inquisitor – OSINT Gathering Tool for Companies and Organizations

Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence (OSINT) sources.

The key features of Inquisitor include:

The ability to cascade the ownership label of an asset (e.g. if a Registrant Name is known to belong to the target organization, then the hosts and networks registered with that name shall be marked as belonging to the target organization)

The ability transform assets into other potentially related assets through querying open sources such as Google and Shodan

The ability to visualize the relationships of those assets through a zoomable pack layout

It is heavily inspired from how Maltego operates, except in this tool, all transforms are performed automatically.

Installation
To install Inquisitor, simply clone the repository, enter it, and execute the installation script.

git clone http://ift.tt/2nY9Ne0 inquisitorpip install cythonpip install unqlitepython setup.py install

Usage
Inquisitor has five basic commands which include scan , status , classify , dump , and visualize .

usage: inquisitor.py [-h] {scan,status,classify,dump,visualize} …optional arguments: -h, –help show this help message and exitcommand: {scan,status,classify,dump,visualize} The action to perform. scan Search OSINT sources for intelligence based on known assets belonging to the target. status Prints out the current status of the specified intelligence database. classify Classifies an existing asset as either belonging or not belonging to the target. Adds a new asset with the specified classification if none is present. dump Dumps the contents of the database in JSON format visualize Create a D3.js visualization based on the contents of the specified intelligence database.

Scan
In scan mode, the tool runs all available transforms for all the assets you have in your Intelligence Database. Make sure to create API Keys for the various OSINT sources indicated below and provide it to the script lest the transforms using those sources be skipped. Also, make sure you seed your Intelligence Database with some known owned target assets using the classify command first because if the database does not contain any owned assets, there will be nothing to transform.

usage: inquisitor.py scan [-h] [–google-dev-key GOOGLE_DEV_KEY] [–google-cse-id GOOGLE_CSE_ID] [–shodan-api-key SHODAN_API_KEY] DATABASEpositional arguments: DATABASE The path to the intelligence database to use. If specified file does not exist, a new one will be created.optional arguments: -h, –help show this help message and exit –google-dev-key GOOGLE_DEV_KEY Specifies the developer key to use to query Google Custom Search. Visit the Google APIs Console (http://ift.tt/nOzcrL) to get an API key. If notspecified, the script will simply skip asset transforms that involve Google Search. –google-cse-id GOOGLE_CSE_ID Specifies the custom search engine to query. Visit the Google Custom Search Console (http://ift.tt/1KqBvoK) to create your own Google Custom Search Engine. If not specified, the script will simply skip asset transforms that involve Google Search. –shodan-api-key SHODAN_API_KEY Specifies the API key to use to query Shodan. Log into your Shodan account (https://www.shodan.io/) and look at the top right corner of the page in order to view your API key. If not specified, the script will simply skip asset transforms that involve Shodan.

Status
In status mode, the tool simply prints out a quick summary of the status of your scan database.

usage: inquisitor.py status [-h] DATABASEpositional arguments: DATABASE The path to the intelligence database to use. If specified file does not exist, a new one will be created.optional arguments: -h, –help show this help message and exit

Classify
In classify mode, you will be able to manually add assets and re-classify already existing assets in the Intelligence Database. You should use this command to seed your Intelligence Database with known owned target assets.

usage: inquisitor.py classify [-h] [-ar REGISTRANT [REGISTRANT …]] [-ur REGISTRANT [REGISTRANT …]] [-rr REGISTRANT [REGISTRANT …]] [-ab BLOCK [BLOCK …]] [-ub BLOCK [BLOCK …]] [-rb BLOCK [BLOCK …]] [-ah HOST [HOST …]] [-uh HOST [HOST …]] [-rh HOST [HOST …]] [-ae EMAIL [EMAIL …]] [-ue EMAIL [EMAIL …]] [-re EMAIL [EMAIL …]] DATABASEpositional arguments: DATABASE The path to the intelligence database to use. If specified file does not exist, a new one will be created.optional arguments: -h, –help show this help message and exit -ar REGISTRANT [REGISTRANT …], –accept-registrant REGISTRANT [REGISTRANT …] Specifies a registrant to classify as accepted. -ur REGISTRANT [REGISTRANT …], –unmark-registrant REGISTRANT [REGISTRANT …] Specifies a registrant to classify as unmarked. -rr REGISTRANT [REGISTRANT …], –reject-registrant REGISTRANT [REGISTRANT …] Specifies a registrant to classify as rejected. -ab BLOCK [BLOCK …], –accept-block BLOCK [BLOCK …] Specifies a block to classify as accepted. -ub BLOCK [BLOCK …], –unmark-block BLOCK [BLOCK …] Specifies a block to classify as unmarked. -rb BLOCK [BLOCK …], –reject-block BLOCK [BLOCK …] Specifies a block to classify as rejected. -ah HOST [HOST …], –accept-host HOST [HOST …] Specifies a host to classify as accepted. -uh HOST [HOST …], –unmark-host HOST [HOST …] Specifies a host to classify as unmarked. -rh HOST [HOST …], –reject-host HOST [HOST …] Specifies a host to classify as rejected. -ae EMAIL [EMAIL …], –accept-email EMAIL [EMAIL …] Specifies a email to classify as accepted. -ue EMAIL [EMAIL …], –unmark-email EMAIL [EMAIL …] Specifies a email to classify as unmarked. -re EMAIL [EMAIL …], –reject-email EMAIL [EMAIL …] Specifies a email to classify as rejected.

Dump
In dump mode, you will be able to dump the contents of the Intelligence Database into a human-readable JSON file.

usage: inquisitor.py dump [-h] DATABASE JSON_FILEpositional arguments: DATABASE The path to the intelligence database to use. If specified file does not exist, a new one will be created. JSON_FILE The path to dump the JSON file to. Overwrites existing files.optional arguments: -h, –help show this help message and exit

Visualize
In visualize mode, you will be able to acquire a hierarchical visualization of the Intelligence Repository.

usage: inquisitor.py visualize [-h] DATABASE HTML_FILEpositional arguments: DATABASE The path to the intelligence database to use. If specified file does not exist, a new one will be created. HTML_FILE The path to dump the visualization file to. Overwrites existing files.optional arguments: -h, –help show this help message and exit

Download inquisitor http://ift.tt/2nsw2HX http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s