Skip to content
Discover Your Attack Surface
Ruby JavaScript HTML Shell Other
Branch: master
Clone or download
Latest commit 519afc2 Jan 15, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
api_client stuff issues in a gem scaffolding in order to allow them to be more e… Jan 12, 2020
app just show name for now Jan 14, 2020
config make procfile a configuration file, and ensure it's created when 'rak… Jan 10, 2020
data get a little smarter about handling network services Jan 4, 2020
db issues should have a uri column Jan 13, 2020
lib fix pretty_name CVE typo Jan 15, 2020
log initial commit Jul 6, 2015
public add aws_region entity type, set it as the type for import/aws_ipv4_ra… Mar 27, 2019
spec more subdomain hijack checks Dec 26, 2019
tmp maintain a tmp directory Mar 19, 2018
util move util/core-console.rb to util/console.rb, fix a few various small… Jan 8, 2020
.bowerrc Use Bower to manage front-end dependencies Jul 21, 2015
.gitignore search_spyonweb task + search_dehashed task Jan 2, 2020
.rbenv-gemsets Revert "Revert "PR fixing Issue 15: Sudoers and NMAP"" Aug 13, 2017
Dockerfile-standalone Update Dockerfile-standalone Dec 26, 2019
Dockerfile-worker Update Dockerfile-worker Dec 26, 2019
Gemfile use yajl for json parsing - memory efficency Jan 2, 2020
Gemfile.lock bump ident, add a check for nil geo in dns_morph Jan 10, 2020
LICENSE.md it's the future yo Jan 10, 2020
Procfile.default make procfile a configuration file, and ensure it's created when 'rak… Jan 10, 2020
README.md Add Anas as a contributor, clean up dev documentation Jan 2, 2020
Rakefile make procfile a configuration file, and ensure it's created when 'rak… Jan 10, 2020
Vagrantfile bump required RAM on vagrantfile Aug 28, 2019
bower.json update bower components, experiment with json on views Dec 28, 2015
config.ru move sentry into core lib Oct 2, 2019
core-cli.rb fix typo Dec 2, 2019
core.rb improve traverseable entity detection Jan 3, 2020
docker-compose.yml dockerfile Dec 1, 2019

README.md

Welcome!

Intrigue-core is a framework for external attack surface discovery and automated OSINT. The framework is designed for use cases such as:

  • Asset Discovery (Application and Infrastructure)
  • Security Research and Vulnerability Scanning
  • Exploratory OSINT (People, Systems, Entities)
  • Malware IOC Enrichment
  • Security-Oriented Data Gathering Pipelines

If you'd like assistance getting started or have development-related questions, feel free to join us in slack channel, simply drop a line to hello@intrigue.io

Users

To get started quickly and play around with an instance, head on over to the Getting Started Guide. We suggest the Docker image as a first place to start. It's actively built on the master branch of Intrigue Core.

Using the web interface

To use the web interface, browse to http://127.0.0.1:7777. Once you're able to connect, you can follow the instructions here: http://core.intrigue.io/up-and-running/

Configuring the system

Many tasks work via external APIs and thus require configuration of keys. To set them up, browse to the "Configure" tab and click on the name of the module. You will be taken to the relevant signup page where you can provision an API key. These keys are ultimately stored in the file: config/config.json.

The API

Intrigue-core is built API-first, allowing all functions in the UI to be automated. The following methods for automation are provided.

API usage via curl

You can use curl to drive the framework. See the example below:

$ curl -s -X POST -H "Content-Type: application/json" -d '{ "task": "create_entity", "entity": { "type": "DnsRecord", "attributes": { "name": "intrigue.io" } }, "options": {} }' http://127.0.0.1:7777/results

API usage via command line (core-cli)

A command line utility has been added for convenience, core-cli.

List all available tasks:

$ bundle exec ./core-cli.rb list

Start a task:

## core-cli.rb start [Project Name] [Task] [Type#Entity] [Depth] [Option1=Value1#...#...] [Handlers] [Strategy Name] [Auto Enrich]
$ bundle exec ./core-cli.rb start new_project create_entity DnsRecord#intrigue.io 3
Got entity: {"type"=>"DnsRecord", "name"=>"intrigue.io", "details"=>{"name"=>"intrigue.io"}}
Task Result: {"result_id":66103}

API SDK (Ruby)

A Ruby gem is available for your convenience: Gem Version

Setting up a development environment

To get started setting up a development environment, follow the instructions below!

While you can build a local setup and develop, we'd suggest starting with one of the following setup guides:

You'll probably want to take a look at the following resources:

Contributors

Intrigue Core would not be possible without hard work, time, and attention from the following contributors:

You can’t perform that action at this time.