Up and Running with Intrigue-Core

So you’re up and running? Awesome!

Now, to kick the tires, let’s create a project. A project is a namespace for entities, tasks, and scans. It can be specific to an organization, and investigation, or just a random set of things. We’ll name this one “just playing around”:

Intrigue Core 2017-03-07 00-14-55

So now that we’ve created and jumped into a project, let’s go ahead and run single task. Tasks are basic automation units, and they do stuff like look up DNS records, or scraping information off a particular web page. Let’s run a DNS Service Record Bruteforce, which will request specific types of records, and create new DnsRecord entities for us. A couple important points:

  1. Selecting a task will automatically tell you which types they can take in the interface… if a task can only take a DnsRecord, that’s all you’ll be able to select via the task runner.
  2. Selecting a task will also provide options (if available) to you in the interface. These will automatically display as soon as you select the task.
  3. “Iteration Strategy” and “Iterations” are concepts unique to Intrigue. These allow you to utilize the graph generation built into Intrigue to build out a complete picture of a complex entity. For organizational discovery, it’s incredibly powerful.

For now, let’s stay interactive, and leave graph generation for a later tutorial. Go ahead and click “Run Task”

Clicking “Run Task” sends you to a result page, and you’ll see that the page provides both a set of information about the task, as well as a complete log. The most important feature here is the new entities we’ve just created. Notice that new DnsRecords, IpAddresses and NetworkServices are created on our behalf. These are all entities that we can iterate further upon.

Let’s iterate on that first DnsRecord, sip.microsoft.com. Go ahead and click on it and you’ll be taken to the entity’s page.

results

On an entity’s page,  you’ll see all of the stored details, as well as the ability to run a new task on this entity, and just like last time, the task runner populates only the tasks that will operate on a DnsRecord. Let’s go ahead and run an “Nmap Scan” task on this entity. Select the task and hit “Run Task”

iterate

Boom. Just like that, we’re scanning that server, and Intrigue is intelligent enough to parse the results into new entities that we can interact with. Get the idea? Keep going, and see what you can discover!

iterate-further

Important Note! Many tasks require an API key – which you configure in the “Configure” tab.

Each listing has a handy link to the configuration, making it easy to provision an API key:

configure

Don’t forget to check out the “Analysis” views to show you a listing of all entities and a graph of all entities respectively (Graphs are generated on pageview, so you may need to refresh a couple times”

graph

Also, there’s some basic HUD functionality in the graph. You can use this to navigate to the details when you find interesting features in the Graph view.

graph HUD

That’s it for today. You now get the basic concepts of Intrigue and are ready to start discovering!

Have fun!

Please jump in the Gitter channel if you have troubles or want to learn more!