Intrigue-core - Framework for Automated Attack Surface Discovery

Intrigue-core - Framework for Automated Attack Surface Discovery

Intrigue-core is a framework for automated attack surface discovery.

There are a number of use cases:
  • Application and Infrastructure (Asset) Discovery
  • Security Research and Vulnerability Discovery
  • Malware Campaign Research & Indicator Enrichment
  • Exploratory OSINT Research

Setting Up a Development Environment

Follow the appropriate setup guide:

Now that you have a working environment, browse to the web interface.

To use the web interface, browse to Once you're able to connect, you can follow the instructions here:

Configuring The System

Many modules require API keys. To set them up, browse to the "Configure" tab and click on the name of the module. You will be taken to the relevant signup page where you can provide an API key.

Intrigue-core is built API-first, allowing all functions in the UI to be easily automated. The following methods for automation are provided.

API usage via core-cli:

A command line utility has been added for convenience, core-cli.

List all available tasks:
$ bundle exec ./core-cli.rb list

Start a task:
$ bundle exec ./core-cli.rb background Default dns_brute_sub 1
Got entity: {"type"=>"DnsRecord", "name"=>"", "details"=>
Task Result: {"result_id":66103}

API usage via curl:

You can use curl to drive the framework. See the example below:
$ curl -s -X POST -H "Content-Type: application/json" -d '{ "task": "example", 
"entity": { "type": "String", "attributes": { "name": "" } }, 
"options": {} }'

No comments

Powered by Blogger.