An Omnibus is defined as
a volume containing several novels or other items previously published separatelyand that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management.
By providing an easy to use interactive command line application, users are able to create sessions to investigate various artifacts such as IP addresses, domain names, email addresses, usernames, file hashes, Bitcoin addresses, and more as we continue to expand. This project has taken motivation from the greats that came before it such as SpiderFoot, Harpoon, and DataSploit. Much thanks to those great authors for contributing to the world of open source.
The application is written with Python 2.7 in mind and has been successfully tested on OSX and Ubuntu 16.04 environments. This is a beta of the final application and as such there may be some bugs or other weirdness during usage. For the most part Omnibus is fully functional and can be used to begin OSINT investigation right away.
Omnibus is built in a modular manner that allows the easy addition of OSINT data source modules and import/export modules. Each module per category is included in a single directory, and by adding a few lines of code, your module could be the next!
Most cyber investigations begin with one or more technical indicators, such as an IP address, file hash or email address. After searching and analyzing, relationships begin to form and you can pivot through connected data points. These data points are called Artifacts within Omnibus and represent any item you wish to investigate.
Artifacts can be one of the following types:
- IPv4 address
- Email Address
- Bitcoin Address
- File Hash (MD5, SHA1, SHA256, SHA512)
- User Name
Omnibus currently supports the following list of modules. If you have suggestions or modules or would like to write one of your own, please create a pull request. Also, within the Omnibus console, typing the module name will show you the Help information associated with that module.
- DNS subdomain enumeration
- DNS resolution
- DShield (SANS ISC)
- GeoIP lookup
- Full Contact
- Gist Scraping
- GitHub user search
- HackedEmails.com email search
- Hurricane Electric host search
- HIBP search
- PGP Email and Name lookup
- RSS Feed Reader
- Security News Reader
- Web Recon