What is Metabigor?
Metabigor is Intelligence tool, its goal is to do OSINT tasks and more but without any API key.
go install github.com/j3ssie/metabigor@latest
- Searching information about IP Address, ASN and Organization.
- Wrapper for running rustscan, masscan and nmap more efficient on IP/CIDR.
- Finding more related domains of the target by applying various techniques (certificate, whois, Google Analytics, etc).
- Get Summary about IP address (powered by @thebl4ckturtle)
Discovery IP of a company/organization -
The difference between net and netd command is that netd will get the dynamic result from the third-party source while net command will get the static result from the database.
# discovery IP of a company/organization echo "company" | metabigor net --org -o /tmp/result.txt # discovery IP of an ASN echo "ASN1111" | metabigor net --asn -o /tmp/result.txt cat list_of_ASNs | metabigor net --asn -o /tmp/result.txt echo "ASN1111" | metabigor netd --asn -o /tmp/result.txt
Finding more related domains of the target by applying various techniques (certificate, whois, Google Analytics, etc) -
Note some of the results are not 100% accurate. Please do a manual check first before put it directly to other tools to scan.
Some specific technique require different input so please see the usage of each technique.
Using certificate to find related domains on crt.sh
# Getting more related domains by searching for certificate info echo 'Target Inc' | metabigor cert --json | jq -r '.Domain' | unfurl format %r.%t | sort -u # this is old command # Getting more related domains by searching for certificate info echo 'example Inc' | metabigor related -s 'cert'
Wrapper for running rustscan, masscan and nmap more efficient on IP/CIDR -
This command will require you to install
nmap first or at least the pre-scan result of them.
# Only run masscan full ports echo '18.104.22.168/24' | metabigor scan -o result.txt # only run nmap detail scan based on pre-scan data echo '22.214.171.124:21' | metabigor scan -s -c 10 echo '126.96.36.199:21' | metabigor scan --tmp /tmp/raw-result/ -s -o result.txt # run nmap detail scan based on pre-scan data of rustscan echo '188.8.131.52 -> [80,443,2222]' | metabigor scan -R # only run scan with zmap cat ranges.txt | metabigor scan -p '443,80' -z
Using Reverse Whois to find related domains
echo 'example.com' | metabigor related -s 'whois'
Getting more related by searching for Google Analytics ID
# Get it directly from the URL echo 'https://example.com' | metabigor related -s 'google-analytic' # You can also search it directly from the UA ID too metabigor related -s 'google-analytic' -i 'UA-9152XXX' --debug
Get Summary about IP address (powered by
This will show you the summary of the IP address provided like ASN, Organization, Country, etc.
cat list_of_ips.txt | metabigor ipc --json
Extract Shodan IPInfo from internetdb.shodan.io
echo '184.108.40.206' | metabigor ip -open 220.127.116.11:80 18.104.22.168:443 # lookup CIDR range echo '22.214.171.124/24' | metabigor ip -open -c 20 126.96.36.199:80 188.8.131.52:80 # get raw JSON response echo '184.108.40.206' | metabigor ip -json
Painless integrate Jaeles into your recon workflow?
This project was part of Osmedeus Engine. Check out how it was integrated at @OsmedeusEngine
This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only.
Metabigor is made with