A powerful Open Source Intelligence (OSINT) investigation tool built with Python that provides comprehensive analysis across multiple intelligence sources.
- Email Investigation: Breach detection, public profile discovery
- Domain Analysis: WHOIS information, subdomain enumeration, reputation checks
- IP Address Intelligence: Geolocation, open ports, abuse reports
- Username Reconnaissance: Social media profile discovery across platforms
- Async Processing: High-performance concurrent investigations
- Multiple Output Formats: JSON and YAML support
- Audit Logging: Complete investigation history tracking
- Extensible Plugin Architecture: Easy to add new OSINT sources
- Python 3.7+
- pip package manager
- Clone the repository:
git clone https://github.com/yourusername/osint_master.git
cd osint_master- Create a virtual environment:
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate- Install dependencies:
pip install -r requirements.txtpython main.py --email target@example.com --format jsonpython main.py --domain example.com --format yamlpython main.py --ip 8.8.8.8python main.py --username johndoepython main.py --email user@domain.com --domain domain.com --ip 192.168.1.1 --username user123python main.py --email target@example.com --audit-log investigations.log| Option | Description | Example |
|---|---|---|
--email |
Investigate an email address | --email admin@company.com |
--domain |
Investigate a domain | --domain example.com |
--ip |
Investigate an IP address | --ip 192.168.1.1 |
--username |
Investigate a username | --username john_doe |
--format |
Output format (json/yaml) | --format yaml |
--audit-log |
Audit log file path | --audit-log audit.log |
{
"email": {
"email": "user@example.com",
"breaches": ["Adobe", "LinkedIn"],
"public_profiles": [
"https://linkedin.com/in/user",
"https://github.com/user"
],
"notes": "Found in 2 data breaches"
}
}email:
email: user@example.com
breaches:
- Adobe
- LinkedIn
public_profiles:
- https://linkedin.com/in/user
- https://github.com/user
notes: Found in 2 data breaches- HaveIBeenPwned: Email breach detection
- Shodan: IP address and service information
- Social Media: Profile existence checks across platforms
- DNS/WHOIS: Domain registration and DNS records
- VirusTotal API
- SecurityTrails
- Sherlock Project
- AbuseIPDB
- OSINT Framework sources
The tool uses a modular plugin system. Each plugin inherits from PluginBase:
class CustomPlugin(PluginBase):
name = "custom"
description = "Custom OSINT source"
async def run(self, query, session):
# Your investigation logic here
return {"custom_data": "results"}Some features require API keys. Create a .env file:
HIBP_API_KEY=your_haveibeenpwned_key
SHODAN_API_KEY=your_shodan_key
VIRUSTOTAL_API_KEY=your_virustotal_key- Obtaining proper authorization before investigating targets
- Complying with local laws and regulations
- Respecting privacy and terms of service of investigated platforms
- Using the tool ethically and responsibly
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Create a new plugin class inheriting from
PluginBase - Implement the
runmethod with async support - Add the plugin to the
load_plugins()function - Update documentation and tests
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is provided "as is" without warranty. The authors are not responsible for any misuse or damage caused by this tool. Always ensure you have explicit permission before investigating any targets.
- π§ Email: support@example.com
- π Issues: GitHub Issues
- π¬ Discussions: GitHub Discussions
Made with β€οΈ by the OSINT Community