OSINT-Agent

A blueprint for an automated intelligence platform & a curated list of OSINT tools for the community.

About This Project

This project serves a dual purpose: it outlines a conceptual framework for an automated OSINT agent and provides a practical, searchable toolkit for investigators, researchers, and hobbyists.

Conceptual Blueprint

The "OSINT-Agent" is a design for an automated system that uses specialized 'agents' to gather and analyze data from open sources. The core idea is to move from manual data collection to automated insight generation using a graph-based model. The technical sections below detail this architecture.

Interactive Toolkit

The OSINT Toolkit is a comprehensive, categorized list of over 400 valuable resources. It's designed to be a living repository that you can use right now. You can find it at the bottom of the page or use the navigation link.

Educational & Ethical Use

This entire project is for educational and research purposes. It demonstrates what is possible with publicly available information while stressing the importance of legal compliance, ethical boundaries, and strong operational security (OPSEC).

Architectural Blueprint

A dual-component architecture separates strategic control from tactical execution. The central Orchestrator Agent acts as the "brain," managing investigations, while specialized Selector-Specific Agents (e.g., phone_agent, email_agent) perform focused tasks.

Orchestrator-Agent Model

The system is built on a modular model. A central Orchestrator manages the overall investigation, dispatching tasks to specialized Selector Agents. Each agent is an expert in a specific data type, like phone numbers, emails, or usernames.

Iterative Data Flow

The system employs a closed-loop, iterative process. The Orchestrator dispatches tasks, aggregates results, identifies new selectors (leads), and generates new tasks, automatically deepening the investigation with each cycle.

The Intelligence Graph

A graph database (like Neo4j) is used to model the complex web of relationships between entities. This structure allows for powerful analytical queries to uncover non-obvious connections, moving beyond simple data collection to automated insight generation.

Automated Analysis & Reporting

The platform moves beyond data collection to automated analysis, assigning risk scores and generating comprehensive reports.

Heuristic Engine

A rules-based engine codifies investigative intuition. It scans the Intelligence Graph for "red flags" like geographical deception (U.S. VoIP number + Nigerian mobile number) or suspicious alias associations (name linked to public financial crimes).

"Scam Likelihood" Score

A weighted scoring model calculates risk. Correlated flags (e.g., VoIP number AND high-risk country code) receive a significantly higher score than the sum of their individual parts, providing a more accurate assessment of intent.

Dynamic Report Generation

The system synthesizes all findings into a structured report, including an executive summary, a breakdown of red flags, detailed raw data, a graph visualization of connections, and a complete audit trail of the investigation.

Legal, Ethical & OPSEC Framework

The platform is built on a foundation of responsible use, incorporating legal compliance, ethical boundaries, and robust operational security.

Legal Landscape

The system is designed to strictly use publicly available information. Agents respect platform Terms of Service with rate-limiting, and all data is sourced to ensure provenance for legal justification.

Ethical Boundaries

A "case management" paradigm isolates investigation data. Automated data retention and destruction policies are implemented to avoid indefinite storage of sensitive personal information, adhering to the principle of data minimization.

Operational Security (OPSEC)

All system traffic is anonymized via VPN or Tor. The system is aware of "contributory" tools that might alert a target. Containerization (Docker) sandboxes each component, enhancing security and preventing system-wide compromise.

Tooling & Integration

Agents are programmed with investigative tradecraft, prioritizing tools with APIs or CLI access and classifying them by their operational security (OPSEC) risk.

Example Investigation Flow

1. Ingestion: User inputs initial selectors (name, phone numbers).

2. Tasking (Cycle 1): Orchestrator creates and dispatches tasks to name_agent and phone_agent.

3. Execution: Agents run pre-defined tool sequences concurrently.

4. Aggregation: Agents return structured data (e.g., VoIP status, country code, potential email).

5. Analysis & New Tasking (Cycle 2): Orchestrator finds new selector (email) and dispatches task to email_agent.

6. Deeper Digging: email_agent finds associated username from data breach check.

7. Final Tasking (Cycle 3): Investigation cycle completes. Orchestrator synthesizes all data from the Intelligence Graph into a final report.

Automation Feasibility Matrix

Tool Name	Function	Selector Type	OPSEC Risk
OSINT Industries	Comprehensive Profile	Phone, Email, User	Passive
Epieos	Reverse Lookup	Phone, Email	Passive
IPQS	Phone Validation	Phone	Passive
Truecaller	Reverse Phone Lookup	Phone	Contributory
HaveIBeenPwned	Data Breach Check	Email	Passive
WhatsMyName	Username Search	Username	Passive
Google Dorking	General Search	All	Passive

OSINT Toolkit

An extensive, categorized list of OSINT tools for various investigative needs. Use the search bar to filter tools by name or category.

No tools found matching your search.