16 Repos
Software frameworks designed for the automated collection and analysis of publicly available information.
Distinct from Open Source Software: The candidates provided were all related to open-source software development or licensing, whereas this feature refers to the OSINT (Open Source Intelligence) investigative domain.
Explore 16 awesome GitHub repositories matching security & cryptography · Open Source Intelligence Tools. Refine with filters or upvote what's useful.
Maigret is an open-source intelligence framework designed for automated digital footprint discovery and identity investigation. It functions as a search engine that aggregates profile metadata by querying thousands of websites for specific usernames, mapping an individual's online presence across diverse platforms. The tool distinguishes itself through recursive discovery capabilities, which identify links within discovered profiles to expand the scope of an investigation automatically. It supports cross-platform identity correlation by mapping disparate accounts and pseudonymous personas, in
Automating the collection and analysis of publicly available information to build comprehensive dossiers on specific digital identities.
GHunt is a Google account investigator and open-source intelligence framework designed to retrieve publicly available information and metadata associated with Google accounts. It functions as an OSINT data extractor and offensive security framework used to identify user identities and uncover hidden metadata. The tool extracts public profile data from various Google services and exports the findings into structured JSON formats. This allows for the collection and analysis of digital footprints to support security research and reconnaissance.
Collects and analyzes public digital footprints to support security research and investigations.
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Collects and analyzes publicly available data from DNS and public records to define an attack surface.
Crucix is an open-source intelligence system comprising an OSINT aggregator, a geospatial intelligence dashboard, and an LLM intelligence agent. It functions as a real-time signal monitor and automated alerting system designed to collect, analyze, and visualize geopolitical, economic, and satellite data from diverse open-source intelligence sources. The system utilizes large language models to synthesize intelligence feeds, generate actionable trade ideas, and classify signal priority with confidence scores. It features a geospatial visualization interface that plots intelligence events, such
Collects and synthesizes geopolitical, economic, and satellite data from diverse open-source intelligence sources.
Holehe is an email account discovery and presence verification tool used for open source intelligence. It scans various social media platforms and web services to identify if a specific email address is linked to an existing account. The tool verifies account existence by utilizing registration and password recovery endpoints without notifying the account owner. It maps digital footprints by checking for the presence of an email across numerous third-party services and extracting available account metadata.
Provides an automated framework for collecting publicly available information to map associated online accounts.
T-Pot is a multi-honeypot orchestration platform and threat intelligence collector. It utilizes a Docker-based security sandbox to deploy and manage a collection of diverse decoy services that simulate vulnerable targets to lure attackers and record their activity. The system features a distributed sensor network where remote nodes capture attack logs and transmit them via encrypted communication to a central hub. This central hub employs an analytics stack to transform raw logs into geographic maps and interactive dashboards for adversary behavior visualization. To increase the realism of si
Collects open source intelligence and utilizes encoding and decryption tools to investigate attacker behavior.
Trape is a browser-based remote access tool and exploit framework designed for gathering device geolocation, hardware profiles, and network data. It functions as an open-source intelligence platform and a system for executing custom scripts and triggering browser vulnerabilities to capture credentials or monitor device activity. The project features a real-time geolocation tracker capable of retrieving precise physical coordinates and monitoring individual movement, including silent acquisition that bypasses standard location prompts. It further provides a network tunneling service to make lo
Provides a platform for the automated collection and analysis of publicly available intelligence to monitor targets.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Automates the collection of leaked credentials and exposed APIs from public sources.
Flowsint is an open-source intelligence framework and reconnaissance orchestrator used for cybersecurity investigations. It functions as a containerized tool runner and data mapper, automating the collection of intelligence from open-source providers and APIs to profile targets and map threat intelligence. The platform distinguishes itself through a graph-based investigation interface, where processed raw intelligence is converted into nodes and edges to visualize relationships between entities. It allows for the creation of sequenced pipelines that chain data enrichment tools, enabling the o
Provides a modular platform for defining custom data schemas, validators, and enrichers for cybersecurity investigations.
GhostTrack is an open-source intelligence (OSINT) framework that aggregates geographic, network, and social identity information from public data sources. It functions as a digital footprint analyzer, collecting various pieces of publicly available information to build comprehensive profiles of target individuals. The framework combines multiple investigative capabilities into a single tool, including IP address geolocation, phone number intelligence, and social media username discovery. It distributes queries across external data services to maximize coverage and accuracy, resolving IP addre
Provides an automated framework for collecting and analyzing publicly available information from network and social sources.
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
Automates the collection and aggregation of publicly available information from web sources for reconnaissance.
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
Collects public information from social media and the web to gather data on specific targets.
Social Mapper ist ein Open-Source-Intelligence-Framework, das entwickelt wurde, um digitale Fußabdrücke aus sozialen Medien zu sammeln und zu strukturieren. Es fungiert als Plattform zur Korrelation von Online-Identitäten über mehrere Plattformen hinweg und ermöglicht die Erstellung eines einheitlichen digitalen Profils für ein bestimmtes Subjekt. Das Tool zeichnet sich durch die Integration automatisierter Gesichtserkennung zur Identitätsüberprüfung aus, wobei Zielfotos mit Profilbildern verglichen werden, die während des Suchprozesses gefunden wurden. Diese Funktion ermöglicht das Filtern von Suchergebnissen, um die Genauigkeit der Identitätskorrelation zu verbessern, bevor Daten zur menschlichen Überprüfung präsentiert werden. Das System nutzt eine modulare Architektur zur Verwaltung der Datensammlung und setzt Headless-Browser-Automatisierung ein, um mit Plattformen zu interagieren und Informationen zu extrahieren. Es organisiert diese Ergebnisse in strukturierten Intelligence-Berichten und bietet ein standardisiertes Format zur Unterstützung von investigativer Forschung und operativer Planung.
Collects and structures publicly available information from social media networks to support investigative research.
This project is a comprehensive command-line reference and toolkit designed for Linux system administration and network security assessment. It provides a collection of technical snippets and operational guides focused on managing remote environments, orchestrating shell sessions, and executing administrative tasks through native terminal utilities. The repository distinguishes itself by offering specialized techniques for stealthy operations and infrastructure manipulation. It covers methods for establishing encrypted tunnels to bypass firewalls, obfuscating process identities and command hi
Maps digital footprints by querying public databases for subdomains, IP history, and security certificates.
FOCA is a digital forensics metadata analyzer and open-source intelligence tool used to extract hidden information from various document types. It functions as a metadata extraction tool that isolates technical data and EXIF information from PDFs, office documents, and SVG files. The system integrates an open-source intelligence scanner that identifies and downloads target files from the web using multiple search engine APIs. This allows for the automated discovery and acquisition of remote web assets for batch analysis and digital evidence gathering. The software provides capabilities for d
Finds and analyzes publicly available documents from search engines to gather intelligence about target entities.
Ethical-Hacking-Labs is a comprehensive cybersecurity training curriculum and lab suite designed for learning penetration testing, network analysis, and offensive security techniques. It provides a structured environment for practicing the full attack lifecycle, from initial reconnaissance and scanning to exploitation and post-compromise analysis. The project provides instructional materials and guided exercises that cover specific technical domains, including open source intelligence research and network security courseware. It includes a practical workbook for identifying system vulnerabili
Provides comprehensive tools for the automated collection and analysis of publicly available information.