Tapir is a framework designed to make it easy to discover interesting data about entities - organizations, users, computers, and networks - on the web, using common (and not so common) OSINT techniques.
At the core of Tapir are entities (implemented and database-backed with Mongoid) and the tasks (implemented as small, structured ruby scripts like Metasploit modules) to modify and create entities. Tapir entities are real-world objects that we want to discover more information about.
Tapir tasks are the code that operate on the entities to create findings, new entities, or modify existing entities. Tasks are simple to create, have just enough structure, and harness the power of Ruby to extend the framework in useful ways. Have a look at the existing tasks in the lib/tapir/tasks directory.
Tapir keeps track of entities generated by each task for you. For example, if you add a host entity, and run a 'geolocate_host' task, you'll find that the physical address generated by the task is now a child of that host (and the host is now a parent of that physical address). You can view, modify, and programmatically query and inspect these relationships.
- 05/07/2013 - Mongo is now used as the datastore. Generic Entities!
- 06/18/2012 - Cleaned up Web UI and background tasks! Renamed to Tapir!
- 02/25/2012 - The EAR Project has a stubbed out web UI, and is on its way to v1.0!
- 12/16/2011 - The EAR Project has been updated to Rails 3!
- 06/01/2011 - (or some time around here) Initial version of EAR spawned for #AHA.
Tapir is currently tested and working on:
- OS X 10.5.x+
- Ubuntu Linux 9.10+
These prerequisites can be installed via apt:
sudo apt-get install nmap qt4-qmake libnokogiri-ruby1.8 libxslt-dev libxml2-dev libqt4-dev libpcap-dev libpq-dev libsqlite3-dev
Mongo can be installed with the following:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/10gen.list
sudo apt-get update
sudo apt-get install mongodb-10gen
See: http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/ for more information
Brew can be used to install prerequisites on OSX:
brew install qt
brew install nmap
brew install mongo
Execute the bundle installer:
$ gem install bundle # from within the tapir application root
$ bundle install # from within the tapir application root
$ bundle exec rake db:seed # from within the tapir application root
To start the server, in the root of the Tapir directory, run:
$ bundle exec rackup
Now browse to http://[server_name]:9292, and you're in the jungle baby!
Once you have a database, simply run $ bundle exec ./util/console.rb - this will give you access to a shell from which you can create entities and run tasks against them.
Creating a host entity & running tasks:
tapir> h = Tapir::Entities::Host.create(:ip_address => "8.8.8.8")
tapir> h.run_task("dns_reverse_lookup",{})
tapir> h.run_task("geolocate_host",{})
tapir> h.children
The latest geolitecity (geolocation) data can be pulled by running:
$ data/geolitecity/get_latest.sh
Installation of therubyracer gem might fail due to an invalid GEM specification file, refer to the following link for details:
https://github.com/cowboyd/therubyracer/issues/140#issuecomment-4707363