misp-takedown requires a MISP instance (API access) and:

Templates included

A series of notification templates are included, such as:

It can be easily extended to match your abuse notification processes and/or templates.


What it looks like: video screencast


This software is licensed under GNU Affero General Public License version 3

  • Copyright (C) 2017, 2018 Sascha Rommelfangen
  • Copyright (C) 2017, 2018 CIRCL - Computer Incident Response Center Luxembourg