The EAR project is an application designed to make it easy to discover interesting facts about organizations, users, computers, and networks on the web, using OSINT techniques.

The core concepts of the EAR project are the object model (implemented and database-backed with Active Record) and the tasks (implemented as ruby scripts) to modify objects. EAR tasks are simple to create, infinitely extensible, and have just enough structure to extend the EAR framework in useful ways.

EAR keeps track of newly generated data by maintaining the relationship between objects and tasks for you. For example, if you add a host object, and run a 'geolocate_host' task, you'll find that the physical address generated by the task is now a child of that host. You can programmatically query and inspect these relationships.

• 02/25/2012 - The EAR Project has a stubbed out web UI, and is on its way to v1.0
• 12/16/2011 - The EAR Project has been updated to Rails 3!

EAR has a number of external (mainly gem) dependencies. We use bundler to manage dependencies.

To set up EAR, run 'bundle install' in the root of the EAR directory.

The EAR is currently tested and working on:

• OS X 10.5.x+
• Ubuntu Linux 9.10+

The following Prerequisites are required for execution:

The following packages are required for successful execution::

sudo apt-get install qt4-qmake libnokogiri-ruby1.8 libxslt-dev libxml2-dev libqt4-dev libpcap-dev libpq-dev libsqlite3-dev 

brew install qt 

Execute the bundle installer:

$ gem install bundle 
$ bundle install #from within the ear application root

The following additional applications are required:

Rails 
Firefox 
Nmap 

Installation of therubyracer gem might fail due to an invalid GEM speficiation file, refer to the following link for details:

https://github.com/cowboyd/therubyracer/issues/140#issuecomment-4707363

Prior to executing EAR, ensure all appropriate configuration files exist:

$ cp ear/config/ear_api_keys.yml.sample config/ear_api_keys.yml
$ cp ear/config/database.yml.sample config/database.yml 

The ear_api_keys.yml file documents which API keys are required for effective API operations and where they may be located.

The database.yml file can be configured with the following databases:

* SQLite3 - For light / small scale test database operations and development.
* MySQL / Postgres - For heavier / long term operations and development.

Once you have a database.yml is configured correctly, execute the following within the EAR root directory:

$ rake db:create && rake db:migrate
$ data/geolitecity/get_latest.sh 

Once you have a database, simply run $ util/console.rb - this will give you access to a pry shell from which you can create objects and run tasks.

Creating a host object & running tasks:

ear> h = Host.create(:ip_address => "8.8.8.8")
ear> h.run_task("dns_reverse_lookup")
ear> h.run_task("geolocate_host")
ear> h.children

You can also access the interface on the web, by running '`$ rails s' in the root of the EAR directory. This will set up a server on :3000 - Note that this is extremely alpha, and is currently not supported.

TODO

The EAR ships with a few utilities which you may find of use:

• util/sniff.rb: This utility sets up a packet sniffer on the local machine, which automatically creates Host objects within the EAR's database. These host objects are then available to you within the EAR. This is a fun & easy way to find out more information about the systems your host is communicating with.

• util/load_*.rb: Use these utilities to load a list of hosts into the system. Optionally, you can run modules against the objects you import. It's likely you'll want to take a look at the code before running them.

Check out the utils/ directory for more utils.