Jigsaw.rb Now With SQLite3 Database Support - Pentest Geek

Jigsaw.rb Now With SQLite3 Database Support

Author: Royce Davis Posted In Information Gathering On: 2012/10/30 Comments: 5
Jigsaw.rb Now With SQLite3 Database Support

Get The Code:
https://github.com/pentestgeek/jigsaw/tree/dev

This is just a quick post to highlight some of the new features added to the developmental branch of Jigsaw with SQLite3 support. In order to use this tool you’ll need to first install the ‘sqlite3-ruby’ gem. I do all of my ruby development using version 1.9.2 installed via RVM, so I recommend a similar environment because In my experience installing gems can be tricky when not using RVM.

[crayon show-plain-default=”true”]
$gem install sqlite3-ruby
[/crayon]

The help menu says that you can write to a database instead of a CSV file by using the -D option and specify the name of the .db file you want to output too.

[crayon show-plain-default=”true”]
Royces-MacBook-Pro:jigsaw r3dy$ ./jigsaw-sqlite.rb -h
Jigsaw 1.2-dev ( http://www.pentestgeek.com )
Usage: jigsaw [options]

example: jigsaw -s Google

-i, –id [Jigsaw Company ID] The Jigsaw ID to use to pull records
-f, –file [Input CSV File] Input csv file to read from
-D, –database [SQLite db file] The name of the SQLite3 databse to write to
-s, –search [Company Name] Name of organization to search for
-r, –report [Output Filename] Name to use for report EXAMPLE: ‘-r google’ will generate ‘google.csv’
-d, –domain [Domain Name] If you want you can specify the domain name to craft emails with
-v, –verbose Enables verbose output

Royces-MacBook-Pro:jigsaw r3dy$ [/crayon]

So using this is super simple. If we wanted to pull records from Yahoo we see a similar command line output to what we are used to with previous versions of the tool.

[crayon show-plain-default=”true”]
Royces-MacBook-Pro:jigsaw r3dy$ ./jigsaw-sqlite.rb -i 92041 -d yahoo.com -D mysqlitedatabase.db
Found 308 records in the Sales department.
Found 261 records in the Marketing department.
Found 296 records in the Finance & Administration department.
Found 44 records in the Human Resources department.
Found 60 records in the Support department.
Found 184 records in the Engineering & Research department.
Found 114 records in the Operations department.
Found 230 records in the IT & IS department.
Found 97 records in the Other department.
Wrote 1594 records to mysqlitedatabase.db
Royces-MacBook-Pro:jigsaw r3dy$
[/crayon]

However once the tool is finished running we are left with an SQLite3 database that we can play with. Databases are cool because you can quickly drill down and search for specific information. Like the email address of everybody in North Carolina.

[crayon show-plain-default=”true”]
Royces-MacBook-Pro:jigsaw r3dy$ sqlite3 mysqlitedatabase.db “SELECT email1 FROM records WHERE state = ‘NC'”
brandon.smick@yahoo.com
karla.holman@yahoo.com
kim.burt@yahoo.com
wafa.bever@yahoo.com
emory.pinto@yahoo.com
karina.moises@yahoo.com
mariela.juncos@yahoo.com
emmanuelle.gobbe@yahoo.com
sylvia.borowski@yahoo.com
jason.white@yahoo.com
francois.huynh@yahoo.com
tom.bergeron@yahoo.com
larry.batson@yahoo.com
renee.rabicoff@yahoo.com
buck.dossey@yahoo.com
jon.balli@yahoo.com
elizabeth.capdevila@yahoo.com
Royces-MacBook-Pro:jigsaw r3dy$
[/crayon]

Or maybe you just want to know the number of records in the database that belong to the Human Resources department.

[crayon show-plain-default=”true”]
Royces-MacBook-Pro:jigsaw r3dy$ sqlite3 mysqlitedatabase.db “SELECT count(*) FROM records WHERE department = ‘Human Resources'”
31
Royces-MacBook-Pro:jigsaw r3dy$
[/crayon]

This was just a little taste of the new functionality. In the future I plan to incorporate more complex table scheams and pull down additional information about companies such as revenue and size that can be used in combination with the records table to generate more complex queries. In order to get jigsaw-sqlite.rb just pull down the git repository from the Dev branch. https://github.com/pentestgeek/jigsaw/tree/dev. Thanks very much for reading and keep checking back for more updates.

Share this article

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmail
5 Comments
  • I’m not sure if this is due to Jigsaw getting ready to re-launch their new site, but the script keeps throwing errors. Specifically, ‘Error performing search. undefined method `keys’ for #’

    Have you seen that before?

    Thanks

  • Jason,

    Thank you for your comment. I have updated the github README file to note that Jigsaw runs best under Ruby 1.9.2 installed via RVM. Check and insure that you have the right setup and get back to me.

    https://github.com/pentestgeek/jigsaw

  • I’m getting a syntax error with the latest version that I can’t seem to resolve:

    $ ./jigsaw.rb -h
    ./jigsaw.rb:139: syntax error, unexpected ‘)’, expecting ‘=’
    ./jigsaw.rb:166: syntax error, unexpected kEND, expecting $end

    This is the case with the latest in the master branch (need to use the login flags to get full data)

    I have used previous versions with no issue, excellent program!

  • the sqlite3 gem installed fine for me when using RVM in BT5R3.

    Try installing RVM through this link.

    https://rvm.io/rvm/install/

    Then try installing the gem with ‘rvm gem install’

  • Hi, I had some trouble installing sqlite3-ruby and it was nowhere to be found, can you possible give me a instruction on how to load the command for my backtrack 5 r3? Thanks in advance. David.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Share This

    Recent Posts

    Subscribe To Our Mailing List

    The Ultimate Burp Suite Training Program

    Learn Network Penetration Testing

    Penetration Testing

    Categories

    Metasploit

    Web Application Hacking


    Copyright 2024

    css.php

    Are You Using the Top 5 Pentest Tools?

    Enter your email address to download your copy of our FREE e-book and find out now!

    Thank you, now go check your email!!