Skip to content
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals πŸ•΅οΈ πŸ•΅οΈ πŸ•΅οΈ
Branch: master
Clone or download
Latest commit 8f95c17 Jun 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs minor fixes Jun 22, 2019
.gitignore updated gitignore May 30, 2019
CHANGELOG.md fixed #24 Jun 22, 2019
CODE_OF_CONDUCT.md fixed #17, #18 Jun 15, 2019
CONTRIBUTING.md fixed #17, #18 Jun 15, 2019
LICENSE added readme, license and .gitignore Apr 13, 2019
README.md minor fix Jun 23, 2019
icon.ico icon and dist code changes Apr 24, 2019
pockint.py minor fixes Jun 22, 2019
test.py fixed #16, #20 Jun 22, 2019
utils.py minor fixes Jun 22, 2019

README.md

Icon

made with python Supported platforms GitHub release GitHub last commit PRs Welcome GitHub All Releases Twitter Follow

POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner.

demo

Installation

You can grab the latest version from the releases page. POCKINT is provided as a single executable that can be stored and run anywhere on computers. POCKINT is available for Windows and Linux platforms.

Features

Why use it? POCKINT is designed to be simple, portable and powerful.

⭐️ Simple: There's a plethora of awesome OSINT tools out there. Trouble is they either require analysts to be reasonably comfortable with the command line (think pOSINT) or give you way too many features (think Maltego). POCKINT focuses on simplicity: INPUT > RUN TRANSFORM > OUTPUT ... rinse and repeat. It's the ideal tool to get results quickly and easily through a simple interface.

πŸ“¦ Portable: Most tools either require installation, a license or configuration. POCKINT is ready to go whenever and wherever. Put it in your jump kit USB, investigation VM or laptop and it will just run.

πŸš€ Powerful: POCKINT combines cheap OSINT sources (whois/DNS) with the power of specialised APIs. From the get go you can use a suite of in-built transforms. Add in a couple of API keys and you can unlock even more specialised data mining capabilities.

The latest version is capable of running the following data mining tasks:

Domains

Source Transform API key needed?
DNS IP lookup ❌
DNS MX lookup ❌
DNS NS lookup ❌
DNS TXT lookup ❌
Virustotal Downloaded samples βœ”οΈ
Virustotal Detected URLs βœ”οΈ
Virustotal Subdomains βœ”οΈ

IP Adresses

Source Transform API key needed?
DNS Reverse lookup ❌
Shodan Ports βœ”οΈ
Shodan Geolocate βœ”οΈ
Shodan Coordinates βœ”οΈ
Shodan CVEs βœ”οΈ
Shodan ISP βœ”οΈ
Shodan City βœ”οΈ
Shodan ASN βœ”οΈ
Virustotal Network report βœ”οΈ
Virustotal Communicating samples βœ”οΈ
Virustotal Downloaded samples βœ”οΈ
Virustotal Detected URLs βœ”οΈ

Urls

Source Transform API key needed?
DNS Extract hostname ❌
Virustotal Malicious check βœ”οΈ
Virustotal Reported detections βœ”οΈ

Hashes

Source Transform API key needed?
Virustotal Malicious check βœ”οΈ
Virustotal Malware type βœ”οΈ

MD5 and SHA256 hashes are searchable

Emails

Source Transform API key needed?
N/A Extract domain ❌

New APIs and input integrations are constantly being added to the tool. Consult the roadmap to check out what's brewing or propose your own favourite API/input.

Credits

Credit goes to the following people for their contributions to the project, either as providers of early feedback/ideas or for their awesome help in spreading the word:

You can’t perform that action at this time.