Merge pull request #12 from signedsecurity/add-intelx

README.md

@@ -22,7 +22,7 @@ A passive reconnaissance tool for known URLs discovery - it gathers a list of UR
 ## Features
 
 * Collect known URLs:
-    * Fetches from **[AlienVault's OTX](https://otx.alienvault.com/)**, **[Common Crawl](https://commoncrawl.org/)**, **[URLScan](https://urlscan.io/)**, **[Github](https://github.com)** and the **[Wayback Machine](https://archive.org/web/)**.
+    * Fetches from **[AlienVault's OTX](https://otx.alienvault.com/)**, **[Common Crawl](https://commoncrawl.org/)**, **[URLScan](https://urlscan.io/)**, **[Github](https://github.com)**, **[Intelligence X](https://intelx.io)** and the **[Wayback Machine](https://archive.org/web/)**.
     * Fetches disallowed paths from `robots.txt` found on your target domain and snapshotted by the Wayback Machine.
 * Reduce noise:
     * Regex filter URLs.
@@ -37,10 +37,10 @@ You can download the pre-built binary for your platform from this repository's [
 
 ### From Source
 
-sigurlfind3r requires **go1.14+** to install successfully. Run the following command to get the repo
+sigurlfind3r requires **go1.17+** to install successfully. Run the following command to get the repo
 
 ```bash
-GO111MODULE=on go get -u -v github.com/signedsecurity/sigurlfind3r/cmd/sigurlfind3r
+go install -v github.com/signedsecurity/sigurlfind3r/cmd/sigurlfind3r@latest
 ```
 
 ### From Github
@@ -59,10 +59,11 @@ sigurlfind3r will work after [installation](#installation). However, to configur
 Example:
 
 ```yaml
-version: 1.5.0
+version: 1.6.0
 sources:
     - commoncrawl
     - github
+    - intelx
     - otx
     - urlscan
     - wayback
@@ -71,6 +72,8 @@ keys:
     github:
         - d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
         - asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39
+    intelx:
+        - 2.intelx.io:00000000-0000-0000-0000-000000000000
 ```
 
 ## Usage
@@ -88,7 +91,7 @@ This will display help for the tool.
  ___(_) __ _ _   _ _ __| |/ _(_)_ __   __| |___ / _ __
 / __| |/ _` | | | | '__| | |_| | '_ \ / _` | |_ \| '__|
 \__ \ | (_| | |_| | |  | |  _| | | | | (_| |___) | |
-|___/_|\__, |\__,_|_|  |_|_| |_|_| |_|\__,_|____/|_| 1.5.0
+|___/_|\__, |\__,_|_|  |_|_| |_|_| |_|\__,_|____/|_| 1.6.0
        |___/
 
 USAGE:

cmd/sigurlfind3r/main.go

@@ -15,7 +15,6 @@ import (
 	"github.com/logrusorgru/aurora/v3"
 	"github.com/signedsecurity/sigurlfind3r/internal/configuration"
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r"
-	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/session"
 )
 
 var (
@@ -125,9 +124,10 @@ func main() {
 		SourcesToUse:      options.SourcesToUse,
 		SourcesToExclude:  options.SourcesToExclude,
 		IncludeSubdomains: options.IncludeSubdomains,
-		Keys: &session.Keys{
-			GitHub: options.YAML.Keys.GitHub,
-		},
+		// Keys: &session.Keys{
+		// 	GitHub: options.YAML.Keys.GitHub,
+		// },
+		Keys: options.YAML.GetKeys(),
 	})
 
 	URLs, err := runner.Run(context.Background(), options.Domain)

go.mod

@@ -4,6 +4,7 @@ go 1.15
 
 require (
 	github.com/enenumxela/urlx v0.0.0-20210513065732-e6ca46195405
+	github.com/json-iterator/go v1.1.12
 	github.com/kr/text v0.2.0 // indirect
 	github.com/logrusorgru/aurora/v3 v3.0.0
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80

go.sum

@@ -1,6 +1,12 @@
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/enenumxela/urlx v0.0.0-20210513065732-e6ca46195405 h1:GTaOhTHjej+e0fqH3l5JVrkAD4MRqdpiRYwI7ALO9yw=
 github.com/enenumxela/urlx v0.0.0-20210513065732-e6ca46195405/go.mod h1:be/5CuPqttAAj7oUUgi+ybAwEGv9x3Qj/SkFR1HY8xU=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -9,9 +15,17 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/logrusorgru/aurora/v3 v3.0.0 h1:R6zcoZZbvVcGMvDCKo45A9U/lzYyzl5NfYIvznmDfE4=
 github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 h1:nrZ3ySNYwJbSpD6ce9duiP+QkD3JuLCcWkdaehUS/3Y=
 github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80/go.mod h1:iFyPdL66DjUD96XmzVL3ZntbzcflLnznH0fr99w5VqE=
-golang.org/x/net v0.0.0-20210510120150-4163338589ed h1:p9UgmWI9wKpfYmgaV/IZKGdXc5qEK45tDwwwDyjS26I=
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
 golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -20,7 +34,6 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

internal/configuration/configuration.go

@@ -2,6 +2,7 @@ package configuration
 
 import (
 	"fmt"
+	"math/rand"
 	"os"
 	"path"
 	"strings"
@@ -16,6 +17,7 @@ type YAMLConfiguration struct {
 	Sources []string `yaml:"sources"`
 	Keys    struct {
 		GitHub []string `yaml:"github"`
+		Intelx []string `yaml:"intelx"`
 	}
 }
 
@@ -39,7 +41,7 @@ type Options struct {
 }
 
 const (
-	VERSION = "1.5.0"
+	VERSION = "1.6.0"
 )
 
 var (
@@ -165,5 +167,15 @@ func (config *YAMLConfiguration) GetKeys() session.Keys {
 		keys.GitHub = config.Keys.GitHub
 	}
 
+	intelxKeysCount := len(config.Keys.Intelx)
+	if intelxKeysCount > 0 {
+		intelxKeys := config.Keys.Intelx[rand.Intn(intelxKeysCount)]
+		parts := strings.Split(intelxKeys, ":")
+		if len(parts) == 2 {
+			keys.IntelXHost = parts[0]
+			keys.IntelXKey = parts[1]
+		}
+	}
+
 	return keys
 }

pkg/sigurlfind3r/passive/agent.go

@@ -9,6 +9,7 @@ import (
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping"
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping/sources/commoncrawl"
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping/sources/github"
+	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping/sources/intelx"
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping/sources/otx"
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping/sources/urlscan"
 	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping/sources/wayback"
@@ -36,7 +37,7 @@ func New(sourcesToUse, sourcesToExclude []string) (agent *Agent) {
 }
 
 // Run collects all the known urls for a given domain
-func (agent *Agent) Run(domain string, filterRegex *regexp.Regexp, includeSubdomains bool, keys *session.Keys) (URLs chan scraping.URL) {
+func (agent *Agent) Run(domain string, filterRegex *regexp.Regexp, includeSubdomains bool, keys session.Keys) (URLs chan scraping.URL) {
 	URLs = make(chan scraping.URL)
 
 	go func() {
@@ -75,6 +76,8 @@ func (agent *Agent) addSources(sourcesToUse []string) {
 			agent.sources[source] = &commoncrawl.Source{}
 		case "github":
 			agent.sources[source] = &github.Source{}
+		case "intelx":
+			agent.sources[source] = &intelx.Source{}
 		case "otx":
 			agent.sources[source] = &otx.Source{}
 		case "urlscan":

pkg/sigurlfind3r/scraping/sources.go

@@ -23,6 +23,7 @@ type Source interface {
 var SourcesList = []string{
 	"commoncrawl",
 	"github",
+	"intelx",
 	"otx",
 	"urlscan",
 	"wayback",

pkg/sigurlfind3r/scraping/sources/intelx/intelx.go

@@ -0,0 +1,115 @@
+package intelx
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"time"
+
+	jsoniter "github.com/json-iterator/go"
+	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/scraping"
+	"github.com/signedsecurity/sigurlfind3r/pkg/sigurlfind3r/session"
+)
+
+type searchResponseType struct {
+	ID     string `json:"id"`
+	Status int    `json:"status"`
+}
+
+type selectorType struct {
+	Selectvalue string `json:"selectorvalue"`
+}
+
+type searchResultType struct {
+	Selectors []selectorType `json:"selectors"`
+	Status    int            `json:"status"`
+}
+
+type requestBody struct {
+	Term       string        `json:"term"`
+	Timeout    time.Duration `json:"timeout"`
+	MaxResults int           `json:"maxresults"`
+	Media      int           `json:"media"`
+}
+
+type Source struct{}
+
+func (source *Source) Run(domain string, ses *session.Session, includeSubs bool) (URLs chan scraping.URL) {
+	URLs = make(chan scraping.URL)
+
+	go func() {
+		defer close(URLs)
+
+		if ses.Keys.IntelXKey == "" || ses.Keys.IntelXHost == "" {
+			return
+		}
+
+		searchURL := fmt.Sprintf("https://%s/phonebook/search?k=%s", ses.Keys.IntelXHost, ses.Keys.IntelXKey)
+		reqBody := requestBody{
+			Term:       domain,
+			MaxResults: 100000,
+			Media:      0,
+			Timeout:    20,
+		}
+
+		body, err := json.Marshal(reqBody)
+		if err != nil {
+			log.Fatalln(err)
+			return
+		}
+
+		res, err := ses.SimplePost(searchURL, "application/json", bytes.NewBuffer(body))
+		if err != nil {
+			log.Fatalln(err)
+			return
+		}
+
+		var response searchResponseType
+
+		if err = jsoniter.NewDecoder(res.Body).Decode(&response); err != nil {
+			res.Body.Close()
+			return
+		}
+
+		res.Body.Close()
+
+		resultsURL := fmt.Sprintf("https://%s/phonebook/search/result?k=%s&id=%s&limit=10000", ses.Keys.IntelXHost, ses.Keys.IntelXKey, response.ID)
+		status := 0
+		for status == 0 || status == 3 {
+			res, err = ses.Get(resultsURL, nil)
+			if err != nil {
+				log.Fatalln(err)
+				return
+			}
+
+			var response searchResultType
+
+			if err = jsoniter.NewDecoder(res.Body).Decode(&response); err != nil {
+				res.Body.Close()
+				return
+			}
+
+			_, err = ioutil.ReadAll(res.Body)
+			if err != nil {
+				res.Body.Close()
+				return
+			}
+			res.Body.Close()
+
+			status = response.Status
+			for _, hostname := range response.Selectors {
+				if URL, ok := scraping.NormalizeURL(hostname.Selectvalue, ses.Scope); ok {
+					URLs <- scraping.URL{Source: source.Name(), Value: URL}
+				}
+			}
+		}
+	}()
+
+	return URLs
+}
+
+func (source *Source) Name() string {
+	return "intelx"
+}

pkg/sigurlfind3r/session/session.go

@@ -12,7 +12,10 @@ import (
 )
 
 type Keys struct {
-	GitHub []string `json:"github"`
+	GitHub     []string `json:"github"`
+	Intelx     string   `json:"intelx"` // unused, add just for the purpose of adding * on listing sources
+	IntelXHost string   `json:"intelXHost"`
+	IntelXKey  string   `json:"intelXKey"`
 }
 
 type Scope struct {
@@ -23,11 +26,11 @@ type Scope struct {
 
 type Session struct {
 	Client *http.Client
-	Keys   *Keys
+	Keys   Keys
 	Scope  Scope
 }
 
-func New(domain string, filterRegex *regexp.Regexp, includeSubdomains bool, timeout int, keys *Keys) (*Session, error) {
+func New(domain string, filterRegex *regexp.Regexp, includeSubdomains bool, timeout int, keys Keys) (*Session, error) {
 	client := &http.Client{
 		Transport: &http.Transport{
 			MaxIdleConns:        100,
@@ -50,12 +53,20 @@ func New(domain string, filterRegex *regexp.Regexp, includeSubdomains bool, time
 	}, nil
 }
 
+func (session *Session) Get(getURL string, headers map[string]string) (*http.Response, error) {
+	return session.HTTPRequest(http.MethodGet, getURL, headers, nil)
+}
+
 func (session *Session) SimpleGet(getURL string) (*http.Response, error) {
 	return session.HTTPRequest(http.MethodGet, getURL, map[string]string{}, nil)
 }
 
-func (session *Session) Get(getURL string, headers map[string]string) (*http.Response, error) {
-	return session.HTTPRequest(http.MethodGet, getURL, headers, nil)
+func (session *Session) Post(postURL, cookies string, headers map[string]string, body io.Reader) (*http.Response, error) {
+	return session.HTTPRequest(http.MethodPost, postURL, headers, body)
+}
+
+func (session *Session) SimplePost(postURL, contentType string, body io.Reader) (*http.Response, error) {
+	return session.HTTPRequest(http.MethodPost, postURL, map[string]string{"Content-Type": contentType}, body)
 }
 
 func (session *Session) HTTPRequest(method, requestURL string, headers map[string]string, body io.Reader) (*http.Response, error) {

pkg/sigurlfind3r/sigurlfind3r.go

@@ -26,7 +26,7 @@ type Options struct {
 	SourcesToExclude  []string
 	SourcesToUse      []string
 	IncludeSubdomains bool
-	Keys              *session.Keys
+	Keys              session.Keys
 }
 
 // New creates a new Runner struct instance by parsing