Add osint-toolkit extension

[jergensturdley]

Summary

OSINT Toolkit streamlines the process of investigating potential security threats by providing instant access to 15+ leading threat intelligence platforms. Simply paste any IP address, domain, URL, or file hash, and the extension automatically detects the IOC type and presents all relevant OSINT sources.

---

***

Checklist

• I read the extension guidelines
• I read the documentation about publishing
• I ran npm run build and tested this distribution build in Raycast
• I checked that files in the assets folder are used by the extension itself
• I checked that assets used by the README are placed outside of the metadata folder

Features

Auto-Detection

• Automatically identifies IOC types: IPv4, IPv6, domains, URLs, and file hashes (MD5, SHA1, SHA256)
• Handles defanged IOCs (e.g., hxxp://example[.]com) and automatically refangs them
• Smart validation ensures only valid IOCs are processed

Favorites System

• Mark frequently used OSINT sources as favorites
• Quick action to open all favorite sources with a single keyboard shortcut
• Favorites persist across sessions

Multiple Search Options

• Open individual sources
• Open all available sources at once
• Open only your favorite sources
• Copy IOCs in original or defanged format
• Copy search URLs for sharing

Customizable

• Enable or disable individual OSINT platforms
• Automatic clipboard copy on selection (optional)

Commands

Search IOC

The primary command that auto-detects the IOC type and displays all relevant OSINT sources. This is the recommended command for most use cases.

Usage:

• Launch with search ioc
• Paste any IOC (IP, domain, URL, or hash)
• Results appear automatically as you type

The Raycast command title is "Search IOC" (internal command id: search-ioc).

Supported Platforms

• macOS and Windows

Multi-Purpose Platforms

• VirusTotal - Analyze files, URLs, domains, and IP addresses
• AlienVault OTX - Open Threat Exchange collaborative intelligence
• Pulsedive - Free threat intelligence platform
• Kaspersky OpenTIP - Kaspersky threat intelligence (hash only)

IP Intelligence

• AbuseIPDB - IP address threat intelligence and blacklist service
• Shodan - Search engine for internet-connected devices
• ipinfo.io - Comprehensive IP address data
• GreyNoise - Internet background noise intelligence

URL and Domain Analysis

• URLScan.io - Website scanner and domain investigation
• WebCheck - All-in-one website analysis tool
• WHOIS - Domain registration information lookup

Malware Analysis

• Hybrid Analysis - Free automated malware analysis
• Joe Sandbox - Advanced malware analysis (hash and IP)
• MalwareBazaar - Malware sample sharing platform
• threat.rip - Fast threat intelligence for file hashes

Threat Intelligence

• ThreatFox - IOC sharing platform by abuse.ch
• IBM X-Force Exchange - Threat intelligence sharing platform

Certificate and SSL

• Censys - Internet-wide search for devices and certificates
• crt.sh - Certificate transparency log search

You can enable or disable individual OSINT platforms in the preferences:

1. Open Raycast preferences (Cmd+,)
2. Navigate to Extensions > OSINT Toolkit
3. Toggle checkboxes for each platform

Additional Settings

• Copy IOC on Selection - Automatically copy the IOC to clipboard when opening a source

Privacy and Security

• No IOC data is stored or transmitted to third parties
• All searches open directly in your browser
• The extension only constructs search URLs; actual queries are performed by your browser
• All OSINT platforms are accessed via their public web interfaces

[raycastbot]

Congratulations on your new Raycast extension! 🚀

Due to our current reduced availability, the initial review may take up to 10-15 business days.

Once the PR is approved and merged, the extension will be available on our Store.

[Copilot]

Pull request overview

This PR introduces the OSINT Toolkit extension for Raycast, a comprehensive security tool that enables analysts to search Indicators of Compromise (IOCs) across 15+ threat intelligence platforms with automatic IOC type detection.

Key Changes:

• Auto-detects and validates IPv4, IPv6, domains, URLs, and file hashes (MD5, SHA1, SHA256)
• Supports defanged IOC refanging (e.g., hxxp://example[.]com → http://example.com)
• Implements a favorites system with persistent storage for frequently used OSINT sources

Reviewed changes

Copilot reviewed 13 out of 22 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
package.json	Defines extension metadata, commands, preferences for 18 OSINT platforms, and dependencies
search-ioc.tsx	Main command implementation with IOC auto-detection, search result rendering, and action handlers
utils/ioc-detection.ts	IOC type detection, validation logic, and defanging/refanging utilities
utils/url-builder.ts	Constructs platform-specific search URLs for each OSINT source
utils/osint-sources.ts	Configuration of 18 OSINT platforms with their supported IOC types
utils/favorites.ts	LocalStorage-based favorites management for OSINT sources
types.ts	TypeScript type definitions for IOCs, OSINT sources, and preferences
CHANGELOG.md	Documents v1.0.0 release with feature list
tsconfig.json	TypeScript compiler configuration with ES2022 target
README.md	User documentation covering features, commands, and supported platforms
LICENSE	MIT License for the extension
.eslintrc.json	ESLint configuration extending Raycast standards
.gitignore	Git ignore rules for node_modules, dist, and Codacy artifacts

[greptile-apps]

Greptile Summary

This PR introduces a new OSINT Toolkit extension that provides security analysts instant access to 15+ threat intelligence platforms for researching IOCs. The extension features auto-detection of IOC types (IPv4, IPv6, domains, URLs, hashes), defanging/refanging support, a favorites system, and configurable platform preferences.

Key strengths:

• Comprehensive IOC detection with solid validation logic
• Clean separation of concerns across utility modules
• Proper error handling and user feedback via toasts
• Well-documented with clear README and detailed changelog
• Appropriate use of Raycast API (LocalStorage for favorites, ActionPanel for UX)
• Good support for 19 OSINT platforms with platform-specific URL handling

Issues found:

• Domain mismatch for WebCheck between configuration and URL builder (needs clarification)
• Unnecessary type assertions with getPreferenceValues<ExtensionPreferences>() (Raycast auto-generates types)
• Title casing inconsistency in package.json

Confidence Score: 4/5

• This PR is safe to merge with minor improvements recommended for consistency and code quality.
• The extension demonstrates solid architecture with well-tested IOC detection, proper state management, and comprehensive platform support. The main concerns are minor: a domain mismatch that needs verification and unnecessary type assertions that don't affect runtime. The code follows Raycast conventions, includes proper error handling, and provides good user experience with favorites and keyboard shortcuts. All files are properly documented and the changelog follows the required format.
• Pay close attention to the WebCheck domain configuration to ensure consistency between osint-sources.ts and url-builder.ts.

Important Files Changed

Filename	Overview
extensions/osint-toolkit/package.json	Configuration file with 20 platform preferences. Title casing inconsistency noted. All preferences properly structured and defaults are appropriate.
extensions/osint-toolkit/src/search-ioc.tsx	Main command component with proper IOC detection, favorites management, and action panels. Type assertions could be simplified. Logic is sound and handles error cases well.
extensions/osint-toolkit/src/utils/url-builder.ts	URL construction logic is comprehensive with platform-specific handling. Domain mismatch for WebCheck between source config and URL builder needs clarification.
extensions/osint-toolkit/CHANGELOG.md	Changelog properly uses {PR_MERGE_DATE} placeholder and follows semantic versioning. Comprehensive feature listing included.

[greptile-apps]

_{13 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[jergensturdley]

ready for review

[jergensturdley]

Applied suggested changes for action menu and notification toasts. Changed webcheck to the proper domain

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[pernielsentikaer]

Why was this deleted?

[jergensturdley]

@pernielsentikaer I am not sure, I requested copilot review and received this message by surprise. Reopened as this was not intentional and looking into it.

[greptile-apps]

Additional Comments (1)

1. extensions/osint-toolkit/.gitignore, line 4 (link)

   style: This line appears to be a file path that was accidentally added to .gitignore. The backslashes and .md extension suggest this is a Windows-style path to an instructions file, not a pattern to ignore.

_{13 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[jergensturdley]

Why was this deleted?

Confirmed user error on my end when trying to sync my fork; deleted the wrong branch. Sorry about that.

[raycastbot]

This pull request has been automatically marked as stale because it did not have any recent activity.

It will be closed if no further activity occurs in the next 7 days to keep our backlog clean 😊

[jergensturdley]

Ready for review

[jergensturdley]

Completed

[greptile-apps]

Additional Comments (4)

1. extensions/osint-toolkit/package.json, line 4 (link)

   style: Title should use Title Case per Raycast conventions.

   Why: Title case improves readability and maintai... (source)

   Context Used: Rule from dashboard - What: Use title case for titles in package.json.

2. extensions/osint-toolkit/src/utils/url-builder.ts, line 69 (link)

   logic: Domain mismatch: osint-sources.ts defines WebCheck URL as https://web-check.as93.net (line 118), but this uses https://web-check.xyz/check/. These are different domains. Please verify which is correct.

3. extensions/osint-toolkit/src/search-ioc.tsx, line 70 (link)

   style: Type assertion with getPreferenceValues<ExtensionPreferences>() is unnecessary. Raycast auto-generates Preferences type in raycast-env.d.ts, so the type can be inferred without manual casting.

   Context Used: Rule from dashboard - What: Don't manually define Preferences for getPreferenceValues() or commends Argument interfa... (source)

4. extensions/osint-toolkit/src/search-ioc.tsx, line 130 (link)

   style: Type assertion is unnecessary here as well (same as line 70).

   Context Used: Rule from dashboard - What: Don't manually define Preferences for getPreferenceValues() or commends Argument interfa... (source)

_{13 files reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}

[jergensturdley]

Changes made by recommendation of greptile

[Copilot]

Pull request overview

Copilot reviewed 13 out of 22 changed files in this pull request and generated 6 comments.

[pernielsentikaer]

Hi 👋

Is this somehow similar to Raycast Store: OSINT Web Check by @gksander