Skip to content
1337skills 1337skills

Metabigor

Metabigor is an OSINT (Open Source Intelligence) tool for discovering IP networks, ASN ranges, and subdomain information from a single query. It aggregates data from multiple public sources.

Installation

Linux/Ubuntu

# Install Go (required)
wget https://golang.org/dl/go1.20.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin

# Clone Metabigor
git clone https://github.com/j3ssie/metabigor.git
cd metabigor

# Build
go build -o metabigor

# Install
sudo mv metabigor /usr/local/bin/

Kali Linux

# Via apt
sudo apt install metabigor

# Or build from source
git clone https://github.com/j3ssie/metabigor.git
cd metabigor
go build -o metabigor
sudo mv metabigor /usr/local/bin/

macOS

# Install Go
brew install go

# Clone and build
git clone https://github.com/j3ssie/metabigor.git
cd metabigor
go build -o metabigor
sudo mv metabigor /usr/local/bin/

Basic Commands

# Show help
metabigor -h

# Version
metabigor --version

# List available modules
metabigor -l

ASN Enumeration

Lookup ASN by Organization

# Query by organization name
metabigor asn -c "Company Name"

# Get all IP ranges
metabigor asn -c "Company Name" -o json

# Multiple organizations
metabigor asn -c "Company Name" -c "Another Company"

Lookup ASN by Number

# Query by ASN number
metabigor asn -n AS15169

# Get specific ASN details
metabigor asn -n AS15169 -o json

# Export to CIDR
metabigor asn -n AS15169 | grep CIDR

Export IP Ranges

# Get CIDR ranges for organization
metabigor asn -c "Google" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+'

# Save to file
metabigor asn -c "Google" > google_ranges.txt

# Convert to nmap format
metabigor asn -c "Google" | grep CIDR | awk '{print $3}' > google_targets.txt

IP Range Discovery

CIDR Block Enumeration

# Expand CIDR block
metabigor net -c 192.168.0.0/24

# Get network information
metabigor net -c 10.0.0.0/16 -o json

# Multiple networks
metabigor net -c 192.168.0.0/24 -c 10.0.0.0/24

Autonomous System Enumeration

# Get all ASNs for domain
metabigor asn -d example.com

# Find associated IP ranges
metabigor asn -d example.com -o json

Subdomain Discovery

Domain Enumeration

# Basic subdomain discovery
metabigor subdomain -d example.com

# Save results
metabigor subdomain -d example.com -o json > subdomains.json

# Multiple domains
metabigor subdomain -d example.com -d example.org

Bulk Subdomain Discovery

# From file
metabigor subdomain -l domains.txt

# Output format
metabigor subdomain -l domains.txt -o csv > all_subdomains.csv

IP Geolocation & Metadata

IP Information Lookup

# Single IP
metabigor ip -i 8.8.8.8

# IP range
metabigor ip -i 8.8.8.0/24

# Get detailed info
metabigor ip -i 1.1.1.1 -o json

Reverse DNS & Whois

# Whois lookup
metabigor whois -i 8.8.8.8

# Reverse DNS
metabigor rdns -i 8.8.8.8

# Bulk whois
metabigor whois -l ips.txt

Complete OSINT Workflow

Organization Reconnaissance

#!/bin/bash
# Full OSINT scan of organization

ORG="Target Company"
OUTPUT_DIR="recon_$(date +%Y%m%d_%H%M%S)"

mkdir -p $OUTPUT_DIR

echo "[*] Starting OSINT reconnaissance for: $ORG"

# 1. Find ASN
echo "[*] Finding ASN..."
metabigor asn -c "$ORG" > $OUTPUT_DIR/asn.txt
ASN=$(grep "^AS" $OUTPUT_DIR/asn.txt | awk '{print $1}' | head -1)
echo "[+] Found ASN: $ASN"

# 2. Get IP ranges
echo "[*] Extracting IP ranges..."
metabigor asn -n $ASN -o json | jq -r '.[] | .CIDR' > $OUTPUT_DIR/cidr_ranges.txt

# 3. Find subdomains
echo "[*] Enumerating subdomains..."
metabigor subdomain -d example.com -o json > $OUTPUT_DIR/subdomains.json

# 4. Generate targets for scanning
echo "[*] Generating scan targets..."
cat $OUTPUT_DIR/cidr_ranges.txt > $OUTPUT_DIR/targets.txt
jq -r '.[] | .domain' $OUTPUT_DIR/subdomains.json >> $OUTPUT_DIR/targets.txt

# 5. Generate report
echo "[*] Generating report..."
cat > $OUTPUT_DIR/report.txt << EOF
OSINT Reconnaissance Report
Organization: $ORG
Date: $(date)

ASN Information:
$(cat $OUTPUT_DIR/asn.txt)

IP Ranges:
$(cat $OUTPUT_DIR/cidr_ranges.txt)

Total Targets: $(wc -l < $OUTPUT_DIR/targets.txt)
EOF

echo "[+] Reconnaissance complete!"
echo "[*] Results saved in: $OUTPUT_DIR"

Advanced Searching

Custom Module Execution

# List available modules
metabigor -l

# Execute specific module
metabigor [module] [options]

# Example modules:
# asn - ASN enumeration
# net - Network enumeration
# subdomain - Subdomain discovery
# ip - IP information
# cert - Certificate search
# whois - Whois lookup

JSON Output & Parsing

# Get JSON output
metabigor asn -c "Google" -o json

# Parse with jq
metabigor asn -c "Google" -o json | jq '.[] | .CIDR'

# Extract specific fields
metabigor asn -c "Google" -o json | jq -r '.[] | "\(.ASN) - \(.CIDR)"'

# Count results
metabigor asn -c "Google" -o json | jq length

Integration with Other Tools

Nmap Integration

# Extract targets for Nmap
metabigor asn -c "Google" | grep CIDR | awk '{print $3}' > targets.txt

# Scan with Nmap
nmap -iL targets.txt -p 80,443 -sV

# Or directly
metabigor asn -c "Google" | grep CIDR | awk '{print $3}' | while read cidr; do
    nmap -p 80,443 $cidr
done

Shodan Integration

# Get IP ranges
metabigor asn -c "Target" | grep CIDR | awk '{print $3}' > ranges.txt

# Query Shodan (requires API key)
for range in $(cat ranges.txt); do
    shodan search "net:$range" --fields ip_str,port,org
done

Passive DNS Enrichment

# Get subdomains
metabigor subdomain -d example.com -o json | jq -r '.[] | .domain'

# Resolve with host/nslookup
metabigor subdomain -d example.com -o json | jq -r '.[] | .domain' | while read domain; do
    nslookup $domain
done

Data Analysis

Summarize Results

# Count unique ASNs
metabigor asn -c "Company" -o json | jq -r '.[] | .ASN' | sort -u | wc -l

# List all CIDR blocks
metabigor asn -c "Company" -o json | jq -r '.[] | .CIDR'

# Statistics
metabigor subdomain -d example.com -o json | jq 'length'
echo "Total subdomains found"

Export Formats

# JSON
metabigor asn -c "Google" -o json > results.json

# CSV
metabigor asn -c "Google" -o csv > results.csv

# Raw text
metabigor asn -c "Google" > results.txt

Performance & Optimization

Limiting Queries

# Limit results
metabigor asn -c "Company" -l 100

# Specific output fields
metabigor asn -c "Company" -o json | jq '.[] | {ASN, CIDR}'

Batch Operations

# Process multiple organizations
cat > companies.txt << EOF
Google
Microsoft
Amazon
Apple
EOF

while read company; do
    echo "[*] Processing $company..."
    metabigor asn -c "$company" -o json > ${company}_asn.json
done < companies.txt

Troubleshooting

Issue: API rate limiting

# Add delays between requests
for company in Google Microsoft Amazon; do
    metabigor asn -c "$company"
    sleep 2
done

Issue: Empty results

# Verify organization name
metabigor asn -c "Google Inc."  # Try full legal name

# Check exact spelling
metabigor asn -c "Google"

Issue: JSON parsing errors

# Validate JSON
metabigor asn -c "Google" -o json | jq empty

# Pretty print
metabigor asn -c "Google" -o json | jq '.'

Best Practices

  • Combine multiple data sources for accuracy
  • Verify results with WHOIS lookups
  • Document all findings
  • Respect legal boundaries
  • Cache results to avoid re-querying
  • Use JSON output for automation
  • nslookup/dig - DNS resolution
  • nmap - Network scanning
  • Shodan - Internet search engine
  • WHOIS - Domain/IP information
  • Certificate databases - SSL cert enumeration

Last updated: 2026-03-30 | Metabigor v2.0