{"id":2566,"date":"2015-08-29T10:48:37","date_gmt":"2015-08-29T10:48:37","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2566"},"modified":"2015-08-29T10:48:37","modified_gmt":"2015-08-29T10:48:37","slug":"intrigue-intelligence-gathering-framework","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2566","title":{"rendered":"Intrigue &#8211; Intelligence Gathering Framework"},"content":{"rendered":"<p><strong>Intrigue-core<\/strong> is an API-first intelligence gathering framework for Internet reconnaissance and research.<br \/>\n<a href=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2015\/08\/Intrigue-Intelligence-Gathering-Framework.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-2567\" src=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2015\/08\/Intrigue-Intelligence-Gathering-Framework.png\" alt=\"Intrigue - Intelligence Gathering Framework\" width=\"1894\" height=\"1198\" \/><\/a><br \/>\n<strong>Setting up a development environment:<\/strong><br \/>\nThe following are presumed available and configured in your environment<\/p>\n<ul>\n<li>redis<\/li>\n<li>sudo<\/li>\n<li>nmap<\/li>\n<li>zmap<\/li>\n<li>masscan<\/li>\n<li>java runtime<\/li>\n<\/ul>\n<p>Sudo is used to allow root access for certain commands ^ , so make sure this doesn&#8217;t require a password:<\/p>\n<pre>your-username ALL = NOPASSWD: \/usr\/bin\/masscan, \/usr\/sbin\/zmap, \/usr\/bin\/nmap\n<\/pre>\n<p>Starting up&#8230;Make sure you have redis installed and running. (Use Homebrew if you&#8217;re on OSX).<br \/>\nInstall all gem dependencies with Bundler (http:\/\/bundler.io\/)<\/p>\n<pre>bundle install\n<\/pre>\n<p>Start the web and background workers. Intrigue will start on 127.0.0.0:7777.<\/p>\n<pre>foreman start\n<\/pre>\n<p>Using the web interface<br \/>\nTo use the web interface, browse to <strong><a href=\"http:\/\/127.0.0.1:7777\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/127.0.0.1:7777<\/a><\/strong><br \/>\nGetting started should be pretty straightforward, try running a &#8220;dns_brute_sub&#8221; task on your domain. Now, try with the &#8220;use_file&#8221; option set to true.<br \/>\nNow, browse to the web interface.<br \/>\n&nbsp;<\/p>\n<h3>API usage via core-cli:<\/h3>\n<p>A command line utility has been added for convenience, core-cli.<br \/>\nList all available tasks:<\/p>\n<pre><code>$ bundle exec .\/core-cli.rb list\n<\/code><\/pre>\n<p>Start a task:<\/p>\n<pre><code>$ bundle exec .\/core-cli.rb start dns_lookup_forward DnsRecord#intrigue.io\n<\/code><\/pre>\n<p>Start a task with options:<\/p>\n<pre><code>$ bundle exec .\/core-cli.rb start dns_brute_sub DnsRecord#intrigue.io resolver=8.8.8.8#brute_list=1,2,3,4,www#use_permutations=true\n[+] Starting task\n[+] Task complete!\n[+] Start Results\n  DnsRecord#www.intrigue.io\n  IpAddress#192.0.78.13\n[ ] End Results\n[+] Task Log:\n[ ] : Got allowed option: resolver\n[ ] : Allowed option: {:name=&gt;\"resolver\", :type=&gt;\"String\", :regex=&gt;\"ip_address\", :default=&gt;\"8.8.8.8\"}\n[ ] : Regex should match an IP Address\n[ ] : No need to convert resolver to a string\n[+] : Allowed user_option! {\"name\"=&gt;\"resolver\", \"value\"=&gt;\"8.8.8.8\"}\n[ ] : Got allowed option: brute_list\n[ ] : Allowed option: {:name=&gt;\"brute_list\", :type=&gt;\"String\", :regex=&gt;\"alpha_numeric_list\", :default=&gt;[\"mx\", \"mx1\", \"mx2\", \"www\", \"ww2\", \"ns1\", \"ns2\", \"ns3\", \"test\", \"mail\", \"owa\", \"vpn\", \"admin\", \"intranet\", \"gateway\", \"secure\", \"admin\", \"service\", \"tools\", \"doc\", \"docs\", \"network\", \"help\", \"en\", \"sharepoint\", \"portal\", \"public\", \"private\", \"pub\", \"zeus\", \"mickey\", \"time\", \"web\", \"it\", \"my\", \"photos\", \"safe\", \"download\", \"dl\", \"search\", \"staging\"]}\n[ ] : Regex should match an alpha-numeric list\n[ ] : No need to convert brute_list to a string\n[+] : Allowed user_option! {\"name\"=&gt;\"brute_list\", \"value\"=&gt;\"1,2,3,4,www\"}\n[ ] : Got allowed option: use_permutations\n[ ] : Allowed option: {:name=&gt;\"use_permutations\", :type=&gt;\"Boolean\", :regex=&gt;\"boolean\", :default=&gt;true}\n[ ] : Regex should match a boolean\n[+] : Allowed user_option! {\"name\"=&gt;\"use_permutations\", \"value\"=&gt;true}\n[ ] : user_options: [{\"resolver\"=&gt;\"8.8.8.8\"}, {\"brute_list\"=&gt;\"1,2,3,4,www\"}, {\"use_permutations\"=&gt;true}]\n[ ] : Task: dns_brute_sub\n[ ] : Id: fddc7313-52f6-4d5a-9aad-fd39b0428ca5\n[ ] : Task entity: {\"type\"=&gt;\"DnsRecord\", \"attributes\"=&gt;{\"name\"=&gt;\"intrigue.io\"}}\n[ ] : Task options: [{\"resolver\"=&gt;\"8.8.8.8\"}, {\"brute_list\"=&gt;\"1,2,3,4,www\"}, {\"use_permutations\"=&gt;true}]\n[ ] : Option configured: resolver=8.8.8.8\n[ ] : Option configured: use_file=false\n[ ] : Option configured: brute_file=dns_sub.list\n[ ] : Option configured: use_mashed_domains=false\n[ ] : Option configured: brute_list=1,2,3,4,www\n[ ] : Option configured: use_permutations=true\n[ ] : Using provided brute list\n[+] : Using subdomain list: [\"1\", \"2\", \"3\", \"4\", \"www\"]\n[+] : Looks like no wildcard dns. Moving on.\n[-] : Hit exception: no address for 1.intrigue.io\n[-] : Hit exception: no address for 2.intrigue.io\n[-] : Hit exception: no address for 3.intrigue.io\n[-] : Hit exception: no address for 4.intrigue.io\n[+] : Resolved Address 192.0.78.13 for www.intrigue.io\n[+] : Creating entity: DnsRecord, {:name=&gt;\"www.intrigue.io\"}\n[+] : Creating entity: IpAddress, {:name=&gt;\"192.0.78.13\"}\n[ ] : Adding permutations: www1, www2\n[-] : Hit exception: no address for www1.intrigue.io\n[-] : Hit exception: no address for www2.intrigue.io\n[+] : Ship it!\n[ ] : Sending to Webhook: http:\/\/localhost:7777\/v1\/task_runs\/fddc7313-52f6-4d5a-9aad-fd39b0428ca5<\/code><\/pre>\n<p>Check for a list of subdomains on intrigue.io:<\/p>\n<pre>$ bundle exec .\/core-cli.rb start dns_brute_sub DnsRecord#intrigue.io resolver=8.8.8.8#brute_list=a,b,c,proxy,test,www\n<\/pre>\n<p>Check the Alexa top 1000 domains for the existence of security headers:<\/p>\n<pre>$ for x in `cat data\/domains.txt | head -n 1000`; do bundle exec .\/core-cli.rb start dns_brute_sub DnsRecord#$x;done\n<\/pre>\n<p>API usage via rubygem<\/p>\n<pre>$ gem install intrigue\n$ irb\n&gt; require 'intrigue'\n&gt; x =  Intrigue.new\n  # Create an entity hash, must have a :type key\n  # and (in the case of most tasks)  a :attributes key\n  # with a hash containing a :name key (as shown below)\n&gt; entity = {\n    :type =&gt; \"String\",\n    :attributes =&gt; { :name =&gt; \"intrigue.io\"}\n  }\n  # Create a list of options (this can be empty)\n&gt; options_list = [\n    { :name =&gt; \"resolver\", :value =&gt; \"8.8.8.8\" }\n  ]\n&gt; x.start \"example\", entity_hash, options_list\n&gt; id  = x.start \"example\", entity_hash, options_list\n&gt; puts x.get_log id\n&gt; puts x.get_result id\n<\/pre>\n<p><strong>API usage via curl:<\/strong><br \/>\nYou can use the tried and true curl utility to request a task run. Specify the task type, specify an entity, and the appropriate options:<\/p>\n<pre class=\"\">$ curl -s -X POST -H \"Content-Type: application\/json\" -d '{ \"task\": \"example\", \"entity\": { \"type\": \"String\", \"attributes\": { \"name\": \"8.8.8.8\" } }, \"options\": {} }' http:\/\/127.0.0.1:7777\/v1\/task_runs\n<\/pre>\n<p style=\"text-align: center;\"><a href=\"https:\/\/github.com\/intrigueio\/intrigue-core\" target=\"_blank\" rel=\"noopener noreferrer\">Download Intrigue-core at GitHub<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intrigue-core is an API-first intelligence gathering framework for Internet reconnaissance and research. Setting up a development environment: The following are presumed available and configured in your environment redis sudo nmap zmap masscan java runtime Sudo is used to allow root access for certain commands ^ , so make sure this doesn&#8217;t require a password: your-username<\/p>\n","protected":false},"author":1,"featured_media":2567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[162],"tags":[228,561],"class_list":["post-2566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-gathering","tag-data","tag-information-gathering"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2566"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2566\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}