# An Omnibus is defined as a volume containing several novels or other items previously published separately
# and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management.
# By providing an easy to use interactive command line application, users are able to create sessions to investigate various artifacts such as
# IP addresses, domain names, email addresses, usernames, file hashes, Bitcoin addresses, and more as we continue to expand.
# This project has taken motivation from the greats that came before it such as SpiderFoot, Harpoon, and DataSploit
# API keys
# In CLI
> cat apikeys
→ An item to investigate
→ Artificats can be created in two ways:• Using the “new” command or by being discoverd through module execution
→ Cache of artifacts created after starting the Omnibus CLI
→ Each artifact in a session is given an ID to quickly identify and retrieve the artifact from the cache
→ Commands can be executed against an artifact either by providing it's name or it's corresponding session ID
→ Python script that performs some arbitirary OSINT task against an artifact
# Main commands are
| Command | Description |
| session | Start a new session |
| new <artifact> | Create a new artifact for investigation |
| modules | display a list of available modules |
| open <file path> | load a text file list of artifacts into Omnibus as artifacts |
| ls | show all active artifacts |
| rm | remove an artifact from the database |
| wipe | clear the current artifact session |
| cat <xx> | view beautified JSON database records |
| general | overall commands such as help, histiry, quit, set, clear, banner etc. |
| artifacts | display commands specific to artifacts and their management |
| sessions | display helpful commands around managing sessions |
| modules | show a list of all available modules |
# After searching and analyzing, relationships begin to form and you can pivot through connected data points.
# These data points are called Artifacts within Omnibus and represent any item you wish to investigate.
# One of the following type
- IPv4 adress
- Email address
- Bitcoin Address
- File Hash (MD5, SHA1, SHA256, SHA512)
- User name
# Create a new artifact
# Omnibus will auto detect artifact type
# Store a record of the artifact within MongoDB. This record holds the artifact name, type, subtype, module results
# source, notes, tags, children information (as needed) and time of creation.
# Every time you run a module against a created or stored artifact, the database document will be
# updated to reflect the newly discovered information.
# Sessions are temporary caches created via Redis each time you start a CLI session.
# Every time you create an artifact, that artifacts name is added to the Session along with
# a numeric key that makes for easy retrieval, searching, and action against the related artifact.
# If session is for haax.fr
# You can do “virustotal 1” instead of “virustotal haax.fr”
# Sessions are here for easy access to artifacts and will be cleared each time you quit the command line session.
# If you wish to clear the session early, run the command "wipe" and you'll get a clean slate.
# Typing the module name will show you the help information
# Supported modules
- Censys, Clearbit, CSIRTG, Cymon
- DNS resolution, DShield (SANS ISC)
- Full Contact
- Geolocation, Github Username Search
- HackedEmails.coms, HaveIBeenPwned.com, Hurricane Electrics
- IPinfo, IPvoid
- Keybase username lookup,
- Nmap Scanner
- OTX (AlienVault)
- PassiveTotal (RiskIQ), PGP Key Search
- RSS reader
- ThreatCrowd, ThreatExpert, Twitter
- Whois, WhoisMind
# Machines are a simple way to run all available modules for an artifact type against a given artifact.
# This is a fast way if you want to gather as much information on a target as possible using a single command.
# Run and wait (some minutes)
machine <artifact name | session id>
# Take care, it returns a large amount of data and child artifacts