Releases: intrigueio/intrigue-core
Intrigue Core v1.0.0
Intrigue Core v0.8.0!
Announcing the immediate availability of Intrigue Core v0.8.0, the open attack surface enumeration engine and the core of the Intrigue.io platform.
NEW FEATURES
In this (yet again) truly MASSIVE release, you’ll find the following key features:
- In-App Workflows powered by user-definable YAML files
- Improved Vulnerability Discovery Capabilities
- Asynchronous DNS and HTTP bringing new levels of speed
- 30 new integrations and discovery capabilities
- 26 new vulnerability and misconfiguration checks
- VMWare and VirtualBox images in adidition to the existing Docker image
Get it now at https://core.intrigue.io or read on for the goods.
Announcing .… Workflows
The most immediately distinctive feature of this release is something we’ve wanted to add support for, for many years, Automated Workflows. Workflows fully replace the now-legacy concept of “machines” in the platform with a simpler, friendlier YAML syntax but largely the same functionality. Meaning, they’re recursive by default, and when a new entity is created in a project with a workflow is attached to it, it will automatically schedule and run the relevant tasks that the workflow specifies. This, in combination with UX support for workflows makes it easier than ever to discover the attack surface of organizations; and further, for users to build out custom automation on top of the raw capabilities and tasks of Intrigue Core. Check it out:
You’ll notice now, after creating a new project, that you’re directed to the workflows screen and encouraged to enter as many “hints” as you can, and Core takes what you offer and builds upon it using the selected workflow: And if you like the old way of doing it (where a workflow is started on each new entity that’s discovered from a first import or task, you can do that too.
Also a bit of new shiny on the graphing capabilities, now supporting WebGL and highlighting entities worthy of further investigation:
While there’s much to discuss about the other new features and capabilities, we’ll leave the deep dive for a follow-on post. In the meantime, check out some of the new capabilities below.
VMWare and Virtualbox Images
One of the most common pieces of feedback is a request to supply a pre-built image of Intrigue Core for ease of use getting started with the platform. By popular demand, we now support both VirtualBox and VMWare images, and you can download them at https://core.intrigue.io.
But wait, there's more!
Many of these new capabilities are worthy of a post on their own, and there’s simply so many, that all we can do is point out major highlights and trends, such as:
- Integrations to pull DNS Zone files (aws_route53, cloudflare_dns, etc)
- Integrations to search and pull metadata from Mobile App stores like IoS and Android
- Unauthenticated and automated API Endpoint discovery
- Content Discovery on app endpoints using Ffuf, link extraction and other techniques
- Integration of great open source tooling like Ffuf, Subfinder, and Naabu
- Deeper integration with great services such as BinaryEdge, Spyse, and Zetalytics (there are so many now!)
The full list of individual new tasks in this release is as follows:
- aws_route53
- cloudflare_dns
- dns_search_tls_cert_names
- naabu_scan
- saas_servicenow_check
- saas_servicenow_open_kb_articles
- search_42matters
- search_apptweak
- search_azure_blob
- search_binaryedge_open_databases
- search_c99_subdomainfinder
- search_dnsimple
- search_farsight_dnsdb
- search_hostio
- search_mnemonic
- search_neutrino_api
- search_recon_dev
- search_spyse
- search_spyse_cert
- search_spyse_domain
- search_whoisxmlapi
- subfinder
- uri_brute_generic_content
- uri_brute_vhosts
- uri_check_api_endpoint
- uri_check_retirejs
- uri_extract_linked_hosts
- uri_extract_tokens
- uri_ffuf_content_discovery
- wordpress_enumerate_leaked_logs
NEW ENTITIES
To support all these great capabiltiies, you’ve gotta be able to represent the data types, and thus, the following new entities have been added since the last release. While an entity itself might not be exciting, the ability to open up new use cases brings fun challenges and you can expect even more entities in 2021.
- android_app
- api_endpoint
- github_search_result
- ios_app
- mailserver
- unique_keyword
- unique_token
NEW VULNERABILITY CHECKS
On some days this last year, it felt like literally every webapp and/or network appliance was under threat. 2020 did bring the “wow” CVEs, such as the F5 BigIP bug or RCEs in Sharepoint, Exchange, GlobalProtect…. yep… wow. The checks we now support are below, and the best thing is that these are all automatically driven by fingerprinting. If you find a GlobalProtect instance, and vulnerability checks are enabled for a project, it’ll automatically be tested. Attack surface enumeration should be easy – and ACCURATE – and these checks go a long way in making that a reality.
- vuln/atlassian_dataexposure_cve_2020_14179
- vuln/cisco_asa_limited_file_read_cve_2020_3452
- vuln/cisco_asa_path_traversal_cve_2018_0296
- vuln/citrix_netscaler_codeinjection_cve_2020_8194
- vuln/craft_cms_seomatic_cve_2020_9757
- vuln/f5_bigip_configuration_utility_cve_2020_5902
- vuln/hadoop_yarn_unathenticated_resourcemanager
- vuln/icewarp_xss_cve_2020_8512
- vuln/microsoft_exchange_cve_2020_0688
- vuln/microsoft_exchange_cve_2020_16875
- vuln/microsoft_sharepoint_cve_2020_16952
- vuln/mobileiron_multiple_cves
- vuln/nextjs_path_traversal_cve_2020_5284
- vuln/paloalto_globalprotect_check_cve_2020_2021
- vuln/saas_gitlab_open_reg_check
- vuln/solarwinds_orion_code_compromise
- vuln/sonatype_nexus_cve_2020_10204
- vuln/sonicwall_cve_2020_5135
- vuln/telerik_crypto_weakness_cve_2017_9248
- vuln/tomcat_ghostcat_cve_2020_1938
- vuln/tomcat_persistent_manager_cve_2020_9484
- vuln/wordpress_file_manager_command_injection_rce
- vuln/wordpress_loginizer_cve_2020_27615
NEW THREAT INTEGRATIONS
While threat discovery and enrichment is still a nascent use case for the platform, the core team brought the goods, with even more direct integrations of high quality threat feeds to verify if a given IoC (entity) was found in their database, and where possible – the reason why. Expect this use case will continue to steadily improve in the new year.
- threat/search_apility
- threat/search_badips
- threat/search_blcheck_list
- threat/search_blocklistde
- threat/search_dshield
- threat/search_emerging_threats
- threat/search_fraudguard
- threat/search_greynoise
- threat/search_ibm_x_force
- threat/search_ipqs
- threat/search_ipqs_emailaddress
- threat/search_pulsedive
- threat/search_talos_blacklist
BUGFIXES
Luckily we had no bugs in the last release, so this one will continue that illustrious tradition of perfect and bug-free software. (Just kidding, there were simply way too many to mention. You know how to find them.) Security fixes, feature fixes, and all around improving the user experience were a big focus.
Get it now at https://core.intrigue.io!
Intrigue Core v0.7.1
Intrigue Core v0.7.1!
Key Improvements:
- Upgrade to postgres 12 in the standalone container
- Adds a "Threat Investigation" machine for easily investigating IoC's
- Adds a "threat/blcheck_list", which checks an IpAddress or Domain against more than 100 Blacklists
- Adds a "search_greynoise" task
- Adds "cloud_hosted" and "cloud_provider" detection for Uri entities
- Adds vulnerability check for CVE-2020-0688 (Exchange RCE)
- Adds vulnerability check for CVE-2020-1038 (Ghostcat)
- Adds task and issue to check for open Gitlab registration
- Improvements to subdomain hijack check
- Upgrade Apache Tika to latest version (1.24)
- Improvements to "search_dehashed" task
- Improvements and Bugfixes to Vagrant setup (thanks @thoku1!)
- Improvements to Whoisology, HIBP
- Improvements to Netblock-based Scoping
- More fingerprints from Ident
- New issues: wpengine configuration file leak, wordpress debug.log leak
Huge thanks to @AnasBensalah for his work on this release!
Version 0.7
It's been a long time. So much goodness in here. Check the release notes: https://core.intrigue.io/2020/02/11/intrigue-core-v0-7-released/
Version 0.5
July 2018 Release. See release notes at https://wp.me/p4TdkW-7e
Version 0.4
RSA 2018 Release