Intel Scan - Comprehensive Domain Intelligence Tool

Intel Scan is a powerful domain intelligence and security assessment tool designed to gather comprehensive information about domains, subdomains, and associated infrastructure. It's perfect for security researchers, penetration testers, and system administrators.

🌟 Features

Domain Intelligence

• WHOIS Lookup: Detailed domain registration information
• DNS Enumeration: Comprehensive DNS record analysis (A, AAAA, MX, TXT, SOA, etc.)
• SSL/TLS Analysis: Certificate details, expiration, and vulnerabilities
• Subdomain Discovery: Multiple techniques including brute-force and certificate transparency logs

Network Scanning

• Port Scanning: Nmap integration with customizable scan profiles
• Service Detection: Identify running services and their versions
• Vulnerability Scanning: Basic vulnerability detection using NSE scripts
• Network Topology: Discover network devices and their relationships

Web Application Analysis

• Technology Stack: Detect web technologies, frameworks, and CMS
• WAF Detection: Identify web application firewalls and security measures
• HTTP Headers: Analyze security headers and misconfigurations
• Content Discovery: Find hidden directories and files
• Screenshot Capture: Visual reconnaissance with automated screenshots

Security Assessment

• Vulnerability Scanning: Identify common web vulnerabilities
• Security Headers: Check for missing or misconfigured security headers
• SSL/TLS Configuration: Analyze cipher suites and protocol support
• Subdomain Takeover: Check for vulnerable subdomains

Reporting

• Multiple Formats: Generate reports in JSON, HTML, PDF, and TXT
• Executive Summary: High-level overview of findings
• Detailed Findings: Comprehensive technical details for each finding
• Remediation Guidance: Actionable recommendations for identified issues

🚀 Installation

Prerequisites

• Python 3.8 or higher
• Nmap (for port scanning)
• Git (for cloning the repository)

Installation Steps

1. Clone the repository:

   git clone https://github.com/yourusername/intel-scan.git
   cd intel-scan

2. Set up a virtual environment (recommended):

   python -m venv venv
   source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install dependencies:

   pip install -r requirements.txt

4. Install Playwright browsers (required for screenshots):

   playwright install

🛠️ Usage

Basic Scan

python -m intel_scan example.com

Advanced Options

python -m intel_scan example.com \
    --output ./scans \
    --threads 10 \
    --format json,html,pdf \
    --config ./config.json \
    --no-screenshots \
    --no-nmap \
    --verbose

Command-line Arguments

Argument	Description	Default
TARGET	Target domain or IP address to scan	Required
-o, --output	Output directory for scan results	./scans
-t, --threads	Number of threads for concurrent operations	5
-f, --format	Output formats (comma-separated: json,html,pdf,txt)	json,txt
-c, --config	Path to configuration file	config.json
--no-screenshots	Disable screenshot capture	False
--no-nmap	Disable Nmap scanning	False
-v, --verbose	Enable verbose output	False
--version	Show version and exit	N/A

Configuration File

Create a config.json file to customize scan behavior:

{
    "nmap": {
        "default_ports": "1-1000,3000-4000,8000-9000",
        "timing": 3,
        "scripts": "vuln,default"
    },
    "screenshots": {
        "enabled": true,
        "timeout": 30,
        "viewport": {"width": 1280, "height": 800}
    },
    "http": {
        "timeout": 10,
        "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
    },
    "output": {
        "directory": "scans",
        "formats": ["json", "html", "pdf", "txt"]
    },
    "security": {
        "check_headers": true,
        "check_takeovers": true,
        "check_common_vulns": true
    }
}

Command Line Arguments

positional arguments:
  domain                Domain to scan (e.g., example.com)

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Output directory (default: scans)
  -c CONFIG, --config CONFIG
                        Path to configuration file (default: config.json)
  -v, --verbose         Enable verbose output
  --no-screenshots      Disable screenshot capture
  --no-nmap             Disable Nmap scanning
  --threads THREADS     Number of threads for concurrent operations (default: 10)

Configuration

Create a config.json file in the project root to customize scan behavior:

{
    "nmap": {
        "default_ports": "1-1000,3000-4000,8000-9000",
        "timing": 3,
        "scripts": "vuln,default"
    },
    "screenshots": {
        "enabled": true,
        "timeout": 30,
        "viewport": {"width": 1280, "height": 800}
    },
    "http": {
        "timeout": 10,
        "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
    },
    "output": {
        "directory": "scans",
        "formats": ["json", "html"]
    }
}

Output

Scan results are saved in the specified output directory with the following structure:

scans/
└── example.com/
    └── 20231023_123456/
        ├── nmap/
        │   ├── nmap_scan_example_com_123456.json
        │   └── nmap_scan_example_com_123456.xml
        ├── screenshots/
        │   ├── example.com.png
        │   └── sub.example.com.png
        ├── scan_results_20231023_123456.json
        └── scan_results_20231023_123456.html

License

MIT License - See LICENSE for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Disclaimer

This tool is intended for legal security assessment and research purposes only. Use this tool only on systems you own or have explicit permission to test. The developers assume no liability and are not responsible for any misuse or damage caused by this program.