Wednesday, 24 October 2018

Inguma is back, and due team update

As we are approaching Halloween (in the United States, at least) I find quite amusing to announce at this time of the year that Inguma is back from the dead, one more time.

If you like to know the nitty-gritty details about what happened and where we are going, keep reading.  Otherwise:

TL;DR: The Inguma code is now in Github, and we are pivoting it to become a general purpose OSINT tool.

Still here?  Oh, my, you seem to be of the masochistic type.  Let me add some history bits about the project as well.

  • The development team (literally these two dummies writing the blog) is still alive.  No doubt on that.
  • We lost the server that hosted, and the rest of the domains, the Mercurial repository, the wikis and everything else.  We are still in control of DNS and everything but it will take the undersigned (i.e. Ender) some time to come up with a web server, mail server and the rest.
  • Hugo and I have been very far from each other, and not exactly with a lot of time in our hands.  Life changes made things more difficult.  Bokken, the only piece of the project that was still moving forward, became obsolete (more on this later).
  • I was not working as a security professional when I started helping with the project.  Since then, many things have changed and I have been working as such for the last 6 years.  Needless to say, I see the world in a different way now.
  • Inguma was a project that Hugo inherited from hacker extraordinaire Joxean Koret, which was console-only, and which Hugo converted into a dual console-PyGTK application. Bokken, a UI around the reversing framework Radare, was then started around 2011 in the same fashion (a PyGTK application) using the radare Python bindings due to radare being console-only.  We saw the potential to merge it with Inguma in some way, and Bokken became the reversing engine in Inguma apart from being an standalone application.
  • Somewhere in 2015 the Radare team expressed that they would like to use Qt and Hugo remade Bokken in a matter of weeks in C++ and Qt as a new project called iaito.  Some time later, the Radare team decided to stop using it and they adopted it into their Github repos as Cutter.
  • At the same time, Inguma hadn't seen a commit since 2012.  We were very focused on making Bokken a success, and working in a codebase that was as disorganized (due to its long, organic growth) as Inguma was a barrier.  I wanted to add an HTTP server, proper modules, unit tests, move it to GTK+3, and many other things, but ended up putting only half of the work needed for every one of those things.  A true love-hate relationship.
  • At the same time, Hugo had started using Inguma as the base for several personal modified versions with airplane modules for his talks about airplane security (after all, he's a recognized world expert on that field).  He was using it mostly as a pen-testing framework and was reasonably happy with it.
  • So fast forward, and we then lost the server with everything.
And then, several weeks ago, I started to look for free software replacement for Maltego, the Open Source Intelligence program.  And do you know what?

There's none.

I thought of using my experience with Inguma and Bokken to write something simple in GTK+3.  After a couple of tries, I dug into my hard drives and I found my Inguma checkouts.  I realized that I had pretty much everything I needed: a modern UI, most of the heavy work that an interface needs, and a graph engine based on Graphviz.  I could just reuse some of the parts.

Long story short, I talked to Hugo and, while he seemed a bit reluctant at first, I managed to get him excited about reviving Inguma and converting it into something... different.

So that’s it. I’m dropping a lot of the old cruft in Inguma that has been outdated since 2012 or before, bringing it up to speed regarding modern codebases, removing (for now) some of the exploiting/terminals/reconnaissance UI, and adding a lot of features to be able to work as a OSINT manager.

See you out there.  It’s going to be great. 

No comments: