OSINT Tool: Metabigor

by | Jun 10, 2022 | Tools

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 4 Minutes

GitHub Link

 

What is Metabigor?

Metabigor by j3ssie is an Intelligence tool, its goal is to do OSINT tasks and more but without any API key.

OSINT stands for “open source intelligence.” It’s all about finding the information you can legally access, through legal means. OSINT is mainly done online, but it can be done offline as well. Pentesters use OSINT to research their targets, and threat intelligence specialists use OSINT to learn about cyber threats.

 

Installation

 

go install github.com/j3ssie/metabigor@latest

 

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

 

Main features

  • Searching information about IP Address, ASN and Organization.
  • Wrapper for running rustscan, masscan and nmap more efficient on IP/CIDR.
  • Finding more related domains of the target by applying various techniques (certificate, whois, Google Analytics, etc).
  • Get Summary about IP address (powered by @thebl4ckturtle)

 

 

Usage

 

Discovery IP of a company/organization – metabigor net

The difference between net and netd command is that netd will get the dynamic result from the third-party source while net command will get the static result from the database.

# discovery IP of a company/organization

echo 'company' | metabigor net --org -o /tmp/result.txt

# discovery IP of an ASN

echo 'ASN1111' | metabigor net --asn -o /tmp/result.txt

cat list_of_ASNs | metabigor net --asn -o /tmp/result.txt

echo 'ASN1111' | metabigor netd --asn -o /tmp/result.txt


 

Finding more related domains of the target by applying various techniques (certificate, whois, Google Analytics, etc) – metabigor related

Note some of the results are not 100% accurate. Please do a manual check first before put it directly to other tools to scan.

Some specific technique require different input so please see the usage of each technique.

 

Using certificate to find related domains on crt.sh

 

# Getting more related domains by searching for certificate info

echo Target Inc | metabigor cert --json| jq -r .Domain| unfurl format %r.%t | sort -u # this is old command

# Getting more related domains by searching for certificate info

echo example Inc | metabigor related -s cert

 

Wrapper for running rustscan, masscan and nmap more efficient on IP/CIDR – metabigor scan

 

This command will require you to install masscan, rustscan and nmap first or at least the pre-scan result of them.

# Only run masscan full ports

echo 1.2.3.4/24 | metabigor scan -o result.txt

# only run nmap detail scan based on pre-scan data

echo 1.2.3.4:21 | metabigor scan -s -c 10

echo 1.2.3.4:21 | metabigor scan --tmp /tmp/raw-result/ -s -o result.txt

# run nmap detail scan based on pre-scan data of rustscan

echo 1.2.3.4 -> [80,443,2222] | metabigor scan -R

# only run scan with zmap

cat ranges.txt | metabigor scan -p 443,80 -z


 

See Also: Recon Tool: Domain Analyzer

 

Using Reverse Whois to find related domains

 

echo example.com | metabigor related -s whois

 

Getting more related by searching for Google Analytics ID

 

# Get it directly from the URL

echo https://example.com | metabigor related -s google-analytic

# You can also search it directly from the UA ID too

metabigor related -s google-analytic -i UA-9152XXX --debug


 

See Also: Write up: Find hidden and encrypted secrets from any website

 

 

Get Summary about IP address (powered by @thebl4ckturtle) – metabigor ipc

 

This will show you the summary of the IP address provided like ASN, Organization, Country, etc.

cat list_of_ips.txt | metabigor ipc --json

 

Extract Shodan IPInfo from internetdb.shodan.io

 

echo 1.2.3.4 | metabigor ip -open

1.2.3.4:80

1.2.3.4:443

# lookup CIDR range

echo 1.2.3.4/24 | metabigor ip -open -c 20

1.2.3.4:80

1.2.3.5:80

# get raw JSON response

echo 1.2.3.4 | metabigor ip -json

 

See Also: The Difference between Vulnerability Assessment and Pentesting

 

Demo

Merch

Recent Articles

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This