Zero API Keys โข 100% Public Data โข Made in Indonesia
Click to expand
| Section | Description |
|---|---|
| About GhostIntel | What is this tool? |
| Why v2.5? | Key advantages |
| What's New | v2.5 features |
| Quick Start | Installation & first scan |
| Web UI | Localhost dashboard |
| Phone OSINT | 8 countries supported |
| Email Breach | Leak alerts + risk score |
| Username OSINT | 129+ platforms |
| Domain OSINT | DNS + HTTP + tech stack |
| IP OSINT | Location + threat score |
| Reports | JSON, HTML, TXT, MD |
| Batch Processing | Multi-target scan |
| Screenshots | See it in action |
| Star History | Project growth |
| Disclaimer | Read before using |
GhostIntel is a robust and versatile OSINT (Open Source Intelligence) framework designed to empower cybersecurity enthusiasts, digital investigators, and ethical hackers. Built with Python and completely API-free, GhostIntel allows users to explore, analyze, and gather publicly available information about individuals, organizations, and digital assets quickly and efficiently.
The framework provides tools to investigate a wide range of data sources, including usernames, emails, phone numbers, domains, and IP addresses, making it an all-in-one solution for understanding online footprints, detecting exposure, and performing digital reconnaissance.
GhostIntel is designed with ease of use and efficiency in mind. Its Web UI makes navigation intuitive, while features like batch scanning and attachments support allow users to handle multiple targets and save results for further analysis. The framework is ideal for tasks such as:
- OSINT investigations โ uncover public data about people, organizations, or digital assets
- Threat intelligence โ identify potential risks and exposure points
- Digital footprint mapping โ visualize the presence of an entity across multiple platforms
- Ethical hacking reconnaissance โ gather information in a structured and safe way
By combining automation, flexibility, and accessibility, GhostIntel enables users to work quickly and efficiently, whether for personal research, professional cybersecurity projects, or educational purposes. It emphasizes transparency, security, and the ethical use of publicly available information, making it a reliable tool for anyone exploring the digital world.
In short, GhostIntel is more than just a toolkit โ it's a complete framework for understanding and analyzing the online presence of individuals and organizations, empowering users to make informed decisions based on publicly accessible data.
How it works: Just type a target โ username, email, phone, domain, or IP โ and GhostIntel scans hundreds of public sources to find everything connected to it.
| # | Feature | What It Means |
|---|---|---|
| 1 | Zero API Keys | Use immediately โ no signup, no payment, no hidden costs |
| 2 | Async & Fast | Parallel scanning, 10x faster than similar tools |
| 3 | Auto Detect | Paste anything, GhostIntel auto-detects the type |
| 4 | Web UI | Beautiful localhost dashboard (BRAND NEW in v2.5!) |
| 5 | 8 Countries | Phone OSINT: ID, US, GB, MY, IN, AU, SG, PH |
| 6 | 129+ Platforms | Username checking across 129+ sites simultaneously |
| 7 | Data Correlation | Links findings across all modules automatically |
| 8 | Breach Detection | Email leak alerts + risk score (0-100) |
| 9 | Batch Processing | Scan multiple targets from a single file |
| 10 | 4 Report Formats | JSON, HTML, TXT, Markdown |
Developed by Ruyynn โ Made in Indonesia, for the global cybersecurity community.
GhostIntel stands out because it's built for real investigations โ not just another wrapper around paid APIs.
ZERO API KEYS โ No registration, no payments, just pure OSINT
ASYNC & FAST โ 10x faster than other free tools
AUTO DETECT โ Input anything, GhostIntel figures it out
WEB UI โ Localhost dashboard with dark/light theme
8 COUNTRIES โ Phone OSINT: ID/US/GB/MY/IN/AU/SG/PH
129+ PLATFORMS โ Most comprehensive username checker
BREACH DETECTION โ Email alerts with risk scoring
BATCH PROCESSING โ Scan hundreds of targets at once
ROTATING USER-AGENT โ 14+ UAs to avoid being blocked
This is a MAJOR upgrade from v2.0. Here's what's new:
| Feature | v2.0 | v2.5 | Impact |
|---|---|---|---|
| Web UI | No | Yes | Game changer! Full dashboard |
| Phone Countries | 5 | 8 | Added AU, SG, PH |
| Breach Detection | No | Yes | Email leak alerts + risk score |
| Batch Processing | No | Yes | Multi-target scanning |
| Markdown Reports | No | Yes | New report format |
| JSON Compression | No | Yes | Gzip support |
| Rotating User-Agent | No | Yes | 14+ UAs to avoid blocks |
| SSL/TLS Info | No | Yes | Certificate details |
| Risk Scoring | No | Yes | IP risk score (0-100) |
| Username Platforms | 100+ | 129+ | +29 more platforms |
v2.5 is the most complete version yet โ with Web UI, breach detection, and 8 countries for phone OSINT!
# Clone the repository
git clone https://github.com/ruyynn/GhostIntel.git
cd GhostIntel
# Install dependencies
pip install -r requirements.txt
# Verify installation
python ghostintel.py -h# Username investigation
python ghostintel.py -u ruyynn
# Email with breach detection
python ghostintel.py -e user@gmail.com --report
# Phone number (Indonesia)
python ghostintel.py -p 08123456789
# Domain recon with tech detection
python ghostintel.py -d example.com --deep
# IP geolocation + risk score
python ghostintel.py -i 8.8.8.8
# Launch Web UI (NEW!)
python ghostintel.py -webThe biggest feature in v2.5! GhostIntel now has a beautiful web interface.
python ghostintel.py -web
# Open http://localhost:7331 in your browser| Feature | Description |
|---|---|
| Dark/Light Theme | Toggle themes, preference saved automatically |
| Scan History | Auto-saved, click to re-run any scan |
| Live Detection | Real-time entity type detection as you type |
| Visual Results | Card-based display with color-coded status |
| Clickable Links | Direct links to discovered profiles |
| Export Options | JSON/Markdown export directly from browser |
| Mobile Friendly | Responsive design, works on phone/tablet |
| Quick/Deep Mode | Toggle single or all-module scan |
The only Indonesian OSINT tool with multi-country phone lookup!
| Country | Code | Example Command | Providers |
|---|---|---|---|
| ๐ฎ๐ฉ Indonesia | +62 | -p 08123456789 |
Telkomsel, Indosat, XL, Three, Smartfren |
| ๐บ๐ธ USA | +1 | -p +12125551234 |
AT&T, Verizon, T-Mobile |
| ๐ฌ๐ง UK | +44 | -p +447700123456 |
EE, O2, Vodafone, Three |
| ๐ฒ๐พ Malaysia | +60 | -p +60123456789 |
Maxis, Celcom, DiGi, U Mobile |
| ๐ฎ๐ณ India | +91 | -p +919876543210 |
Airtel, Vi, Jio, BSNL |
| ๐ฆ๐บ Australia | +61 | -p +61412345678 |
Telstra, Optus, Vodafone |
| ๐ธ๐ฌ Singapore | +65 | -p +6581234567 |
Singtel, StarHub, M1, SIMBA |
| ๐ต๐ญ Philippines | +63 | -p +639171234567 |
Globe, Smart, DITO |
What you get from phone scan:
- E.164, international, and national formats
- Carrier/provider detection
- Location & timezone information
- WhatsApp direct link (if mobile)
- Possible social media handles from the number
New in v2.5! GhostIntel now checks email domains against known data breaches.
python ghostintel.py -e user@yahoo.com --reportWhat you get:
- Risk score (0-100) โ higher = more dangerous
- Breach details โ name, year, records exposed
- Data types โ what was leaked (emails, passwords, etc.)
- Security recommendations โ what to do next
Known breaches in database:
- Yahoo (3B records), Adobe (152M), LinkedIn (117M)
- Facebook (533M), Twitter (5.4M), Canva (139M)
- Tokopedia (91M), Bhinneka (1.2M), JD.ID (14M)
Check usernames across 129+ platforms simultaneously:
| Category | Platforms |
|---|---|
| Social | Facebook, Instagram, Twitter, TikTok, Threads, Bluesky, Snapchat, Pinterest |
| Developer | GitHub, GitLab, Bitbucket, HackerOne, Bugcrowd, Keybase, SourceForge |
| Gaming | Steam, Roblox, Xbox, PlayStation, Nintendo, Chess.com, Lichess |
| Music | Spotify, SoundCloud, Bandcamp, Genius, Mixcloud, Last.fm |
| Video | YouTube, Twitch, Vimeo, Kick, Rumble, Dailymotion, Odysee |
| Indonesian | Kaskus, Kompasiana, Detik Forum, Indowebster, Lintas.me |
| Professional | LinkedIn, Upwork, Fiverr, Freelancer, AngelList, Crunchbase |
| Blog/Forum | Medium, Reddit, Quora, Dev.to, HackerNews, ProductHunt |
python ghostintel.py -d example.com --deepDNS Records:
- A, AAAA, NS, MX, TXT, SOA, CNAME, PTR
HTTP Analysis:
- HTTP/HTTPS status codes
- Server headers, redirect chains
- Response time
Technology Detection (70+ patterns):
- CMS: WordPress, Joomla, Drupal, Shopify, Wix, Squarespace
- Frameworks: React, Vue, Angular, Next.js, Nuxt.js, Svelte
- Servers: nginx, Apache, IIS, Cloudflare, LiteSpeed, Caddy
- E-commerce: WooCommerce, Magento, BigCommerce, PrestaShop
Security Headers:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
SSL/TLS Info:
- Certificate issuer, expiry date, days left
- DNSSEC status
python ghostintel.py -i 8.8.8.8Geolocation:
- Country, region, city, coordinates
- Timezone, ISP, organization
- ASN with name
Threat Intelligence:
- Risk score (0-100) โ based on proxy/VPN/hosting status
- Proxy/VPN detection โ identifies anonymizers
- Hosting/datacenter detection
- Mobile network detection
RDAP Lookup:
- RIR assignment (ARIN, RIPE, APNIC, LACNIC, AFRINIC)
- Organization registration
- Abuse contact email
Generate professional reports in 4 formats:
| Format | Command | Best For |
|---|---|---|
| JSON | --format json |
Machine parsing, integration with other tools |
| HTML | --format html |
Interactive visual report with dark/light theme |
| TXT | --format txt |
Simple, lightweight, readable anywhere |
| Markdown | --format md |
Documentation, GitHub READMEs |
# Generate HTML report
python ghostintel.py -u ruyynn --format html -o report.html
# Generate all formats at once
python ghostintel.py -d example.com --format all -o domain_report
# Compressed JSON (saves space)
python ghostintel.py -e user@gmail.com --format json --compressScan multiple targets from a single file:
# Create targets.txt
cat > targets.txt << EOF
ruyynn
user@gmail.com
08123456789
example.com
8.8.8.8
EOF
# Run batch scan
python ghostintel.py --batch targets.txt --deep --format allBatch Options:
--batch-delay 2โ Delay between scans (seconds, avoids rate limiting)--output-dir ./reportsโ Custom output directory--quietโ Suppress console output (only save reports)
Dark theme dashboard with scan history and live detection
67 platforms found for username "Ryan"
Breach alert with risk score and security recommendations
DNS records, technology stack, and SSL certificate info
Geolocation, risk score, proxy detection, and RDAP data
Interactive HTML report with collapsible modules
Every star helps this project grow!
GhostIntel is designed for:
- Education and cybersecurity learning
- Legitimate security research
- Testing on systems you own or have permission to test
- Developing OSINT skills professionally
GhostIntel only uses public sources:
- Public DNS lookup, RDAP/WHOIS records
- Public websites and legal APIs
- Data already openly available
Prohibited use (STRICTLY FORBIDDEN):
- Doxing or exposing personal data without consent
- Stalking, harassment, or intimidation
- Illegal or criminal activities
- Accessing systems or data without authorization
By using GhostIntel, you take full responsibility for how you use this tool. The author is not responsible for any misuse.
Contributions are welcome!
1. Fork the repository
2. Create a branch: git checkout -b feature/amazing-feature
3. Commit changes: git commit -m 'Add amazing feature'
4. Push: git push origin feature/amazing-feature
5. Open a Pull RequestSee CONTRIBUTING.md for full guide.
- Bug reports โ GitHub Issues
- Feature ideas โ GitHub Discussions
- Quick questions โ DM on social media
MIT License โ Feel free to use, modify, and distribute with credit to Ruyynn.
GhostIntel v2.5
OSINT Framework Indonesia โข 100% Public Data โข For Cybersecurity Education
ยฉ 2026 Ruyynn.