Monday, June 5, 2017

OSINT Gathering Tool: Inquisitor

12:44 PM Leave a Reply
OSINT Gathering Tool: Inquisitor
OSINT Gathering Tool

Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence (OSINT) sources. The key features of Inquisitor include:

The ability to cascade the ownership label of an asset (e.g. if a Registrant Name is known to belong to the target organization, then the hosts and networks registered with that name shall be marked as belonging to the target organization)
The ability transform assets into other potentially related assets through querying open sources such as Google and Shodan
The ability to visualize the relationships of those assets through a zoomable pack layout
It is heavily inspired from how Maltego operates, except in this tool, all transforms are performed automatically.





Concept

     The whole concept of Inquisitor revolves around the idea of extracting information from open sources based on what is already known about a target organization. In the context of Inquisitor these are called “transforms”. Related information may also be immediately retrieved from an known asset based on metadata also retrievable from open sources such as whois and internet registries.



Installation

To install Inquisitor, simply clone the repository, enter it, and execute the installation script.

pip install Cython click
git clone git@github.com:penafieljlm/inquisitor.git
cd inquisitor
python setup.py install


Usage

Inquisitor has five basic commands which include scan, status, classify, dump, and visualize.

usage: inq [-h] {scan,status,classify,dump,visualize} ...

optional arguments:
  -h, --help            show this help message and exit

command:
  {scan,status,classify,dump,visualize}
                        The action to perform.
    scan                Search OSINT sources for intelligence based on known
                        assets belonging to the target.
    status              Prints out the current status of the specified
                        intelligence database.
    classify            Classifies an existing asset as either belonging or
                        not belonging to the target. Adds a new asset with the
                        specified classification if none is present.
    dump                Dumps the contents of the database into a JSON file
    visualize           Create a D3.js visualization based on the contents of
                        the specified intelligence database.

Download