Intelligence X (IntelX)
Intelligence X (IntelX) is a powerful OSINT search engine indexing leaked databases, darknet markets, WHOIS records, pastes, and public web archives. It enables security researchers to discover exposed credentials, track data breaches, map infrastructure, and conduct comprehensive threat intelligence operations through both web interface and API.
Overview
섹션 제목: “Overview”IntelX aggregates multiple data sources including paste sites, leaked databases, darknet content, public records, and historical WHOIS snapshots. Free tier provides limited searches; professional and enterprise tiers unlock API access, higher rate limits, and advanced features.
| Feature | Free | Professional | Enterprise |
|---|---|---|---|
| Web search | Yes | Yes | Yes |
| API access | No | Yes | Yes |
| Rate limit | 20/month | 1,000/month | Custom |
| Result limit | 100 | 1,000 | Unlimited |
| Buckets | All | All | All |
| File download | No | Yes | Yes |
| Phone book | No | Yes | Yes |
Web Interface
섹션 제목: “Web Interface”Basic Search
섹션 제목: “Basic Search”Access IntelX via web browser and search by identifier type. The search bar auto-detects input and applies intelligent matching.
Search bar accepts:
- Email addresses: user@example.com
- Domains: example.com
- IP addresses: 192.168.1.1
- URLs: https://example.com/path
- Bitcoin addresses: 1A1z7agoat
- IBAN: DE89370400440532013000
- UUIDs: 550e8400-e29b-41d4-a716-446655440000
- Usernames: john_doeSearch Selectors
섹션 제목: “Search Selectors”Refine searches with boolean operators and filters:
Selector syntax:
- AND: term1 AND term2
- OR: term1 OR term2
- NOT: term1 NOT term2
- Exact match: "exact phrase"
- Domain: inurl:example.com
- Wildcard: admin*
- Date range: created:[2023-01-01 TO 2024-12-31]Date Filtering
섹션 제목: “Date Filtering”Most leaked data includes timestamps. Filter results by publication or data collection date:
Date filter examples:
- Last 24 hours: created:[now-1d TO now]
- Last month: created:[now-30d TO now]
- Specific range: created:[2023-01-01 TO 2023-12-31]
- Before date: created:[* TO 2023-12-31]Source Filtering
섹션 제목: “Source Filtering”IntelX organizes data into buckets. Filter by specific leak source or data type:
| Bucket | Content | Use Case |
|---|---|---|
| Pastes | Pastebin, PasteBin.com, Slexy | Quick leak discovery |
| Leaks | Database breaches, dumps | Credential exposure |
| Darknet | Market listings, forums | Threat actor activity |
| WHOIS | Historical domain registration | Infrastructure mapping |
| Web | Public web archive | Historical content |
| Dumpster | Archived email, logs | Administrative records |
| Usenet | Historical Usenet posts | Legacy data |
API Authentication
섹션 제목: “API Authentication”Setting Up API Access
섹션 제목: “Setting Up API Access”- Create account and upgrade to Professional or Enterprise tier
- Navigate to Account Settings → API
- Generate API key (store securely)
- Include key in request headers as
x-key
Rate Limits
섹션 제목: “Rate Limits”Professional tier: 1,000 requests/month (~33/day) Enterprise tier: Custom limits (contact sales)
# Rate limit headers in response:
x-ratelimit-limit: 1000
x-ratelimit-remaining: 999
x-ratelimit-reset: 1704067200Search API
섹션 제목: “Search API”GET /intelligent/search
섹션 제목: “GET /intelligent/search”Execute full-text search across all indexed content.
# Basic search
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/intelligent/search" \
-d "term=user@example.com&buckets=pastes,leaks&limit=100"
# Advanced search with date range
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/intelligent/search" \
-d "term=admin@corp.com&from=2023-01-01&to=2024-12-31&buckets=leaks&limit=500"Request Parameters
섹션 제목: “Request Parameters”| Parameter | Type | Required | Description |
|---|---|---|---|
| term | string | Yes | Search query (email, domain, IP, username) |
| buckets | string | No | Comma-separated bucket names (default: all) |
| limit | integer | No | Results per request (max 1000) |
| from | string | No | Start date (YYYY-MM-DD) |
| to | string | No | End date (YYYY-MM-DD) |
| offset | integer | No | Pagination offset |
| mode | string | No | contains (default), exact |
Response Format
섹션 제목: “Response Format”{
"status": 0,
"id": "request-uuid",
"bucket": "leaks",
"records": [
{
"id": "record-id",
"type": 1,
"date": "2023-06-15T10:30:00Z",
"name": "Database breach June 2023",
"description": "Exposed customer records",
"bucket": "leaks",
"size": 2048576
}
],
"took": 245
}Phonebook API
섹션 제목: “Phonebook API”GET /phonebook/search
섹션 제목: “GET /phonebook/search”Search phonebook index for email and domain enumeration. Faster than full search for reconnaissance.
# Find emails for domain
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/phonebook/search" \
-d "term=@example.com&limit=100"
# Enumerate email variations
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/phonebook/search" \
-d "term=user%40example.com"
# Find related domains
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/phonebook/search" \
-d "term=example.com&type=domain"Phonebook Parameters
섹션 제목: “Phonebook Parameters”| Parameter | Type | Values |
|---|---|---|
| term | string | Email prefix/domain/IP range |
| type | string | email (default), domain |
| limit | integer | 1-10000 |
| offset | integer | Pagination offset |
File Preview and Download
섹션 제목: “File Preview and Download”Viewing Results
섹션 제목: “Viewing Results”After searching, click results to preview content. IntelX renders previews for:
- Text files (email dumps, credential lists, logs)
- JSON (API responses, configuration files)
- CSV (user databases, account lists)
Downloading Content
섹션 제목: “Downloading Content”Professional and Enterprise tiers can download full files:
# Get file metadata and download link
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/file/read" \
-d "id=FILE_ID"Storage API
섹션 제목: “Storage API”Upload reconnaissance notes and findings to IntelX storage:
curl -H "x-key: YOUR_API_KEY" \
-X POST \
-F "file=@findings.txt" \
"https://intelx.io/api/storage/upload"Python SDK
섹션 제목: “Python SDK”Installation
섹션 제목: “Installation”pip install intelxBasic Setup
섹션 제목: “Basic Setup”from intelx import intelx
# Initialize with API key
ix = intelx(apikey="YOUR_API_KEY")Search Examples
섹션 제목: “Search Examples”# Search for email breaches
results = ix.search("user@example.com", buckets=["pastes", "leaks"], limit=100)
for result in results["records"]:
print(f"{result['name']} - {result['date']}")
# Search by domain with date range
results = ix.search(
"example.com",
buckets=["leaks"],
from_date="2023-01-01",
to_date="2024-12-31",
limit=500
)
# Get phonebook results
phonebook = ix.phonebook("@example.com", limit=1000)
print(f"Found {len(phonebook['records'])} email addresses")File Operations
섹션 제목: “File Operations”# Download file by ID
file_content = ix.file_read("FILE_ID")
with open("downloaded.txt", "wb") as f:
f.write(file_content)
# Upload file to storage
ix.storage_upload("reconnaissance_notes.txt")Common OSINT Workflows
섹션 제목: “Common OSINT Workflows”Email Breach Exposure
섹션 제목: “Email Breach Exposure”Determine if email appears in leaked databases:
# Step 1: Search IntelX for email
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/intelligent/search" \
-d "term=target@company.com&buckets=leaks,pastes"
# Step 2: Review results for breach source
# Step 3: Check if password exposed in same leak
# Step 4: Cross-reference with known password databasesDomain Reconnaissance
섹션 제목: “Domain Reconnaissance”Map organization infrastructure and find exposed credentials:
from intelx import intelx
ix = intelx(apikey="YOUR_API_KEY")
# Find all emails for domain
emails = ix.phonebook("@target.com", limit=5000)
print(f"Email enumeration: {len(emails['records'])} addresses")
# Search domain in breaches
breaches = ix.search("target.com", buckets=["leaks"])
print(f"Found in {len(breaches['records'])} breaches")
# Check subdomains via WHOIS history
subdomains = ix.search("*.target.com", buckets=["whois"])Credential Analysis
섹션 제목: “Credential Analysis”Find usernames and passwords exposed together:
# Search for specific breach dump
results = ix.search("2024-corp-breach.sql", buckets=["leaks"])
# Filter results containing credentials
for result in results["records"]:
if "password" in result["description"].lower():
print(f"Credential file: {result['name']}")Infrastructure Mapping
섹션 제목: “Infrastructure Mapping”Discover IP ranges, domains, and services:
# Search WHOIS history for domain changes
whois_history = ix.search("target.com", buckets=["whois"])
# Find associated IPs
ip_results = ix.search("192.168.0.0/16", buckets=["whois", "web"])
# Enumerate nameservers and infrastructure
for result in ip_results["records"]:
print(f"IP {result['name']} registered {result['date']}")Darknet Monitoring
섹션 제목: “Darknet Monitoring”Track threat actors and marketplace activity:
# Monitor darknet market listings
darknet_results = ix.search("target.com", buckets=["darknet"])
# Search for known threat actors
actor_results = ix.search("threat-actor-name", buckets=["darknet"])
# Find malware command & control infrastructure
c2_results = ix.search("C2-domain.onion", buckets=["darknet", "pastes"])Buckets and Sources
섹션 제목: “Buckets and Sources”Pastes
섹션 제목: “Pastes”Paste site aggregation (Pastebin, HasteBin, Slexy). High velocity, frequently updated.
Leaks
섹션 제목: “Leaks”Organized breach databases and data dumps. Larger datasets with structured data.
Darknet
섹션 제목: “Darknet”Tor marketplace listings, forum posts, and threat actor communications.
WHOIS
섹션 제목: “WHOIS”Historical domain registration snapshots. Track ownership and infrastructure changes.
Web
섹션 제목: “Web”Archived web pages and historical content. Wayback machine-style access.
Dumpster
섹션 제목: “Dumpster”Email archives, system logs, and administrative records.
Usenet
섹션 제목: “Usenet”Historical Usenet group posts (1990s-2000s era content).
Integration with Other Tools
섹션 제목: “Integration with Other Tools”Feeding Maltego
섹션 제목: “Feeding Maltego”Export IntelX results to Maltego transforms:
- Create new investigation in Maltego
- Add entity (email/domain)
- Run custom transform using IntelX API
- Maltego automatically enriches graph
Combining with DeHashed
섹션 제목: “Combining with DeHashed”Cross-reference IntelX breach data with DeHashed:
from intelx import intelx
import requests
ix = intelx(apikey="INTELX_KEY")
dehashed_api = "YOUR_DEHASHED_TOKEN"
# Find breaches in IntelX
intelx_results = ix.search("user@example.com")
# Cross-check with DeHashed
for result in intelx_results["records"]:
dehashed_response = requests.post(
"https://www.dehashed.com/api/",
json={"query": "user@example.com", "type": "email"},
headers={"Authorization": dehashed_api}
)Enriching BloodHound
섹션 제목: “Enriching BloodHound”Correlate internal AD users with external breach data:
# Export AD user list from BloodHound
# Format: email addresses from user@domain.com
# Batch search IntelX
for user_email in ad_user_list:
results = ix.search(user_email, limit=50)
if results["records"]:
print(f"RISK: {user_email} in {len(results['records'])} breaches")Troubleshooting
섹션 제목: “Troubleshooting”No Results Despite Known Breaches
섹션 제목: “No Results Despite Known Breaches”- Verify search term format (exact email vs domain)
- Check bucket selection (breach might be in specific bucket)
- Try wildcard:
*@example.com - Adjust date range
- Check API key rate limit
API Rate Limit Exceeded
섹션 제목: “API Rate Limit Exceeded”x-ratelimit-remaining: 0
Error: Rate limit exceededSolutions:
- Upgrade tier (Professional 1000/month → Enterprise unlimited)
- Batch requests and cache results
- Wait until monthly reset (if on Free/Professional)
- Implement request throttling (1 req/sec)
Authentication Errors
섹션 제목: “Authentication Errors”# Verify API key in header
curl -H "x-key: ACTUAL_KEY_HERE" \
"https://intelx.io/api/intelligent/search" \
-d "term=test"
# Check account tier allows API access
# Free tier cannot use APITimeout on Large Downloads
섹션 제목: “Timeout on Large Downloads”Use pagination with offset parameter:
# First batch
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/intelligent/search" \
-d "term=example.com&limit=1000&offset=0"
# Second batch
curl -H "x-key: YOUR_API_KEY" \
"https://intelx.io/api/intelligent/search" \
-d "term=example.com&limit=1000&offset=1000"Best Practices
섹션 제목: “Best Practices”Legal and Responsible Use
섹션 제목: “Legal and Responsible Use”- Use IntelX only for authorized security research and defensive operations
- Respect applicable laws (CFAA, GDPR, CCPA)
- Only access data relevant to your investigation
- Do not use exposed credentials for unauthorized access
- Document findings appropriately for compliance teams
- Verify with legal/compliance before using results operationally
Data Hygiene
섹션 제목: “Data Hygiene”- Export results to secure, encrypted storage
- Never save credentials in plaintext in reports
- Anonymize PII when sharing findings internally
- Use unique, strong passwords after exposure disclosure
- Implement credential rotation after breach discovery
Investigation Techniques
섹션 제목: “Investigation Techniques”- Start with email/domain rather than individual passwords
- Use phonebook for bulk enumeration (faster)
- Cross-reference multiple buckets for validation
- Track dates to identify patterns and timeline
- Correlate with other OSINT sources
- Document chain of custody for legal cases
API Best Practices
섹션 제목: “API Best Practices”- Implement exponential backoff for rate limiting
- Cache results to minimize API calls
- Use pagination for large result sets
- Filter buckets to reduce noise
- Log all searches for audit trail
- Rotate API keys regularly
Related Tools
섹션 제목: “Related Tools”| Tool | Specialty | Integration |
|---|---|---|
| DeHashed | Credential-focused searches | Cross-reference breaches |
| SpyCloud | Enterprise breach data | Risk assessment |
| HaveIBeenPwned | Public breach notifications | Breach confirmation |
| Shodan | Device/service fingerprinting | Infrastructure discovery |
| SecurityTrails | DNS history and subdomain enumeration | Domain reconnaissance |
| Maltego | OSINT graph visualization | Custom transforms |
| The Harvester | Email enumeration | Domain profiling |
| Grep.app | GitHub code search | Exposed secrets detection |