A comprehensive, secure, and user-friendly TUI-based OSINT framework for ethical security research.
ArcOSINT is a modern, terminal-based OSINT (Open Source Intelligence) tool that combines powerful investigation capabilities with a beautiful, intuitive interface.
-
Email Intelligence
- Email validation and deliverability checks
- Data breach detection (HIBP integration)
- Domain analysis (SPF, DMARC, MX records)
- Reputation scoring
- Disposable email detection
-
Username Enumeration
- Search across 50+ social media platforms
- GitHub, Twitter, Instagram, LinkedIn, and more
- Concurrent searching for speed
- Profile existence verification
-
IP Address Intelligence
- Geolocation with city-level precision
- ASN and network information
- Threat intelligence scoring
- Reverse DNS lookup
- Public/private IP classification
-
Domain Analysis
- Comprehensive DNS record enumeration
- WHOIS information
- SSL certificate inspection
- Subdomain discovery
- Technology stack detection
- Security header analysis
-
Phone Number OSINT
- Phone number validation
- Carrier identification
- Geographic location
- Number type detection (mobile/landline)
- Timezone information
-
Social Media Discovery
- Cross-platform profile aggregation
- Profile data extraction
- Follower/engagement metrics
- Bio and description analysis
-
Metadata Extraction
- Image EXIF data extraction
- PDF metadata analysis
- File hash calculation (MD5, SHA1, SHA256)
- Document properties extraction
- Encrypted Configuration: API keys stored with Fernet encryption
- Privacy-Aware Logging: Automatic anonymization of sensitive data
- Rate Limiting: Built-in protections against API abuse
- Input Validation: Comprehensive validation of all user inputs
- Secure File Permissions: Automatic permission setting on config files
- No Hardcoded Secrets: All credentials stored securely
- Modern TUI Interface: Built with Textual for a beautiful terminal experience
- Real-Time Results: Asynchronous operations with live updates
- Export Options: JSON, HTML, and CSV export formats
- Keyboard Shortcuts: Efficient navigation and control
- Progress Indicators: Clear status updates for all operations
- Error Handling: Graceful error handling with helpful messages
- Python 3.8 or higher
- pip (Python package manager)
- Terminal with Unicode support
The easiest way to install ArcOSINT on Linux is using the automated installer:
# Clone or download the repository
cd ArcSecurity
# Run the installer
./install.shThis will:
- Install ArcOSINT to
~/.local/share/arcsec - Create a
arcseccommand in~/.local/bin - Set up a virtual environment with all dependencies
- Configure directories for exports
After installation, simply run:
arcsecTo uninstall:
./uninstall.sh# Clone or download the repository
cd ArcSecurity
# Install dependencies
pip install -r requirements.txt
# Make the main script executable (optional)
chmod +x arc_osint.py
# Run ArcOSINT
python arc_osint.py# Create virtual environment
python -m venv venv
# Activate virtual environment
# On Linux/Mac:
source venv/bin/activate
# On Windows:
venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Run ArcOSINT
python arc_osint.py-
Launch the Application
python arc_osint.py
-
Select Investigation Type
- Navigate tabs using mouse or keyboard
- Choose from: Email, Username, IP, Domain, Phone, Social Media, or Metadata
-
Enter Target Information
- Input the target (email, username, IP, etc.)
- Click the search button or press Enter
-
View Results
- Results appear in real-time on the right panel
- Scroll through detailed information
-
Export Results
- Press
eto export current results - Results saved in JSON and HTML formats
- Press
| Key | Action |
|---|---|
q |
Quit application |
e |
Export current results |
c |
Clear results |
h |
Show help |
Tab |
Navigate between sections |
↑↓ |
Scroll through results |
1. Select "Email" tab
2. Enter: target@example.com
3. Click "Search Email"
4. Review: validation, breaches, domain info, reputation
1. Select "Username" tab
2. Enter: johndoe
3. Click "Search Username"
4. See profiles found across 50+ platforms
1. Select "IP Address" tab
2. Enter: 8.8.8.8
3. Click "Lookup IP"
4. View: location, ASN, DNS, threat data
Some features require API keys for full functionality:
- Have I Been Pwned (HIBP): Email breach checking
- AbuseIPDB: IP threat intelligence
- WhoisXML: Enhanced WHOIS data
API keys are stored encrypted in ~/.arc_osint/api_keys.enc
# Example: Adding API keys programmatically
from utils.config_manager import ConfigManager
config = ConfigManager()
config.set_api_key('haveibeenpwned', 'your_api_key_here')
config.set_api_key('abuseipdb', 'your_api_key_here')Or edit the configuration directly through the app (feature can be added).
ArcSecurity/
├── arc_osint.py # Main application entry point
├── modules/ # OSINT investigation modules
│ ├── __init__.py
│ ├── email_osint.py # Email intelligence
│ ├── username_osint.py # Username enumeration
│ ├── ip_osint.py # IP address intelligence
│ ├── domain_osint.py # Domain analysis
│ ├── phone_osint.py # Phone number OSINT
│ ├── social_osint.py # Social media discovery
│ └── metadata_osint.py # File metadata extraction
├── utils/ # Utility modules
│ ├── __init__.py
│ ├── config_manager.py # Secure configuration
│ ├── export_manager.py # Export functionality
│ └── logger.py # Privacy-aware logging
├── requirements.txt # Python dependencies
└── README.md # This file
- No Data Collection: ArcOSINT doesn't collect or transmit your data
- Local Storage: All configurations and logs stored locally
- Encrypted Secrets: API keys encrypted with Fernet (AES-128)
- Anonymized Logs: Sensitive data automatically redacted in logs
- Configuration files have restrictive permissions (0600)
- Input validation prevents injection attacks
- Rate limiting prevents API abuse
- No hardcoded credentials
- Secure random key generation
- Results are stored locally only
- Export files saved to user-controlled directory
- Logging can be disabled via configuration
- No telemetry or analytics
ArcOSINT is designed for authorized security research, penetration testing, and OSINT investigations only.
Permitted Uses:
- Security research on your own systems
- Authorized penetration testing
- OSINT for legal investigations
- Educational purposes
- Bug bounty programs
- Authorized red team operations
Prohibited Uses:
- Unauthorized access to systems
- Harassment or stalking
- Identity theft
- Corporate espionage
- Any illegal activities
- Obtain Authorization: Always get written permission before investigating
- Respect Privacy: Use responsibly and ethically
- Follow Laws: Comply with local laws and regulations
- Rate Limiting: Respect API rate limits and terms of service
- Attribution: Give credit when using discovered information
Contributions are welcome! Here's how you can help:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test thoroughly
- Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Add new OSINT modules
- Improve platform detection
- Enhance UI/UX
- Add more export formats
- Improve documentation
- Add unit tests
- Optimize performance
Issue: "Module not found" errors
# Solution: Install all dependencies
pip install -r requirements.txtIssue: Permission denied on config files
# Solution: Fix permissions
chmod 700 ~/.arc_osint
chmod 600 ~/.arc_osint/*Issue: SSL certificate errors
# Solution: Update certificates
pip install --upgrade certifiIssue: Slow performance
- Check internet connection
- Reduce concurrent requests in code
- Use API keys to avoid rate limiting
- Browser automation for deep web scraping
- Dark web monitoring capabilities
- Cryptocurrency address tracking
- Threat feeds integration
- Custom plugin system
- REST API server mode
- Collaborative investigation mode
- AI-powered entity resolution
- Graph visualization of connections
- Integration with MISP/OpenCTI
This project is licensed under the MIT License - see below:
MIT License
Copyright (c) 2026 Arcbase
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
- Textual: Amazing TUI framework
- Rich: Beautiful terminal formatting
- dnspython: DNS toolkit
- phonenumbers: Phone number parsing
- Have I Been Pwned: Breach data API
- AbuseIPDB: Threat intelligence
- All the open-source contributors
- Issues: Open an issue on GitHub
- Security: Report security issues privately
- Discussions: Join our community discussions
If you find ArcOSINT useful, please consider giving it a star! ⭐
Made with ❤️ for the security community
Stay secure, stay ethical