These endpoints help you get data from a collection.

This section details the collection results api, which allows you to collect the results of a given collection.

Collection Overview

In order to list the overview for a given collection, use the following endpoint

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/overview`

List Recent (New) Entities

To obtain a list of recent entities and their details for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/recent`

When successful, you'll receive a JSON result like the following example:

{
  "success": true,
  "message": "success",
  "result": [
    {
      "name": "104.18.167.96:2087",
      "type": "Intrigue::Entity::NetworkService",
      "first_seen": "2020-04-06 21:51:00 UTC",
      "last_seen": "2020-04-06 21:51:00 UTC",
      "hidden": false,
      "scoped": true,
      "alias_group": "0.111763e6"
    },
    {
      "name": "ssl891693.cloudflaressl.com (247955920622010075277950185382081783190)",
      "type": "Intrigue::Entity::SslCertificate",
      "first_seen": "2020-04-06 21:51:00 UTC",
      "last_seen": "2020-04-06 21:51:00 UTC",
      "hidden": false,
      "scoped": true,
      "alias_group": "0.111806e6"
    },
    {
      "name": "http://104.26.12.18:8880",
      "type": "Intrigue::Entity::Uri",
      "first_seen": "2020-04-06 21:51:00 UTC",
      "last_seen": "2020-04-06 21:51:00 UTC",
      "hidden": false,
      "scoped": true,
      "alias_group": "0.111817e6"
    },
    {
      "name": "https://xzs7juqd8mfs.wpeproxy.com:443",
      "type": "Intrigue::Entity::Uri",
      "first_seen": "2020-04-06 21:51:00 UTC",
      "last_seen": "2020-04-06 21:51:00 UTC",
      "hidden": false,
      "scoped": true,
      "alias_group": "0.111781e6"
    }
  ]
}

List Collection Applications

To obtain a list of applications and their details for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/applications`

When successful, you'll receive a JSON result like the following example:

{
	"success": true,
	"message": "success",
	"result": [{
		"first_seen": "2020-02-12 08:11:23 UTC",
		"last_seen": "2020-04-04 03:04:52 UTC",
		"alias_group": "0.81279e5",
		"name": "http://104.18.210.56:80",
		"organization": "intrigueio",
		"ancestors": [{
			"name": "intrigue.io",
			"type": "Intrigue::Entity::Domain"
		}],
		"task_results": [{
			"name": "simple_scan_on_104.18.210.56",
			"task": "simple_sca",
			"entity_type": "Intrigue::Entity::IpAddress",
			"depth": "0.3e1",
			"entity_name": "104.18.210.56"
		}],
		"details": {
			"code": "403",
			"cloud_providers": [],
			"title": "Directory Listing",
			"content": [{
					"name": "Directory Listing Detected",
					"type": "content",
					"result": true
				},
				{
					"name": "Form Detected",
					"type": "content",
					"result": true
				},
				{
					"name": "File Upload Form Detected",
					"type": "content",
					"result": true
				}, {
					"name": "X-Frame-Options Header",
					"result": true,
					"hide": false,
					"type": "content",
					"issue": false
				}
			],
			"cookies": "__cfduid=daeb7aa7050339f0d233a836b4e2fec511585968625; expires=Mon, 04-May-20 02:50:25 GMT; path=/; domain=.104.18.210.56; HttpOnly; SameSite=Lax",
			"products": [
				[]
			],
			"protocol": "tcp",
			"response_data_hash": "YwHw32HBm2UkTE2g5e6ywOFf4Twhw9adpxKYhRdrReA=",
			"fingerprint": [{
					"product": "Http Server",
					"issue": false,
					"inference": false,
					"vendor": "Apache",
					"vulns": [],
					"cpe": "cpe:2.3:s:Apache:http_server::",
					"match_type": "content_body",
					"type": "fingerprint",
					"match_details": "cloudflare missing page error",
					"tags": [
						"Web Server"
					]
				},
				{
					"product": "Cloudflare",
					"issue": false,
					"inference": false,
					"vendor": "Cloudflare",
					"vulns": [],
					"cpe": "cpe:2.3:s:cloudflare:cloudflare::",
					"match_type": "content_cookies",
					"type": "fingerprint",
					"match_details": "cloudflare cookie",
					"tags": [
						"CDN",
						"WAF"
					]
				}
			],
			"net_name": "CLOUDFLARENET, US",
			"scripts": [
				"/cdn-cgi/scripts/zepto.min.js",
				"/cdn-cgi/scripts/cf.common.js"
			],
			"redirect_chain": [
				"http://104.18.210.56"
			],
			"headers": [
				"date: Sat, 04 Apr 2020 02:50:25 GMT",
				"content-type: text/html; charset=UTF-8",
				"transfer-encoding: chunked",
				"connection: close",
				"set-cookie: __cfduid=daeb7aa7050339f0d233a836b4e2fec511585968625; expires=Mon, 04-May-20 02:50:25 GMT; path=/; domain=.104.18.210.56; HttpOnly; SameSite=Lax",
				"cache-control: max-age=15",
				"expires: Sat, 04 Apr 2020 02:50:40 GMT",
				"x-frame-options: SAMEORIGIN",
				"vary: Accept-Encoding",
				"server: cloudflare",
				"cf-ray: 57e7b8c25d52e0ea-IAD"
			],
			"ip_address": "104.18.210.56",
			"uri": "http://104.18.210.56:80",
			"cloud_hosted": false,
			"request_hosts": [
				"104.18.210.56"
			],
			"host_id": "0.72932e5",
			"api_endpoint": false,
			"scoped": true,
			"port": "0.8e2",
			"service": "http",
			"net_country_code": "US",
			"asn": "AS13335",
			"forms": false
		}
	}]
}

List Collection (Third Party) Suppliers

To obtain a list of third party connections and their details for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/connections`

List Collection Domains

To obtain a list of domains and their details for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/domains`

List Collection Hosts

To obtain a list of hosts for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/hosts

When successful, you'll receive a JSON result like the following example:

{
	"success": true,
	"message": "success",
	"result": {
		"104.18.210.56": {
			"resolutions": [],
			"first_seen": "2020-02-12 08:11:22 UTC",
			"last_seen": "2020-04-04 03:04:51 UTC",
			"net_name": "CLOUDFLARENET, US",
			"geolocation": {
				"continent": "North America",
				"country": "United States",
				"country_code": "US",
				"continent_code": "NA"
			},
			"ports": [
				{
					"number": "0.8443e4",
					"protocol": "tcp"
				}
			],
			"os": "",
			"scoped": true,
			"hidden": false
		},
    "104.18.210.56": {
			"resolutions": [],
			"first_seen": "2020-01-12 08:11:22 UTC",
			"last_seen": "2020-04-04 03:04:51 UTC",
			"net_name": "AMAZON, US",
			"geolocation": {
				"continent": "North America",
				"country": "United States",
				"country_code": "US",
				"continent_code": "NA"
			},
			"ports": [],
			"os": "Linux 2.4.18 - 2.4.22",
			"scoped": true,
			"hidden": false
		},
	}
}

List Collection Issues

To obtain a list of issues for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/issues

When successful, you'll receive a JSON result like the following example:

{
  "success": true,
  "message": "success",
  "result": [
    {
      "entity_type": "Intrigue::Entity::Uri",
      "pretty_name": "Insecure Content Loaded",
      "first_seen": "2020-03-07 02:53:00 UTC",
      "alias_group_id": "0.8119e5",
      "last_seen": "2020-04-04 03:04:50 UTC",
      "name": "insecure_content_loaded",
      "organization": "intrigueio",
      "entity_name": "https://app.intrigue.io:443",
      "confidence": "confirmed",
      "details": {
        "severity": "0.4e1",
        "request": {
          "headers": {
            "Referer": "http://52.201.42.156/",
            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/80.0.3987.149 HeadlessChrome/80.0.3987.149 Safari/537.36"
          },
          "hostname": "uploads.webflow.com",
          "method": "GET",
          "url": "http://uploads.webflow.com/5663ece1cdf237d35fd4480c/5663f7d42900ed96701ee150_404-2.png"
        },
        "remediation": "Investigate the page and ensure all resources are loaded over HTTPS.",
        "pretty_name": "Insecure Content Loaded",
        "references": [
          {
            "type": "description",
            "uri": "https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content"
          }
        ],
        "affected_software": [],
        "name": "insecure_content_loaded",
        "description": "When a browser requested the page, an external resource was requested over HTTP. This resource could be intercepted by a malicious user and they may be able to take control of the information on the page.",
        "insecure_resource_url": "http://uploads.webflow.com/5663ece1cdf237d35fd4480c/5663f7d42900ed96701ee150_404-2.png",
        "category": "application",
        "uri": "https://app.intrigue.io:443",
        "status": "confirmed"
      },
      "scoped": true,
      "description": "When a browser requested the page, an external resource was requested over HTTP. This resource could be intercepted by a malicious user and they may be able to take control of the information on the page.",
      "id": "insecure_content_loaded#fbcd1feb9de409e8c13fe66080a5527ec259f6f5#82cd5d0ab8c9b950c0a1d9963e960077e31b1242",
      "severity": "0.4e1"
    }
  ]
}

List Collection NetBlocks (Networks)

To obtain a list of networks for a given collection, use the following endpoint.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/netblocks

List Collection Products

To obtain a list of products, use the following endpoint

COLLECTION_NAME=example
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/products

When successful, you'll receive a JSON result like the following example:

{
  "success": true,
  "message": "success",
  "result": [
    {
      "product": "Google",
      "count": "2"
    },
    {
      "product": "Cloudflare",
      "count": "12"
    },
    {
      "product": "Heroku",
      "count": "6"
    },
    {
      "product": "JQuery 3.4.1",
      "count": "8"
    },
    {
      "product": "Webflow",
      "count": "6"
    },
    {
      "product": "Twitter Bootstrap 4.3.1",
      "count": "2"
    },
    {
      "product": "Bootstrap",
      "count": "2"
    },
    {
      "product": "Intercom",
      "count": "2"
    },
    {
      "product": "Auth0",
      "count": "2"
    },
    {
      "product": "Readme.io",
      "count": "1"
    },
    {
      "product": "Google Analytics",
      "count": "1"
    },
    {
      "product": "Google AngularJS",
      "count": "1"
    }
  ]
}

List Collection Vulnerabilities

To obtain a list of vulnerabilities, use the following endpoint.

COLLECTION_NAME=example
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
     https://api.intrigue.io/api/collections/$COLLECTION_NAME/vulnerabilities

When successful, you'll receive a JSON result like the following example:

{
  "success": true,
  "message": "success",
  "result": [
    {
      "name": "CVE-2019-11044",
      "cve": "CVE-2019-11044",
      "shortname": "Vulnerability in PHP",
      "description": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.",
      "exploits": [],
      "cwe": "NVD-CWE-Other",
      "score": 2.9,
      "cvss_v2_score": 2.9,
      "cvss_v3_score": null,
      "count": 136,
      "affected": [
        "https://abc.acme.com:443"
      ]
    },
    {
      "name": "CVE-2019-11047",
      "cve": "CVE-2019-11047",
      "shortname": "Out-of-bounds Read on PHP",
      "description": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",
      "exploits": [],
      "cwe": "CWE-125",
      "score": 4.9,
      "cvss_v2_score": 4.9,
      "cvss_v3_score": null,
      "count": 136,
      "affected": [
        "https://abc.acme.com:443"
      ]
    }
  ]
}