This is a combined tool for Osint. It can be used in both GUI and CLI mode.

• It checks given username & find out sevral websites where the same username exist.

1. It find out other websites where the given email is registerd or used.
2. Checks for data breaches where the given is present and give detailed information about data breach.
3. If the given email is gmail then it gives information about that google account. Including name, photo and google map reviews.

• It gives you owner name, carrier info and city or state name of given phone number. (As of now it only works for indian phone numbers.)

1. First it gives basic info realted to given website. Like ip, serever address & ISP info.
2. Then it gets whois information of given domain.
3. It gets subdomains of given domain.
4. It scan for reverse ip for getting other domains on the same server.

1. Python3 must be installed on your system.
2. Git clone this repo or download the zip and extract it in a folder. git clone https://github.com/R4JVE3R/OsintTool.git
3. Install the requirements. For that go to OsintTool folder and run this command. pip install -r requirements.txt

• Goto OsintTool folder, open .env file and edit environment variable's values accordingly.

1. HIBP_KEY is a Have I Been Pwned API Key. It is used to fetch data breaches of the email. You can get this api key from here. It will cost 3.5$ for a month. If you dont have this API key, leave HIBP_KEY empty and email breach module will be skipped.

2. G_COOKIE, HANGOUTS_Authorization, HANGOUTS_KEY, GDRIVE_Authorization and GDRIVE_KEY are required to get google info of the given email. To get these values, follow below steps.

   • G_COOKIE is combined of 3 cookies values __Secure-1PSID, __Secure-3PSID and __Secure-3PAPISID.
     • Open mail.google.com or myaccount.google.com, open inspect element and go to storage tab. Copy these 3 cookie's values, combine them like __Secure-1PSID=whatever;__Secure-3PSID=whatever;__Secure-3PAPISID=whatever; and set this as G_COOKIE's value.
   • For HANGOUTS_Authorization and HANGOUTS_KEY, open hangouts.google.com, open network tab of the browser and search for people-pa.clients6.google.com domain. There will be one post request, key parameter is our HANGOUTS_KEY. So copy that value and paste it as HANGOUTS_KEY's value. Scroll down to request headers and you will find Authorization header. Copy it's value and paste it as HANGOUTS_Authorization's value.
   • For GDRIVE_Authorization and GDRIVE_KEY, open drive.google.com, open network tab of the browser and search for people-pa.clients6.google.com domain. There will be one post request, key parameter is our GDRIVE_KEY. So copy that value and paste it as GDRIVE_KEY's value. Scroll down to request headers and you will find Authorization header. Copy it's value and paste it as GDRIVE_Authorization's value.

3. TRUECALLER_AUTH is an Authorization Bearer of truecaller. It is used to retrive the data of given phone number from truecaller. To get this, you need to have trucaller app installed on your device, login to the app, intercept any request and you will find Authorization header in the request. Copy the Authorizarion Bearer and paste it here.

4. WHOIS_KEY is an IP2WHOIS API key. It is used to get whois data of the given domain. It is free, you can get this API key from here.

5. SECURITYTRAILS_KEY is a SecurityTrails API Key. It is used to get subdomains of the given domain. It is also free, you can get this API Key from here.

1. To use it in CLI mode. You can run python OsintTool.py -h command to see help.
   • There are 4 flags available for different 4 modules. Examples are given below.
     1. Username lookup: python OsintTool.py -u example
     2. Email lookup: python OsintTool.py -e [email protected]
     3. Phone lookup: python OsintTool.py -p 1234567890
     4. Website lookup: python OsintTool.py -w google.com
2. To use it in GUI mode.
   • Run server.py python server.py
   • Navigate to http://127.0.0.1:5000 to access GUI mode.

1. Sherlock - For username lookup, I have used sherlock and modified it according to my requirements.
2. Holehe - In email lookup, to check whether the given email is used to different websites, I have used holehe and modified it according to my requirements.