TOOL SUITE

// OSINT TOOL SUITE

Integrated documentation hub for six curated OSINT tool suites. Copy flags to clipboard, run a simulated suite in NAVI, and jump between tools via the radar TOC.

theHarvesterOWASP AmassSpiderFootholeheOSINT FrameworkFMHY Index

RECONv4.x · GPL-2.0 · Python

theHarvester

Email · Subdomain · Name harvesting from 40+ public sources

Passive/semi-passive OSINT harvester. Queries search engines, Certificate Transparency logs, DNS datasets, and Shodan to surface email addresses, subdomains, virtual hosts, and employee names tied to a target domain.

Use Cases

▸Enumerate all subdomains of a target org before engagement
▸Surface email patterns for spear-phishing risk assessment
▸Cross-reference Certificate Transparency for shadow IT assets

Key Flags

-d example.com# Target domain

-b all# Use all data sources

-l 200# Limit results to 200

-f report# Output to HTML/XML report

Data Sources

GoogleBingLinkedInShodancrt.shDNSDumpsterVirusTotal

Deployment

Run as Docker container or virtualenv worker. Wire results through the Python indexer pipeline inservices/indexerfor de-duplication before surfacing in the directory.

ENUMv4.x · Apache-2.0 · Go

OWASP Amass

Attack-surface mapping · DNS graph · Infrastructure correlation

Go-based tool from OWASP that builds a graph of an organization's external network exposure. Combines passive DNS, Certificate Transparency, active DNS brute-forcing, and many intel feeds to produce a graph of hosts, ASNs, CIDRs, and infrastructure relationships.

Use Cases

▸External attack surface inventory for enterprises
▸Continuous subdomain monitoring (cron + diff)
▸ASN and CIDR correlation for IP pivoting

Key Flags

enum -passive -d example.com# Passive-only enumeration

enum -active -d example.com# Active DNS + brute-force

viz -d3 -d example.com# D3 graph visualization

db -show -d example.com# Query stored results

Data Sources

PassiveTotalSecurityTrailsShodanAlienVaultcrt.shVirusTotal

Deployment

Run as Docker container or virtualenv worker. Wire results through the Python indexer pipeline inservices/indexerfor de-duplication before surfacing in the directory.

AUTOv4.0 · MIT · Python

SpiderFoot

200+ modules · IP · Domain · Email · Person · Org OSINT automation

Comprehensive OSINT automation framework with a built-in web UI and SQLite backend. Supports targets of type IP, domain, email address, username, phone, subnet, ASN, and more. Outputs to CSV, JSON, GEXF for Gephi, and has YAML-based correlation rules.

Use Cases

▸One-click intelligence sweep across all available modules
▸Username → social graph expansion via 120+ site checks
▸Automated dark-web and paste-site breach monitoring

Key Flags

--scan <target># Launch new scan

-l 127.0.0.1:5001# Start Web UI locally

--modules all# Use all modules (slow)

Sample Modules

sfp_dnsresolvesfp_shodansfp_haveibeenpwnedsfp_instagramsfp_twittersfp_crtshsfp_virustotalsfp_pastebinsfp_darknet

Deployment

Run as Docker container or virtualenv worker. Wire results through the Python indexer pipeline inservices/indexerfor de-duplication before surfacing in the directory.

EMAILv1.x · GPL-3.0 · Python

holehe

Check 120+ services for email account registration

Fast async email-to-account discovery tool. Uses password-recovery and registration flows to determine whether an email address is linked to an account on 120+ popular services without alerting the target. Outputs per-service dicts with exists, rateLimit, and recovery hints.

Use Cases

▸Map an email address to all associated platform accounts
▸Pre-engagement digital footprint assessment
▸Brand monitoring for leaked corporate emails

Key Flags

holehe user@domain.tld# Check all 120+ services

--only-used# Show only positive hits

--json# JSON output

Supported Services (sample)

TwitterInstagramGitHubSpotifyAdobeDropboxRedditLinkedInDiscord

Deployment

Run as Docker container or virtualenv worker. Wire results through the Python indexer pipeline inservices/indexerfor de-duplication before surfacing in the directory.

DIRv∞ · MIT · JSON/d3

OSINT Framework

Hierarchical OSINT tool directory — 500+ categorized resources

A massive JSON-driven hierarchical tree of OSINT techniques and tools. Enriched with metadata: description, pricing, input/output types, OPSEC rating, and API availability. Tools are tagged (T) local, (D) dork, (R) registration, (M) manual URL.

FMHY Index

Free Media Heck Yeah — curated megaindex of free internet resources

The internet's most comprehensive curated index of free media and tools: streaming, music, books, gaming, AI, torrenting, privacy, and more. Organized as a wiki with thousands of vetted links across hundreds of categories.

// INTEGRATION ARCHITECTURE

Backend pipeline

▸ Spawn tool as subprocess or Docker container
▸ Stream stdout to job queue (Redis/BullMQ)
▸ Parse JSON output into canonical schema
▸ Run through services/indexer/dedupe.py
▸ Store de-duped results in Postgres or SQLite

Frontend display

▸ Poll job status via /api/jobs/[id]
▸ Stream findings to results table (SSE or polling)
▸ Export as JSON/CSV from results panel
▸ Promote curated findings to directory index
▸ Tag with schema (Medical, Curious Science, etc.)

↳ VIEW DIRECTORY INDEX