Jigsaw.rb Now With SQLite3 Database Support
Get The Code:
This is just a quick post to highlight some of the new features added to the developmental branch of Jigsaw with SQLite3 support. In order to use this tool you’ll need to first install the ‘sqlite3-ruby’ gem. I do all of my ruby development using version 1.9.2 installed via RVM, so I recommend a similar environment because In my experience installing gems can be tricky when not using RVM.
$gem install sqlite3-ruby
The help menu says that you can write to a database instead of a CSV file by using the -D option and specify the name of the .db file you want to output too.
Royces-MacBook-Pro:jigsaw r3dy$ ./jigsaw-sqlite.rb -h
Jigsaw 1.2-dev ( http://www.pentestgeek.com )
Usage: jigsaw [options]
example: jigsaw -s Google
-i, –id [Jigsaw Company ID] The Jigsaw ID to use to pull records
-f, –file [Input CSV File] Input csv file to read from
-D, –database [SQLite db file] The name of the SQLite3 databse to write to
-s, –search [Company Name] Name of organization to search for
-r, –report [Output Filename] Name to use for report EXAMPLE: ‘-r google’ will generate ‘google.csv’
-d, –domain [Domain Name] If you want you can specify the domain name to craft emails with
-v, –verbose Enables verbose output
Royces-MacBook-Pro:jigsaw r3dy$ [/crayon]
So using this is super simple. If we wanted to pull records from Yahoo we see a similar command line output to what we are used to with previous versions of the tool.
Royces-MacBook-Pro:jigsaw r3dy$ ./jigsaw-sqlite.rb -i 92041 -d yahoo.com -D mysqlitedatabase.db
Found 308 records in the Sales department.
Found 261 records in the Marketing department.
Found 296 records in the Finance & Administration department.
Found 44 records in the Human Resources department.
Found 60 records in the Support department.
Found 184 records in the Engineering & Research department.
Found 114 records in the Operations department.
Found 230 records in the IT & IS department.
Found 97 records in the Other department.
Wrote 1594 records to mysqlitedatabase.db
However once the tool is finished running we are left with an SQLite3 database that we can play with. Databases are cool because you can quickly drill down and search for specific information. Like the email address of everybody in North Carolina.
Royces-MacBook-Pro:jigsaw r3dy$ sqlite3 mysqlitedatabase.db “SELECT email1 FROM records WHERE state = ‘NC'”
Or maybe you just want to know the number of records in the database that belong to the Human Resources department.
Royces-MacBook-Pro:jigsaw r3dy$ sqlite3 mysqlitedatabase.db “SELECT count(*) FROM records WHERE department = ‘Human Resources'”
This was just a little taste of the new functionality. In the future I plan to incorporate more complex table scheams and pull down additional information about companies such as revenue and size that can be used in combination with the records table to generate more complex queries. In order to get jigsaw-sqlite.rb just pull down the git repository from the Dev branch. https://github.com/pentestgeek/jigsaw/tree/dev. Thanks very much for reading and keep checking back for more updates.
Share this article
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
Want To Be a Better Pentester
Subscribe to our mailing list and recieve FREE pentest tips, tricks, product reviews, news, article release notifications and more!
The Ultimate Burp Suite Training Program
Learn Network Penetration Testing
- Burp Suite
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications
Web Application Hacking