Skip to content

Panda1847/osint-recon-suite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
SECURITY.md
SECURITY.md
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

πŸ” OSINT Recon Suite

Version License Platform Python OSINT

Comprehensive Open-Source Intelligence Gathering & Reconnaissance Framework

Features β€’ Installation β€’ Tools β€’ Usage β€’ Techniques

🌟 Overview

OSINT Recon Suite is a professional-grade framework for conducting comprehensive open-source intelligence gathering and reconnaissance operations. This toolkit consolidates the most effective OSINT tools, automates reconnaissance workflows, and provides structured methodologies for information gathering across digital footprints.

🎯 Mission

Enable security professionals, investigators, and researchers to efficiently gather, analyze, and correlate publicly available information from diverse sources while maintaining operational security and ethical standards.

πŸ”¬ Intelligence Domains

  • Personal OSINT - People, emails, usernames, social media
  • Corporate OSINT - Companies, employees, infrastructure
  • Technical OSINT - Domains, IPs, networks, certificates
  • Social Media OSINT - Profiles, connections, content
  • Dark Web OSINT - Hidden services, marketplaces, forums
  • Geospatial OSINT - Locations, imagery, mapping
  • Financial OSINT - Transactions, companies, registrations
  • Threat Intelligence - IOCs, malware, campaigns

✨ Features

Core Capabilities

Category Tools Description
Username Enumeration 10+ tools Find accounts across 500+ platforms
Email Investigation 8+ tools Email validation, breach data, SMTP info
Domain Reconnaissance 15+ tools Subdomains, DNS, WHOIS, certificates
Social Media OSINT 12+ tools Profile analysis, relationship mapping
IP/Network Intel 10+ tools Geolocation, ASN, port scanning
People Search 8+ tools Public records, social profiles, data leaks
Company Research 6+ tools Corporate data, employees, infrastructure
Dark Web Monitoring 5+ tools Onion sites, marketplaces, forums
Image/Video OSINT 7+ tools Reverse search, metadata, geolocation
Automated Workflows 20+ scripts End-to-end reconnaissance automation

πŸš€ Installation

Quick Start

# Clone the repository
git clone https://github.com/Panda1847/osint-recon-suite.git
cd osint-recon-suite

# Run automated setup
chmod +x scripts/setup.sh
./scripts/setup.sh

# Configure API keys
cp configs/api_keys.example configs/api_keys.conf
# Edit configs/api_keys.conf with your API keys

# Run your first recon
./scripts/recon.sh --target example.com

Prerequisites

  • Python 3.8+
  • Git
  • Internet connection
  • API keys (optional but recommended)

Manual Installation

# Install system dependencies
sudo apt install python3 python3-pip git curl wget

# Install Python requirements
pip3 install -r requirements.txt

# Install Go tools
./scripts/install_go_tools.sh

# Verify installation
python3 scripts/verify.py

πŸ› οΈ Tools Included

πŸ‘€ Username & People Search

Sherlock

# Find username across 400+ sites
sherlock username

# Export results
sherlock username --output results.txt

WhatsMyName

# Web-based username search
python3 tools/whatsmyname.py username

Maigret

# Advanced username OSINT
maigret username --all-sites

Social Analyzer

# Deep social media analysis
python3 tools/social_analyzer.py --username target_user

πŸ“§ Email Intelligence

theHarvester

# Email harvesting from search engines
theHarvester -d example.com -b all

# Specific sources
theHarvester -d example.com -b google,linkedin,bing

Hunter.io CLI

# Find email addresses
python3 tools/hunter.py --domain example.com

# Verify email
python3 tools/hunter.py --verify email@example.com

h8mail

# Check emails in data breaches
h8mail -t target@email.com

# Bulk check
h8mail -t emails.txt

Holehe

# Check email account registrations
holehe target@email.com

🌐 Domain & Network Recon

Subdomain Enumeration

# Subfinder - Fast passive discovery
subfinder -d example.com -o subdomains.txt

# Amass - Comprehensive enumeration
amass enum -d example.com -o amass_results.txt

# Assetfinder
assetfinder --subs-only example.com

# Sublist3r
python3 tools/Sublist3r/sublist3r.py -d example.com

DNS Intelligence

# DNSRecon
dnsrecon -d example.com -t std

# Fierce
fierce --domain example.com

# DNSDumpster
python3 tools/dnsdumpster.py example.com

Certificate Transparency

# crt.sh search
python3 tools/crtsh.py example.com

# Censys certificates
python3 tools/censys_certs.py example.com

WHOIS & Registration

# WHOIS lookup
whois example.com

# Historical WHOIS
python3 tools/whois_history.py example.com

πŸ” IP & Network Intelligence

Shodan

# Search Shodan
python3 tools/shodan_search.py --ip 1.2.3.4

# Search by query
python3 tools/shodan_search.py --query "apache country:US"

Censys

# IP lookup
python3 tools/censys.py --ip 1.2.3.4

# Certificate search
python3 tools/censys.py --cert example.com

IPinfo

# IP geolocation and details
python3 tools/ipinfo.py 1.2.3.4

Nmap

# Port scanning
nmap -sV -sC -oA scan_results 1.2.3.4

# Full scan
nmap -p- -A -oA full_scan 1.2.3.4

πŸ“± Social Media OSINT

Instagram OSINT

# Instaloader (from social-media-downloader)
instaloader --metadata-json username

# Osintgram
python3 tools/Osintgram/main.py username

Twitter/X OSINT

# Twint
twint -u username --followers

# TweetScraper
python3 tools/tweetscraper.py username

LinkedIn OSINT

# LinkedIn scraper
python3 tools/linkedin_scraper.py company_name

# Employee enumeration
python3 tools/linkedin_employees.py "Company Name"

Facebook OSINT

# Facebook graph search
python3 tools/facebook_osint.py --profile username

πŸŒ‘ Dark Web OSINT

OnionScan

# Scan onion service
onionscan http://example.onion

Ahmia

# Search dark web
python3 tools/ahmia_search.py "search query"

DarkSearch

# Dark web search engine
python3 tools/darksearch.py "keyword"

πŸ–ΌοΈ Image & Metadata OSINT

Reverse Image Search

# TinEye
python3 tools/tineye.py image.jpg

# Google Images
python3 tools/google_images.py image.jpg

# Yandex Images
python3 tools/yandex_images.py image.jpg

Exif Data Extraction

# ExifTool
exiftool image.jpg

# Batch processing
exiftool -r /path/to/images/

Geolocation from Images

# Extract GPS coordinates
python3 tools/image_gps.py image.jpg

# Map location
python3 tools/image_gps.py image.jpg --map

πŸ“‹ Automated Workflows

Full Domain Reconnaissance

./scripts/domain_recon.sh example.com

What it does:

  1. Subdomain enumeration (5 tools)
  2. DNS records collection
  3. Certificate transparency search
  4. WHOIS information
  5. IP resolution and geolocation
  6. Port scanning (top 1000)
  7. Web technology detection
  8. Email harvesting
  9. Social media accounts
  10. Generate comprehensive report

Person Investigation

./scripts/person_recon.sh "John Doe" john.doe@email.com

What it does:

  1. Username enumeration
  2. Social media profiles
  3. Email breach checks
  4. Public records search
  5. Professional profiles (LinkedIn)
  6. Domain ownership
  7. Related accounts
  8. Timeline analysis
  9. Relationship mapping
  10. Generate dossier

Company Intelligence

./scripts/company_recon.sh "Example Corp"

What it does:

  1. Corporate registration data
  2. Domain infrastructure
  3. Employee enumeration
  4. Social media presence
  5. Technology stack
  6. IP ranges and ASNs
  7. Email patterns
  8. Data breaches
  9. News and mentions
  10. Competitive analysis

πŸŽ“ OSINT Methodology

Phase 1: Target Definition

Define scope, objectives, and legal boundaries
Document authorization and rules of engagement

Phase 2: Passive Reconnaissance

# Gather information without direct interaction
./scripts/passive_recon.sh target.com

Phase 3: Active Reconnaissance

# Direct interaction with target systems
./scripts/active_recon.sh target.com

Phase 4: Data Analysis

# Correlate and analyze gathered intelligence
python3 tools/analyze.py --input recon_data/

Phase 5: Reporting

# Generate professional report
python3 tools/generate_report.py --target target.com --output report.pdf

πŸ“Š Example Outputs

Domain Reconnaissance Report

Target: example.com
Scan Date: 2026-01-14

[+] Subdomains Found: 47
    - www.example.com (1.2.3.4)
    - mail.example.com (1.2.3.5)
    - api.example.com (1.2.3.6)
    ...

[+] Email Addresses: 23
    - john@example.com
    - admin@example.com
    ...

[+] Technologies Detected:
    - Web Server: nginx/1.21.0
    - Framework: React 18.2.0
    - CDN: Cloudflare
    ...

[+] Social Media:
    - Twitter: @example
    - LinkedIn: /company/example
    ...

Person Dossier

Target: John Doe (john.doe@email.com)
Investigation Date: 2026-01-14

[+] Online Presence:
    - Twitter: @johndoe (10K followers)
    - LinkedIn: /in/johndoe (Software Engineer at TechCorp)
    - GitHub: github.com/johndoe (250 repos)
    - Instagram: @john.doe (Private)

[+] Professional Information:
    - Current: Software Engineer at TechCorp (2020-Present)
    - Previous: Developer at StartupXYZ (2018-2020)
    - Education: BS Computer Science, MIT (2018)

[+] Digital Footprint:
    - Domains Owned: johndoe.com, johndoe.dev
    - Email Breaches: 2 (LinkedIn 2021, Adobe 2013)
    - Public Repositories: 250
    - Stack Overflow: 15K reputation

[+] Geolocation:
    - Current: San Francisco, CA (based on social media)
    - Previous: Boston, MA

πŸ”’ Operational Security (OpSec)

Best Practices

  • πŸ” Use VPN/Tor - Route traffic through privacy networks
  • 🎭 Separate Identities - Use dedicated OSINT accounts
  • 🚫 Avoid Direct Interaction - Prefer passive techniques
  • πŸ“ Document Everything - Maintain detailed logs
  • ⏰ Timing - Blend in with normal traffic patterns
  • πŸ”„ Rotate Infrastructure - Change IPs and accounts regularly

Privacy Tools

# Use Tor for anonymity
torsocks python3 tools/osint_tool.py

# Use ProxyChains
proxychains python3 tools/osint_tool.py

# VPN connection
sudo openvpn config.ovpn

βš–οΈ Legal & Ethical Guidelines

βœ… Legal Use

  • Publicly available information only
  • Authorized investigations
  • Security research
  • Due diligence
  • Background checks (with consent)
  • Threat intelligence

❌ Prohibited Activities

  • Unauthorized access
  • Harassment or stalking
  • Identity theft
  • Doxxing
  • Privacy violations
  • Illegal surveillance

πŸ“œ Compliance

  • GDPR - Respect EU privacy regulations
  • CCPA - California privacy laws
  • COPPA - Children's privacy protection
  • Terms of Service - Respect platform policies

πŸ—ΊοΈ OSINT Framework

This suite follows the OSINT Framework methodology:

1. Requirements β†’ 2. Collection β†’ 3. Processing
        ↓
4. Analysis ← 5. Production ← 6. Dissemination

Each phase has dedicated tools and workflows.

πŸ“š Resources

Learning Materials

Recommended Books

  1. "Open Source Intelligence Techniques" by Michael Bazzell
  2. "OSINT Handbook" by i-intelligence
  3. "Social Media Intelligence" by Nihad Hassan
  4. "The Art of Invisibility" by Kevin Mitnick

Online Courses

  • SANS SEC487 - Open-Source Intelligence Gathering
  • TCM Security OSINT - Practical OSINT
  • Udemy OSINT - Various courses

πŸ”§ Configuration

API Keys

Many tools require API keys for full functionality:

# Edit configs/api_keys.conf
SHODAN_API_KEY=your_key_here
CENSYS_API_ID=your_id_here
CENSYS_API_SECRET=your_secret_here
HUNTER_API_KEY=your_key_here
VIRUSTOTAL_API_KEY=your_key_here
TWITTER_API_KEY=your_key_here
GOOGLE_API_KEY=your_key_here

Tool Configuration

Customize tool behavior in configs/tools.yaml:

shodan:
  timeout: 30
  max_results: 100

subfinder:
  sources:
    - crtsh
    - virustotal
    - censys
  timeout: 10

theHarvester:
  engines:
    - google
    - bing
    - linkedin
  limit: 500

πŸ“– Documentation

Comprehensive documentation in docs/:

Document Description
SETUP.md Installation guide
TOOLS.md Tool reference
WORKFLOWS.md Automated workflows
METHODOLOGY.md OSINT methodology
OPSEC.md Operational security
LEGAL.md Legal guidelines
API.md API documentation

🀝 Contributing

Contributions welcome! We need:

  • πŸ”§ New tools
  • πŸ“ Documentation improvements
  • πŸ› Bug reports
  • πŸ’‘ Feature suggestions
  • 🎯 New workflows
  • πŸ“Š Case studies

See CONTRIBUTING.md for guidelines.

πŸ”„ Updates

Latest (v1.0.0 - January 2026)

  • βœ… 100+ OSINT tools integrated
  • βœ… 20+ automated workflows
  • βœ… Comprehensive documentation
  • βœ… API integration
  • βœ… OpSec guidelines

Roadmap

v1.1 (Q2 2026)

  • Web interface
  • Real-time monitoring
  • Machine learning analysis
  • Collaborative features

v2.0 (Q4 2026)

  • AI-powered correlation
  • Automated reporting
  • Threat intelligence feeds
  • Mobile app

πŸ“œ License

MIT License - see LICENSE for details.

πŸ™ Acknowledgments

  • OSINT Community - Tools and techniques
  • Bellingcat - Investigative methods
  • IntelTechniques - Resources and training
  • Tool Authors - All the amazing creators

πŸ“ž Support

πŸ” Intelligence Through Open Sources πŸ”

Gather Responsibly. Investigate Ethically. Respect Privacy.

⬆ Back to Top

About

πŸ” Comprehensive OSINT framework with 100+ tools for intelligence gathering. Includes automated workflows for domain, person, and company reconnaissance.

Topics

security intelligence social-media osint tools hacking sherlock cybersecurity recon information-gathering investigation reconnaissance

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors