Intrigue Core is the open asset discovery and attack surface enumeration engine that powers Intrigue.io. It integrates and orchestrates a wide variety of OSINT and commercial sources, combining these sources with powerful graph oriented database help illuminate details about assets and exposures.
Intrigue Core is designed for security professionals in both offensive and defensive use cases. The framework is built in Ruby and implements core concepts such as tasks, entities, and machines. It’s is highly flexible and can be used in a variety of use cases – entirely via API.
The primary use case, discovery of assets and exposures, works by allowing the user to create a project, and feed a set of seed entities into the project, and then allowing them to start a Machine which utilizes Tasks to find Entities (assets, applications, and systems) related to the seeds (and their owners), pulling information and combining it from every available and configured source.
Once entities are discovered, we must analyze them to know what they are and how to process them. Intrigue Ident is the application and service fingerprinting library that powers this analysis process within Intrigue Core. It can also be used in standalone mode. For more information on Ident, see: Using Intrigue Ident for Application Fingerprinting
For more information, see our features page.