IntelX is a Python command-line utility and API wrapper for intelx.io, made to perform any kind of open-source intelligence.
Project description
intelx Python Package
Statistics
Web Statistics
Introduction
intelx.py is a Python command-line utility and API wrapper for intelx.io, made to perform any kind of open-source intelligence.
Statistics from the Python Packaging Index are available from PyPI Stats
Installation
Python Packaging Index
pip install intelx
pip install --index-url https://pypi.python.org/simple/ intelx
GitHub
pip install "intelx @ git+https://github.com/IntelligenceX/SDK#subdirectory=Python"
git clone https://github.com/IntelligenceX/SDK
cd Python
python -m pip install -e .
Docker + VS Code
Setup
Open the Dev Container and get a shell (VS Code)
- Set up the environment variable as described in the Environment Variable section.
- Open the folder Python (that contains .devcontainer/, next to Dockerfile and requirements.txt) in VS Code.
- Ensure Docker is running and the Dev Containers extension is installed.
- Press Ctrl+Shift+P → Dev Containers: Reopen in Container
- If you changed the Dockerfile/requirements: Dev Containers: Rebuild and Reopen in Container.
- After the container opens, go to Terminal → New Terminal — this terminal runs inside the container.
Tips
- Not in a container? Click the green corner button (><) → Reopen in Container.
- Need a clean build? Dev Containers: Rebuild Without Cache.
Configure
- $VIRTUAL_ENV is configured for the path of the virtual environment theefore executing
source $VIRTUAL_ENV/bin/activate - The development dependencies are installed by executing
pip install --no-cache-dir -r ./requirements-dev.txt && pip check
python -m pip install -e .
Setup
To specify the API key to use, you can choose one of two options:
- Setting the
INTELX_KEYenvironment variable. - Manually supplying the
-apikeyargument.
You can get your API key https://intelx.io/account?tab=developer
Environment Variable
Copy .env.sample to .env and set your values. You can create also yours proxies and verify settings.
# create an INTELX_KEY env var with your API key.
INTELX_KEY="00000000-0000-0000-0000-000000000000"
INTELX_BASE_URL="https://2.intelx.io"
$ set -a; source .env; set +a
Via the client
export INTELX_KEY=00000000-0000-0000-0000-000000000000
intelx.py -search riseup.net -apikey "$INTELX_KEY"
or, when running directly from the source tree:
python -m scripts.intelx -search riseup.net -apikey "$INTELX_KEY"
Configuration
On windows, we need to manually configure the command prompt/terminal in order to enable color support. You can do that with the following instructions:
- Create following file
Enable Color.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Console]
"VirtualTerminalLevel"=dword:00000001
- Right Click
Enable Color.reg-> Merge
Usage
Quick search
intelx.py -search riseup.net
Quick search in buckets
intelx.py -search riseup.net -buckets "pastes, darknet.tor"
Search with 100 results
intelx.py -search riseup.net -limit 100
Download Item
The -download argument will set the HTTP request type to a stream,
ultimately returning the raw bytes.
This allows us to download documents such as PDFs, ZIP, Word documents, Excel,
etc.
The -bucket argument is also required.
You may set the filename with the -name argument.
# save item as test.pdf
intelx.py -download 29a97791-1138-40b3-8cf1-de1764e9d09c -bucket
leaks.private.general -name test.txt
View Item
To view the full data of a specific search result, specify the item's ID and
use the --view parameter:
intelx.py -search 3a4d5699-737c-4d22-8dbd-c5391ce805df --view
Export Search
To export the full data of a specific search result, use the --exportfromsearch and --exportfileformat parameters:
intelx.py -search email@email.com --exportfromsearch --exportfileformat 1 -limit 5 -buckets "pastes,leaks.private.general, leaks.logs, whois, usenet"
Extract Email from Phonebook Search
intelx.py -search cia.gov --phonebook emails
Identity Portal
Export Accounts
intelx.py -identity riseup.net --exportaccounts
Data Leaks
intelx.py -identity riseup.net --dataleaks
Usage as a library
To use IntelX it as a library, all you have to do is import it in your project, and initialize the class. If you supply an API key, it will use that, if not, it will automatically select the public API key (limited functionality).
from intelxapi import intelx
intelx = intelx()
Once you have done that, you can use any of the functions defined in the class.
Quick search
To execute a quick search, we can easily just use the intelx.search()
function. See examples/ folder.
from intelxapi import intelx
intelx = intelx('00000000-0000-0000-0000-000000000000')
results = intelx.search('hackerone.com')
Advanced search
By default, the maxresults limit is set to 100 to avoid unnecessarily
overloading the system. This value can be overridden at any time by setting
the maxresults argument. Note that server side limitations might be still
enforced by the API.
from intelxapi import intelx
intelx = intelx('00000000-0000-0000-0000-000000000000')
results = intelx.search('hackerone.com', maxresults=200)
The following arguments have default values, but can be overridden to your choosing:
- maxresults=100
- buckets=[]
- timeout=5
- datefrom=""
- dateto=""
- sort=4
- media=0
- terminate=[]
Timeout is in seconds.
Searching in specific Buckets
To search a for a term within specific buckets (leaks & darknet), you can use the following sample code:
from intelxapi import intelx
b = ['darknet', 'leaks.public', 'leaks.private']
intelx = intelx('00000000-0000-0000-0000-000000000000')
results = intelx.search('hackerone.com', maxresults=200, buckets=b)
results contains the search results.
Note that your account must have access to all specified buckets, otherwise
you will receive the HTTP status code 401 Unauthorized. The "leaks.private"
bucket is only available to certain licenses.
Filtering by Date
Results can be filterede by date. When setting the dateto and datefrom
options, both must be specified. The times have to be included.
from intelxapi import intelx
startdate = "2014-01-01 00:00:00"
enddate = "2014-02-02 23:59:59"
intelx = intelx('00000000-0000-0000-0000-000000000000')
results = intelx.search(
'riseup.net',
maxresults=200,
datefrom=startdate,
dateto=enddate
)
Filtering by Data Type
We can filter results based on their data type using the media argument.
Using the following script, we can filter paste documents dated between 2014-01-01 and 2014-02-02 that have been collected.
You can find a table below with all the media types and their respective IDs.
from intelxapi import intelx
media_type = 1 # Paste document
startdate = "2014-01-01 00:00:00"
enddate = "2014-02-02 23:59:59"
intelx = intelx('00000000-0000-0000-0000-000000000000')
results = intelx.search(
'riseup.net',
maxresults=200,
media=media_type,
datefrom=startdate,
dateto=enddate
)
Statistics
To collect statistics, use the following code:
from intelxapi import intelx
intelx = intelx('00000000-0000-0000-0000-000000000000')
results = intelx.search(
'riseup.net',
maxresults=1000,
)
stats = intelx.stats(results)
print(stats)
Viewing/reading files
There is one fundamental difference between the FILE_VIEW function and
FILE_READ function. Viewing is for quickly viewing contents of a file
(generally assumed to be text).
FILE_READ, on the other hand, is for direct data download.
This means if the resource is a ZIP/Binary or any other type of file, you can reliably get the contents without any encoding issues.
Viewing
from intelxapi import intelx
intelx = intelx()
results = intelx.search('riseup.net')
# use the first result
result = results['records'][0]
# grab file contents of first search result
contents = intelx.FILE_VIEW(result['type'], result['media'],
result['storageid'], result['bucket'])
print(contents)
Reading
To download/read a file's raw data, use the FILE_READ function. The file in
the below example will be saved as file.txt.
from intelxapi import intelx
intelx = intelx()
results = intelx.search('riseup.net')
# save the first search result file as "file.txt"
intelx.FILE_READ(results['records'][0]['systemid'], 0,
results['records'][0]['bucket'], "file.txt")
Other Notes
Media Types
Here is a table listing the media types, along with their respective IDs.
| ID | Media Type |
|---|---|
| 0 | All |
| 1 | Paste document |
| 2 | Paste user |
| 3 | Forum |
| 4 | Forum board |
| 5 | Forum thread |
| 6 | Forum post |
| 7 | Forum user |
| 8 | Screenshot of website |
| 9 | HTML copy of website |
| 13 | Tweet |
| 14 | URL |
| 15 | PDF document |
| 16 | Word document |
| 17 | Excel document |
| 18 | Powerpoint document |
| 19 | Picture |
| 20 | Audio file |
| 21 | Video file |
| 22 | Container file (ZIP/RAR/TAR, etc) |
| 23 | HTML file |
| 24 | Text file |
Format Types
| ID | Format Type |
|---|---|
| 0 | textview of content |
| 1 | hex view of content |
| 2 | auto detect hex view or text view |
| 3 | picture view |
| 4 | not supported |
| 5 | html inline view (sanitized) |
| 6 | text view of pdf |
| 7 | text view of html |
| 8 | text view of word file |
Contribute
Please use the issue tracker to report any bugs, security vulnerabilities or feature requests.
Includes contributions from CSIRTAmericas , zer0pwn, magoo and others
Release
Environment
- Execute
docker pull mcr.microsoft.com/devcontainers/python:3.14-trixie@sha256:882b17d068262c7af4300180ead0ee14423d2c03393778c92435b0ca642dea07in addition to Docker + VS Code instructions - Increment Semantic Version minor
versionofpyproject.toml - Increment
user_agent='IX - Increment
IntelX_SDK/Python/intelx/__init__.py - Increment
requires-pythonofpyproject.tomlto Python Supported Versions - Execute
source ./$VIRUTAL_ENV/bin/activate - Execute
pip install -r requirements-dev.in
PEP 751 Lockfile
- Execute
pip lock -r requirements-dev.txt - Execute
git add pylock.toml - Execute
uv lock - Execute [
git add uv.lock]
Build
- Execute
python3 -m build - Execute
gpg --armor --detach-sign --output intelx-0.8.0.tar.gz.asc intelx-0.8.0.tar.gz - Execute
gpg --armor --detach-sign --output intelx-0.8.0-py3-none-any.whl.asc intelx-0.8.0-py3-none-any.whl - Execute [
cd ./dist] and thenpip install ./intelx-0.8.0.tar.gz
Test
- Execute
intelx.py -search riseup.net - Execute
intelx.py -search riseup.net -buckets "pastes, darknet.tor" - Execute
intelx.py -search riseup.net -limit 100 - Execute
intelx.py -download 29a97791-1138-40b3-8cf1-de1764e9d09c -bucket leaks.private.general -name test.txt - Execute
intelx.py -search 3a4d5699-737c-4d22-8dbd-c5391ce805df --view - Execute
intelx.py -search cia.gov --phonebook emails - Execute
intelx.py -identity riseup.net --exportaccounts - Execute
intelx.py -identity riqseup.net --dataleaks
Release
Change Log
- Execute
git log --grep "cliff" - Execute
git cliff --output ./changelog/0.8.0-CHANGELOG.md 048c4ceaf20bbd8acf4c.. - Edit
./changelog/0.8.0-CHANGELOG.md - Execute
git add ./changelog/0.8.0-CHANGELOG.md
Upload to Python Packaging Index
- Execute
python3 -m twine upload --repository testpypi dist/*
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file intelx-0.8.1.tar.gz.
File metadata
- Download URL: intelx-0.8.1.tar.gz
- Upload date:
- Size: 15.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
53b3251fe5e36a0091d621c20ee1cc5754618820da583486ded3134f0b0a0059
|
|
| MD5 |
fbc728a17fbbbcca56d9a96d837a429a
|
|
| BLAKE2b-256 |
54f8244516b1f920e23ec013de44a487b357c47144a5af704264defa683ace54
|
File details
Details for the file intelx-0.8.1-py3-none-any.whl.
File metadata
- Download URL: intelx-0.8.1-py3-none-any.whl
- Upload date:
- Size: 16.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
87c2f674949a4e8320c81e078bea88e0c943742a3b27cf9fbdcd90009dd42f74
|
|
| MD5 |
c4344e9cbbab471693d112cd8d09716c
|
|
| BLAKE2b-256 |
dc351165de28af20c2afadc19f5a428abb57e3bfe91b2058c5421aedcdd40f13
|