POC : OSINT with LLM

This repository demonstrates domain, IP, and email reconnaissance with LLM-powered security reporting..

---

Overview

The project is divided into two main components:

1. Recon Modules
2. LLM Analysis and reporting

---

Recon Modules

Purpose

Gathering information about an ip, domain or email

Approach

• Domain OSINT:

  • WHOIS Lookup

  • Shodan Info Gathering

  • SSL Certificate Validation

  • VirusTotal "malicious/clean" status

• IP Recon:

  • AbuseIPDB score & classification

• Email Recon:

  • Breach/exposure lookup

LLM Analysis and reporting

• Converts technical OSINT into human-readable summaries

• Extracts key findings & risk insights

• Generates reports

Required API keys for OSINT modules

• VT_API_KEY=your_virustotal_api_key
• ABUSEIPDB_KEY=your_abuseipdb_api_key
• SHODAN_KEY=your_shodan_api_key

Usage

Install dependencies

pip3 install -r requirements.txt

Demo

python3 main.py

When finished:

• OSINT recon runs

• LLM analyzes results

• A report is saved in /reports/

Demo with domain

Demo with ip

Demo with email

Notes

• The scripts are designed to be run locally, in a Python 3.13+ environment with the listed dependencies.
• Install Ollama on your machine and add the MISTRAL model.
• This poc is only for education purpose.