Skip to content

DavidJara1998/OSINTool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
osintool.py
osintool.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

OSINTool

Open Source Intelligence (OSINT) reconnaissance framework built in Python.

OSINTool is a modular CLI tool for gathering intelligence on domains, email addresses, and usernames. Built for penetration testers, bug bounty hunters, and security researchers.

Features

Module Description
Domain Intelligence DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA) + IP geolocation
Subdomain Enumeration Brute-force 70+ common subdomains with HTTP probing
Email Intelligence Gravatar lookup, Google Workspace / Microsoft 365 detection
Email Generator Generate likely email formats from a name + domain
Username Search Scan 24 platforms for a username simultaneously
Report Export Save results as JSON or dark-themed HTML report

Installation

git clone https://github.com/DavidJara1998/OSINTool.git
cd OSINTool
pip install -r requirements.txt

Usage

python osintool.py [OPTIONS]

Options

  -d, --domain DOMAIN       Target domain for DNS/IP intelligence
  -s, --subdomains          Run subdomain enumeration (requires --domain)
  -e, --email EMAIL         Target email address for intelligence
  -u, --username USERNAME   Username to search across platforms
  -n, --name NAME           Full name for email generation
  -g, --gendomain DOMAIN    Domain for email generation (use with --name)
  -o, --output FORMAT       Export: json | html | both
  -t, --threads N           Threads for scanning (default: 20)
      --timeout SEC         Request timeout in seconds (default: 8)

Examples

# Domain intelligence only
python osintool.py --domain example.com

# Domain + subdomain enumeration
python osintool.py --domain example.com --subdomains

# Email intelligence
python osintool.py --email john@example.com

# Generate likely emails from a name
python osintool.py --name "John Doe" --gendomain example.com

# Search username across 24 platforms
python osintool.py --username johndoe

# Full recon + HTML report
python osintool.py --domain example.com --subdomains --output html

# Combine domain + email + username with JSON export
python osintool.py --domain example.com --email admin@example.com --username johndoe --output both

Modules

modules/domain.py — Domain Intelligence

  • Queries DNS via Google DoH (no external DNS library needed)
  • Record types: A, AAAA, MX, NS, TXT, CNAME, SOA
  • IP geolocation via ipinfo.io: city, region, country, ASN, timezone

modules/subdomain.py — Subdomain Enumeration

  • Wordlist of 70+ common subdomains (www, api, dev, staging, admin, etc.)
  • Multithreaded socket resolution
  • HTTP/HTTPS probing with status code and page title extraction

modules/email_osint.py — Email Intelligence

  • Gravatar: lookup by MD5 hash of email — returns display name, username, location, bio, URL
  • Mail provider detection: checks MX records for Google Workspace and Microsoft 365
  • Email generation: 7 common patterns (first.last, flast, first_last, etc.)

modules/username.py — Username Search

Searches across 24 platforms:

GitHub, GitLab, Twitter/X, Instagram, Reddit, LinkedIn, TikTok, YouTube, Twitch, Pinterest, Medium, Dev.to, HackerNews, Pastebin, Steam, Keybase, DockerHub, NPM, PyPI, HackTheBox, TryHackMe, Bugcrowd, HackerOne

modules/reporter.py — Report Generation

  • Terminal summary with Rich formatting
  • JSON export: structured data with timestamp
  • HTML export: dark-themed report (GitHub dark palette) with sortable tables

Sample Output

Domain Intelligence — example.com

DNS Records:
  A       93.184.216.34
  MX      0 .
  NS      a.iana-servers.net
  NS      b.iana-servers.net

IP Info (93.184.216.34):
  city        Los Angeles
  region      California
  country     US
  org         AS15133 Edgecast Inc.
  timezone    America/Los_Angeles

Legal Disclaimer

This tool is intended for authorized security assessments only. Always obtain explicit written permission before scanning any target. Unauthorized use may violate local laws and regulations. The author assumes no liability for misuse.

License

MIT License — see LICENSE

About

OSINT reconnaissance framework: domain intel, subdomain enum, email lookup, username search across 24 platforms

Topics

python osint cybersecurity ethical-hacking red-team security-tools threat-intelligence reconnaissance subdomain-enumeration username-lookup email-lookup domain-intelligence

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages