### Install OSINT Recon Suite and Dependencies Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Clone the repository, run the setup script to install system dependencies, Python packages, and Go tools. Configure API keys in `configs/api_keys.conf` and verify the installation. ```bash git clone https://github.com/Panda1847/osint-recon-suite.git cd osint-recon-suite chmod +x scripts/setup.sh ./scripts/setup.sh pip3 install -r requirements.txt ./scripts/install_go_tools.sh cp configs/api_keys.example configs/api_keys.conf cat > configs/api_keys.conf < /etc/proxychains.conf < results/subdomains_final.txt wc -l results/subdomains_final.txt ``` -------------------------------- ### Sublist3r for Subdomain Enumeration Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Employ Sublist3r to enumerate subdomains using search engine queries. Save the discovered subdomains to a specified output file. ```bash python3 tools/Sublist3r/sublist3r.py -d example.com -o results/sublist3r.txt ``` -------------------------------- ### IPinfo Geolocation and Details Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Retrieves geolocation data and other details for a given IP address using IPinfo. ```bash python3 tools/ipinfo.py 1.2.3.4 ``` -------------------------------- ### Configure OSINT Tools via YAML Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Customize tool behavior, timeouts, and data sources by editing the `configs/tools.yaml` file. This provides centralized control over various OSINT tools. ```yaml # configs/tools.yaml shodan: timeout: 30 max_results: 100 facets: - country - port - org subfinder: sources: - crtsh - virustotal - censys - securitytrails - shodan timeout: 10 max_results: 500 theHarvester: engines: - google - bing - linkedin - shodan - censys limit: 500 start: 0 amass: passive: true timeout: 60 max_dns_queries: 20000 reporting: format: pdf include_screenshots: true redact_sensitive: false logo: assets/logo.png ``` -------------------------------- ### Assetfinder for Subdomain Discovery Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Use assetfinder to quickly discover subdomains of a target domain. Redirect the output to a file for further processing. ```bash assetfinder --subs-only example.com >> results/subdomains_all.txt ``` -------------------------------- ### Perform Web-Based Username Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Utilize the WhatsMyName tool, executed via Python, to search for a username on various web platforms. ```python python3 tools/whatsmyname.py username ``` -------------------------------- ### Comprehensive Subdomain Enumeration with Amass Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Utilize Amass for thorough subdomain enumeration, gathering a wide range of subdomains for a target domain. Results are saved to a text file. ```bash # Amass - Comprehensive enumeration amass enum -d example.com -o amass_results.txt ``` -------------------------------- ### Analyze OSINT Data and Generate PDF Report Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Process collected OSINT data using `analyze.py` for correlation and deduplication, then generate a professional PDF report with `generate_report.py`. Specify input directories, target, output file, analyst name, and date. ```bash # Analyze all collected data for a target python3 tools/analyze.py --input recon_data/example.com/ ``` ```bash # Generate PDF report python3 tools/generate_report.py \ --target example.com \ --input recon_data/example.com/ \ --output reports/example_com_report.pdf \ --analyst "Security Team" \ --date 2026-01-14 ``` -------------------------------- ### ExifTool Batch Metadata Extraction Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Recursively extracts EXIF metadata from all image files within a specified directory. ```bash exiftool -r /path/to/images/ ``` -------------------------------- ### Person Reconnaissance Workflow Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Automates the investigation of an individual by gathering information from various online sources, including social media, public records, and professional profiles. ```bash ./scripts/person_recon.sh "John Doe" john.doe@email.com ``` -------------------------------- ### ExifTool Metadata Extraction Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Extracts EXIF metadata from an image file using ExifTool. ```bash exiftool image.jpg ``` -------------------------------- ### Certificate Transparency Search (crt.sh) Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches for SSL/TLS certificates issued for a domain using crt.sh. ```bash python3 tools/crtsh.py example.com ``` -------------------------------- ### Subdomain Discovery with Assetfinder Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Use Assetfinder to discover subdomains of a target domain. The --subs-only flag ensures only subdomains are returned. ```bash assetfinder --subs-only example.com ``` -------------------------------- ### Check Email Account Registrations with Holehe Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Use the Holehe tool to determine which services an email address is registered with. Requires Python execution. ```python holehe target@email.com ``` -------------------------------- ### Historical WHOIS Lookup Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Retrieves historical WHOIS data for a domain. ```bash python3 tools/whois_history.py example.com ``` -------------------------------- ### theHarvester Email and Subdomain Enumeration Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Harvest email addresses and subdomains from public search engines and data sources. Use the -b flag to specify sources and -l to limit results. Save output with -f. ```bash # Harvest from all available sources theHarvester -d example.com -b all # Target specific sources theHarvester -d example.com -b google,linkedin,bing -l 500 # Save results to XML theHarvester -d example.com -b all -f results/example_harvest # Expected output: # [*] Searching Google... # [*] Searching LinkedIn... # Emails found: # ?-------------- # john@example.com # admin@example.com # support@example.com # Hosts found: # ?-------------- # mail.example.com:1.2.3.5 # www.example.com:1.2.3.4 ``` -------------------------------- ### DNS Zone Transfer and Standard Recon with DNSRecon Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Perform standard DNS reconnaissance, including zone transfers if permitted, for a target domain using DNSRecon. ```bash # DNSRecon dnsrecon -d example.com -t std ``` -------------------------------- ### Alternative Dark Web Search with DarkSearch Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Use the DarkSearch Python script as an alternative to Ahmia for searching dark web content. Requires a target domain or keywords. ```python # DarkSearch engine alternative python3 tools/darksearch.py "example.com" ``` -------------------------------- ### Report Generation Script Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Generates a professional OSINT report for a given target, outputting to a specified file. ```bash python3 tools/generate_report.py --target target.com --output report.pdf ``` -------------------------------- ### Advanced Username OSINT with Maigret Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Employ the Maigret tool for in-depth username reconnaissance across numerous sites. The --all-sites flag enables a comprehensive search. ```bash maigret username --all-sites ``` -------------------------------- ### DNSRecon for DNS Enumeration Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Perform standard DNS reconnaissance, including zone transfers and brute-force subdomain discovery, using DNSRecon. Ensure a wordlist is available for brute-forcing. ```bash # Standard DNS reconnaissance dnsrecon -d example.com -t std # Attempt zone transfer dnsrecon -d example.com -t axfr # Brute-force subdomains via DNS dnsrecon -d example.com -t brt -D /usr/share/wordlists/subdomains.txt ``` -------------------------------- ### Harvest Emails from Search Engines with theHarvester Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Utilize theHarvester to gather email addresses associated with a specific domain from various search engine sources. The '-b all' option searches all available sources. ```bash # Email harvesting from search engines theHarvester -d example.com -b all # Specific sources theHarvester -d example.com -b google,linkedin,bing ``` -------------------------------- ### Verify Public IP Address Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Check your current public IP address using `ipinfo.py` and `curl` to ensure your VPN or Tor connection is active and masking your real IP. The expected output shows the VPN/Tor exit node IP. ```bash # Verify your exit IP before starting python3 tools/ipinfo.py $(curl -s https://api.ipify.org) ``` -------------------------------- ### Extract GPS Data and Map Location from Images Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Utilize a Python script to extract GPS coordinates from an image and generate a Google Maps link for the location. Requires an image file as input. ```python # Extract GPS and map location python3 tools/image_gps.py image.jpg --map ``` -------------------------------- ### Search Indexed .onion Sites via Ahmia Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Search dark web content using the Ahmia search engine through a Python script. Supports keyword searches and anonymous searching via Tor. ```bash # Search dark web for keywords python3 tools/ahmia_search.py "example company breach" ``` ```bash # Search with Tor routing for anonymity torsocks python3 tools/ahmia_search.py "target keyword" ``` -------------------------------- ### Perform Person Investigation Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Use the `person_recon.sh` script to generate a detailed dossier on an individual by searching for online presence, professional information, digital footprint, and geolocation data. ```bash # Person investigation ./scripts/person_recon.sh "John Doe" john.doe@email.com ``` -------------------------------- ### Find Username Across Multiple Sites Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Use the Sherlock tool to search for a given username across hundreds of online platforms. Results can be exported to a file. ```bash # Find username across 400+ sites sherlock username # Export results sherlock username --output results.txt ``` -------------------------------- ### Gather Company Intelligence Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Initiate the `company_recon.sh` script to collect corporate intelligence, including infrastructure details, employee information, technology stack, and data breach checks. ```bash # Company intelligence ./scripts/company_recon.sh examplecorp.com ``` -------------------------------- ### Data Analysis Script Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Analyzes gathered reconnaissance data from a specified input directory. ```bash python3 tools/analyze.py --input recon_data/ ``` -------------------------------- ### LinkedIn Scraper Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Scrapes information about a company from LinkedIn. ```bash python3 tools/linkedin_scraper.py company_name ``` -------------------------------- ### Deep Social Media Analysis with Social Analyzer Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Use the Social Analyzer script to perform detailed analysis of a target user's social media presence. Requires Python execution. ```python python3 tools/social_analyzer.py --username target_user ``` -------------------------------- ### Shodan Query Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches Shodan using a custom query string to find specific devices or services. ```bash python3 tools/shodan_search.py --query "apache country:US" ``` -------------------------------- ### Twint Twitter/X Follower Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Uses Twint to scrape follower information for a given Twitter/X username. ```bash twint -u username --followers ``` -------------------------------- ### Shodan IP Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches Shodan for devices and services associated with a specific IP address. ```bash python3 tools/shodan_search.py --ip 1.2.3.4 ``` -------------------------------- ### Ahmia Dark Web Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches the dark web using the Ahmia search engine with a specified query. ```bash python3 tools/ahmia_search.py "search query" ``` -------------------------------- ### Amass Comprehensive Subdomain Enumeration Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Conduct comprehensive subdomain enumeration using Amass, including passive data sources. Results can be saved to a file using the -o flag. ```bash # Comprehensive enumeration with Amass amass enum -d example.com -o results/amass_results.txt -passive ``` -------------------------------- ### Google Images Reverse Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Conducts a reverse image search on Google Images for a specified image file. ```bash python3 tools/google_images.py image.jpg ``` -------------------------------- ### Image GPS Coordinate Mapping Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Extracts GPS coordinates from an image and displays the location on a map. ```bash python3 tools/image_gps.py image.jpg --map ``` -------------------------------- ### Extract EXIF Metadata from Images Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Use ExifTool to extract all embedded metadata from image files, including GPS coordinates, camera information, and timestamps. Supports batch processing of directories and CSV output. ```bash # Extract all metadata from an image exiftool image.jpg ``` ```bash # Extract only GPS data exiftool -GPSLatitude -GPSLongitude -GPSAltitude image.jpg ``` ```bash # Batch process directory of images exiftool -r /path/to/images/ -csv > results/all_metadata.csv ``` -------------------------------- ### Censys Certificate Search by Domain Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches Censys for certificates related to a given domain name. ```bash python3 tools/censys.py --cert example.com ``` -------------------------------- ### Maigret Advanced Username OSINT Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Extends username search with deeper profiling, extracting profile metadata and personal information. Supports HTML reports and proxy usage for anonymity. Use --all-sites for a full search. ```bash # Full site search with all available sources maigret johndoe --all-sites # Generate HTML report maigret johndoe --html --folderoutput reports/johndoe/ # Search with proxy for anonymity maigret johndoe --proxy socks5://127.0.0.1:9050 --all-sites # Expected output: # [+] Searching for johndoe across 2500+ sites... # [+] Twitter: https://twitter.com/johndoe # Followers: 1234, Joined: 2015 # [+] GitHub: https://github.com/johndoe # Public repos: 42, Stars: 150 # [+] Found on 47 sites total # [+] Report: reports/johndoe/johndoe.html ``` -------------------------------- ### Holehe Email Service Registration Check Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Check which services an email address is registered with by probing registration and password-reset endpoints. Supports CSV output with the --csv flag. ```bash # Check email registrations holehe target@email.com # Output to CSV holehe target@email.com --csv output.csv # Expected output: # [+] target@email.com # [+] twitter.com - REGISTERED # [+] github.com - REGISTERED # [+] spotify.com - REGISTERED # [-] netflix.com - NOT REGISTERED # [+] adobe.com - REGISTERED # [*] Found on 12/80 checked services ``` -------------------------------- ### Company Reconnaissance Script Source: https://context7.com/panda1847/osint-recon-suite/llms.txt This script performs comprehensive intelligence gathering on a company, including registration data, domain infrastructure, employee lists, technology stack, and more. It produces a structured report. ```bash # Company intelligence gathering ./scripts/company_recon.sh "Example Corp" # Produces structured report covering: # - Corporate registration data # - Domain infrastructure and subdomains # - Employee list with roles (via LinkedIn scraping) # - Technology stack (web server, frameworks, CDN) # - IP ranges and ASN assignments # - Email format patterns (e.g., first.last@example.com) # - Known data breaches affecting the company ``` -------------------------------- ### Twint for Twitter/X Data Scraping Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Scrape Twitter/X data, including tweets, followers, and user metadata, without using the official API. Supports filtering by various criteria and outputting to CSV. ```bash # Collect all tweets from a user twint -u target_username --output results/tweets.csv --csv # Get followers list twint -u target_username --followers --output results/followers.txt # Search tweets with keywords twint -s "example.com" --since 2025-01-01 --output results/mentions.csv --csv # Geotagged tweets within radius twint -g "37.7749,-122.4194,10km" --since 2025-01-01 --output results/geo_tweets.csv --csv ``` -------------------------------- ### Subfinder Passive Subdomain Discovery Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Perform passive subdomain discovery for a target domain using Subfinder. Results are saved to a specified output file using the -o flag. ```bash # Passive subdomain discovery with subfinder subfinder -d example.com -o results/subdomains_subfinder.txt ``` -------------------------------- ### DNSDumpster Domain Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches for DNS records and related information for a given domain using DNSDumpster. ```bash python3 tools/dnsdumpster.py example.com ``` -------------------------------- ### TinEye Reverse Image Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Performs a reverse image search using TinEye for a local image file. ```bash python3 tools/tineye.py image.jpg ``` -------------------------------- ### Image GPS Coordinate Extraction Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Extracts GPS coordinates from image files that contain such metadata. ```bash python3 tools/image_gps.py image.jpg ``` -------------------------------- ### DarkSearch Dark Web Engine Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Queries the DarkSearch engine for information related to a given keyword on the dark web. ```bash python3 tools/darksearch.py "keyword" ``` -------------------------------- ### Nmap Port Scanning Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Performs a service version and script-based scan on a target IP address, saving results. ```bash nmap -sV -sC -oA scan_results 1.2.3.4 ``` -------------------------------- ### Nmap Full Port Scan Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Conducts a comprehensive scan of all ports on a target IP address with aggressive options and saves results. ```bash nmap -p- -A -oA full_scan 1.2.3.4 ``` -------------------------------- ### Facebook Profile OSINT Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Performs a graph search on Facebook to gather OSINT for a specified profile username. ```bash python3 tools/facebook_osint.py --profile username ``` -------------------------------- ### LinkedIn Employee Enumeration Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Enumerates employees associated with a given company name on LinkedIn. ```bash python3 tools/linkedin_employees.py "Company Name" ``` -------------------------------- ### Censys Certificate Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Searches Censys for certificates associated with a domain. ```bash python3 tools/censys_certs.py example.com ``` -------------------------------- ### Yandex Images Reverse Search Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Uses Yandex Images to perform a reverse image search on a local image file. ```bash python3 tools/yandex_images.py image.jpg ``` -------------------------------- ### OnionScan Service Scan Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Scans an onion service to gather information about its configuration and potential vulnerabilities. ```bash onionscan http://example.onion ``` -------------------------------- ### Sherlock Username Search Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Find a username across 400+ social platforms simultaneously. Results can be exported to a text file. Use the --output flag to save results. ```bash # Basic username search sherlock johndoe # Export results to file sherlock johndoe --output results/johndoe_accounts.txt # Search multiple usernames sherlock johndoe janedoe --output results/ # Expected output: # [*] Checking username johndoe on: # [+] GitHub: https://github.com/johndoe # [+] Twitter: https://twitter.com/johndoe # [+] Instagram: https://instagram.com/johndoe # [-] Facebook: Not Found # [+] Reddit: https://reddit.com/user/johndoe # [*] Results saved to: results/johndoe_accounts.txt ``` -------------------------------- ### Check Emails in Data Breaches with h8mail Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Query the h8mail tool to check if a target email address appears in known data breaches. Supports single email checks and bulk processing from a file. ```bash # Check emails in data breaches h8mail -t target@email.com # Bulk check h8mail -t emails.txt ``` -------------------------------- ### Passive Reconnaissance Script Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Executes passive reconnaissance techniques to gather information about a target domain without direct interaction. ```bash ./scripts/passive_recon.sh target.com ``` -------------------------------- ### Active Reconnaissance Script Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Performs active reconnaissance by directly interacting with target systems to gather intelligence. ```bash ./scripts/active_recon.sh target.com ``` -------------------------------- ### Censys IP Lookup Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Performs an IP address lookup on Censys to gather network information. ```bash python3 tools/censys.py --ip 1.2.3.4 ``` -------------------------------- ### Route OSINT Tool Traffic Through Tor Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Anonymize OSINT tool traffic by routing it through Tor using `torsocks`. This ensures reconnaissance traffic cannot be traced back to the investigator's IP address. Applicable to any Python-based tool. ```bash # Route any tool through Tor torsocks python3 tools/shodan_search.py --ip 1.2.3.4 ``` ```bash torsocks python3 tools/ahmia_search.py "search term" ``` -------------------------------- ### h8mail Email Breach Check Source: https://context7.com/panda1847/osint-recon-suite/llms.txt Check email addresses against data breach databases and paste sites. Supports single email checks, bulk checks from a file, and using a local breach database with the -bc flag. ```bash # Single email breach check h8mail -t target@email.com # Bulk email check from file h8mail -t emails.txt # Use local breach database h8mail -t target@email.com -bc /path/to/breach_data/ # Expected output: # [>] target@email.com # [>>] Found in 3 breaches: # LinkedIn (2021) - email, password_hash, name # Adobe (2013) - email, password_hash, username # Collection1 (2019) - email, password ``` -------------------------------- ### TweetScraper Twitter/X OSINT Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Employs TweetScraper to collect OSINT data related to a Twitter/X username. ```bash python3 tools/tweetscraper.py username ``` -------------------------------- ### Osintgram Instagram OSINT Source: https://github.com/panda1847/osint-recon-suite/blob/main/README.md Utilizes Osintgram to gather OSINT information for a specified Instagram username. ```bash python3 tools/Osintgram/main.py username ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.