A modular, French-friendly OSINT CLI: domain, IP, email, phone, username, and person investigations with an interactive menu, caching, defaults, and a global scan/report.
- Domain: DNS records, HTTP title/headers, WHOIS (best effort)
- IP: Geolocation/ASN via ipapi.co (no key)
- Email: Syntax, MX, Gravatar (image + profile), simple web hits, optional HIBP breach check, optional EmailRep enrichment
- Plus: recherches ciblées site: via config, détection de commits GitHub, score de confiance, pivot optionnel vers Person si nom détecté.
- Phone: Format, type, carrier, region, timezones
- Username: Presence on many platforms (fast/deep modes)
- Person: Username permutations, platform checks, simple search, cross-link hints
- Async checks: httpx-based with bounded concurrency; toggle SQLite cache for async results
- Defaults: Persist country/location/sites/categories/mode/region (
show-defaults,set-defaults) - Scan: Aggregate multiple targets and export JSON/HTML; optional Sites-HTML (grouped) and GraphML
- List supported sites:
list-siteswith filters by category and substring - Proxies/Tor: Per-command flags and per-action prompts in the menu (HTTP/HTTPS/SOCKS/Tor)
- FR focus: Includes and prioritizes popular French platforms when country=FR
- Web analyzer: Passive web hygiene checks (security headers, cookies flags, mixed content, well-known files; optional deep paths) + advanced signals (CSP scoring, HSTS preload readiness, cookies metrics, CORS flags, third-party/SRI, security.txt parsing)
Create and activate a virtual environment:
py -3 -m venv .venv
.\.venv\Scripts\Activate.ps1Install dependencies:
pip install -r requirements.txtRun the CLI:
python -m osint_tool --help
python -m osint_tool domain example.com
python -m osint_tool ip 8.8.8.8
python -m osint_tool email alice@example.com
python -m osint_tool phone +33612345678 --region FR
python -m osint_tool username dupontjean --mode fast
python -m osint_tool person Jean Dupont -l Paris -c FR --mode deep
python -m osint_tool web https://example.com --mode fast --json
python -m osint_tool web https://example.com --out "E:\\tmp\\web.json" --html "E:\\tmp\\web.html"
python -m osint_tool web https://example.com --csv "E:\\tmp\\web_summary.csv"
python -m osint_tool web https://example.com --batch-urls "E:\\tmp\\urls.txt" --csv "E:\\tmp\\batch_summary.csv"Open the interactive menu:
python -m osint_tool menu
In the menu, option 15 launches the passive Web analysis.
You’ll be prompted for optional JSON/HTML export paths.
You’ll be prompted for optional JSON/HTML/CSV export paths.List supported platforms (with filters):
python -m osint_tool list-sites --json
python -m osint_tool list-sites --category dev
python -m osint_tool list-sites --contains git
python -m osint_tool list-sites --category social,fr --contains instaShow current defaults:
python -m osint_tool show-defaults --jsonSet defaults (values are persisted under %USERPROFILE%.osint_tool\config.json):
python -m osint_tool set-defaults --country FR --location Paris --include GitHub,Instagram --mode deep --region FRReset defaults:
python -m osint_tool set-defaults --resetNote: après un reset, le mode deep inclut par défaut LinkedIn, TikTok, Pinterest et Snapchat (modifiable via set-defaults ou le menu).
Performance and cache defaults (async):
python -m osint_tool set-defaults --concurrency 20 --deep-concurrency 40 --sqlite-cache-enabled trueRun a combined scan (only the provided items are scanned):
python -m osint_tool scan --username dupontjean --first Jean --last Dupont --email jean.dupont@example.com --ip 8.8.8.8 --domain example.com --html "E:\code\osint\tool osint\report.html" --out "E:\code\osint\tool osint\report.json"Tips:
- On Windows, quote paths with spaces and use backslashes.
- Defaults (country/location/include/exclude/mode/region) are applied automatically where relevant.
Additional exports:
python -m osint_tool scan --username demo --out "E:\tmp\scan.json" --sites-html "E:\tmp\sites.html" --graphml "E:\tmp\scan.graphml"
## Web analyzer
Perform a passive security hygiene analysis of a website:
```powershell
python -m osint_tool web https://example.com --mode fast --json
python -m osint_tool web https://example.com --out "E:\\tmp\\web.json" --html "E:\\tmp\\web.html"What it checks (non-intrusive) and score:
- Security headers presence/quality: CSP, X-Frame-Options, HSTS, Referrer-Policy, X-Content-Type-Options, Permissions-Policy
- Cookies flags: Secure/HttpOnly/SameSite when cookies are set + cookies metrics (counts per weakness)
- CSP parsing and scoring: flags unsafe-inline/unsafe-eval, nonce/hash presence, frame-ancestors, object-src none, base-uri, upgrade-insecure-requests, block-all-mixed-content
- HSTS preload readiness: ready state + reasons (max-age, includeSubDomains, preload)
- CORS analysis: ACAO/ACAC/ACH/ACM and wildcard-with-credentials risk
- Third-party resources and SRI: counts and top domains, missing integrity attributes
- security.txt parsing: contacts, encryption, expires
- Mixed content: http:// resources on https pages
- Well-known files: robots.txt, sitemap.xml, security.txt, etc.
- Deep mode adds extra passive paths: .git/HEAD, .env, server-status, wp-json, swagger-ui, etc. (best-effort)
- A simple hygiene score (0–100, grade A–E) summarizing findings
CSV exports
- Single URL:
--csv pathwrites a one-line summary with columns: url, status, https, score, grade, vuln_count, vuln_types, mixed_count, weak_cookies, deep_exposed_count, csp_score, cors_wildcard, thirdparty_count, missing_sri, hsts_preload_ready. - Batch: create a text file with one URL per line, then
--batch-urls file --csv pathto produce an aggregated CSV with the same columns.
Network privacy works here too (HTTP/HTTPS/SOCKS/Tor) via per-command flags or the menu’s per-action prompt.
### Enhanced email analysis
- Gravatar: detects avatar presence and fetches public profile (display name, accounts) when available.
- Web hits: runs a simple DuckDuckGo search for the email.
- HaveIBeenPwned (optional): set your API key and a user agent to enable breach lookups.
- EmailRep (optional): enrich known profiles/socials/classifications (requires API key).
- Site-scoped searches: customize domains via set-defaults --site-search-domains.
- GitHub: best-effort commit hits for the email.
- Confidence score: results sorted with a simple heuristic.
- Auto pivot to Person: enable/disable with set-defaults --email-auto-pivot-person true|false.
Configure HIBP:
```powershell
python -m osint_tool set-defaults --hibp-api-key YOUR_HIBP_KEY --hibp-user-agent "your-app/1.0 (contact@example.com)"
Configure EmailRep:
python -m osint_tool set-defaults --emailrep-api-key YOUR_EMAILREP_KEYOutput consolidation:
- The email report includes a
sitessection aggregating discoveries:- From Gravatar profile accounts (when present)
- From EmailRep profiles
- From HIBP breaches (site names)
- From search hits (domains)
You can also export only the discovered sites as grouped HTML from email, username, person, and scan commands via --sites-html.
- WHOIS and some sites may rate-limit; the tool uses short timeouts and a small backoff.
- Caching: async checks use a small SQLite key-value cache (toggle via defaults); classic operations also use a simple file TTL cache. Clear both via the CLI command below.
- For privacy/legality, use responsibly and respect target sites’ terms.
Network privacy and anti-blocking:
- Per-command flags (HTTP/HTTPS/SOCKS,
--use-tor) or per-action prompts in the menu. - SOCKS via
socks5h://host:portis supported (Tor default 127.0.0.1:9050).
- The person and username commands inherit the default mode from
set-defaultswhen--modeis omitted. - Clear the local cache via CLI:
python -m osint_tool clear-cache(also available in the menu, option 9).
- Activez des logs détaillés avec
--verbose(ou-v). - Écrivez les logs dans un fichier avec
--log-file "E:\\tmp\\osint.log". - Définissez des valeurs par défaut persistantes:
python -m osint_tool set-defaults --log-level DEBUG --log-file "E:\\logs\\osint.log"Exemples d'utilisation:
python -m osint_tool email cible@example.com --verbose
python -m osint_tool username snaken18 -v --log-file "E:\\tmp\\run.log"Depuis le menu (option 8 → Configurer), vous pouvez aussi définir le niveau de logs et le fichier par défaut.