A powerful OSINT framework with dual interfaces: Metasploit-style CLI and Maltego-style web visualization
Features β’ Installation β’ Usage β’ Documentation β’ Contributing
OSIF (Open Source Intelligence Framework) is a comprehensive OSINT platform that combines the power of command-line efficiency with modern web-based graph visualization. Designed for security researchers, penetration testers, and OSINT investigators.
οΏ½ Web-based Graph Visualization - Now includes a Maltego-style web interface for visual OSINT investigations with real-time entity linking and relationship mapping!
It consists of various modules that aid osint operations:
- Attack Surface
- Blockchain
- Host Enumeration
- IoC
- Mobile
- Social Media
- Web Enumeration
Traditional Metasploit-style CLI for running OSINT modules
- Visual Investigation: Maltego-style graph visualization
- Interactive Exploration: Click nodes to see details, double-click to investigate further
- Multiple Entry Points: Investigate domains, IPs, emails, Bitcoin addresses
- Automatic Entity Linking: Automatically discovers and links related entities
- Export Capabilities: Export investigation graphs as JSON
- Real-time Updates: Watch your investigation graph grow in real-time
- Smart Port Management: Automatic port conflict detection and increment (5001-5005)
- IP Reputation: Integrated AbuseIPDB for threat intelligence and abuse scoring
The new web interface provides a visual, interactive way to conduct OSINT investigations:
- Investigate domains, IPs, emails, and cryptocurrency addresses
- Automatically discover related entities
- Visual representation of relationships
- Export and share investigation data
- Hunter.io: Professional email finder and verifier
- Tomba: Advanced email finder with verification and enrichment
- Combined Search: Use both services for comprehensive email discovery
Full documentation found at https://osif.laet4x.com/
For developers and AI coding agents working on OSIF:
- Architecture Guide - Complete system architecture and technical design
- Feature Planning - Roadmap, priorities, and feature backlog
- Development Guide - Coding standards, workflows, and best practices
- Agent README - Overview of developer documentation
Get Docker for Windows, Linux and MacOS
Docker Compose is included in Docker Desktop for Windows and macOS.
You can download Docker Compose binaries from the release page on this repository.
git clone https://github.com/fr4nc1stein/osint-framework osif
cd osif
docker-compose up -d
docker exec -ti osif bash
./osif
If not started, follow this instruction below:
docker build --no-cache --tag osif .
docker run -ti osif bash
./osif
# Clone and install
git clone https://github.com/fr4nc1stein/osint-framework osif
cd osif
pip3 install -r requirements.txt
# Set up API keys (optional but recommended)
cp .env.example .env
# Edit .env with your API keys
# Start web server
chmod +x start_web.sh
./start_web.shThen open http://localhost:5000 in your browser!
# Run traditional CLI
./osifRecommended on ubuntu or kali
git clone https://github.com/fr4nc1stein/osint-framework osif
cd osif
pip3 install -r requirements.txt
Create .env
- Virustotal API https://www.virustotal.com/
- CENSYS API https://accounts.censys.io/ (under development)
- ABUSECH https://abuse.ch (required)
- SHODAN API https://account.shodan.io/
- HUNTER API https://hunter.io/api-keys
- BITCOIN ABUSE API https://www.bitcoinabuse.com/
- WIGEL API https://wigle.net/ (geolocation module)
- SECURITY TRAIL API https://securitytrails.com/
- TOMBA API https://tomba.io/
- ABUSEIPDB API https://www.abuseipdb.com/
VT_API=""
CENSYS_APPID=""
CENSYS_SECRET=""
ABUSECH_API_KEY = ""
SHODAN_API_KEY = ""
HUNTER_API_KEY = ""
BITCOINABUSE_API_KEY = ""
WIGLE_API_NAME = ""
WIGLE_API_TOKEN = ""
SECURITY_TRAIL_API = ""
TOMBA_API_KEY=""
TOMBA_SECRET_KEY=""
ABUSEIPDB_API_KEY=""
# Web Server (optional)
SECRET_KEY="your-secret-key-here"
WEB_PORT=5000
Start the web server:
./start_web.sh
# or
python3 web_server.pyThen navigate to http://localhost:5000
- Domain Investigation: Find emails, subdomains, DNS records, technologies
- IP Investigation: Geolocation, ISP info, open ports (Shodan), hostnames
- Email Investigation: Extract domain and related information
- Bitcoin Investigation: Check wallet balance and transaction history
- Interactive Graph: Click nodes for details, double-click to investigate further
- Export: Save your investigation as JSON
β$ ./osif
## #### ##### ######
# # # # # #
# # # # #
# # #### # ####
# # # # #
# # # # # #
## #### ##### #
>> OSINT Framework
>> @laet4x
-=[ 1 api ]=-
-=[ 2 dns ]=-
-=[ 1 subdomain ]=-
-=[ 1 uncategorized ]=-
[!] There are some issues ; use 'show issues' to see more details
osif > use dns/dns_records
osif dns(dns_records) > show options
Module options
==============
Name Value Required Description
---- ----- -------- -----------
DOMAIN google.com Y Provide your target Domain
osif dns(dns_records) >
laet4x
cadeath