Self-hosted OSINT dashboard: 400+ keyless recon tools, a live 3D threat globe, and batch/case investigation workflows, no API keys required.
A self-hosted OSINT dashboard exposing 438 keyless investigation tools through a single-file Python server and a dependency-free web UI.
Every tool relies only on free, public data sources โ no API keys, no accounts, no telemetry.
### โ ๏ธ Legal & responsible use
This project is for **authorized security research, education, and defensive
investigation only**. You are responsible for complying with all applicable laws
and for having explicit permission before investigating any target. The tools query
public data sources and perform read-only lookups; do not use them to harass,
stalk, or gain unauthorized access. See SECURITY.md for the full
responsible-use policy.
Highlights
- 438 keyless tools spanning network, domain, email, identity, phone, image,
- Interactive 3D globe (via globe.gl) with live overlays:
- Investigation workflow โ group results into named cases, pivot across related
- Zero heavy dependencies โ the backend is the Python standard library plus
requests; the frontend is vanilla JavaScript with no build step.
- Local-first โ history, stats, favorites, and cases persist to plain JSON on
Quick start
Requires Python 3.10+.
git clone https://github.com/RojanSapkota/OSINT-Terminal.git
cd OSINT-Terminal
pip install -r requirements.txt
python server.py
Then open
On Windows the commands are identical from PowerShell or cmd; use py instead of python if that is how Python is registered on your system.
Verify the install without starting the server:
python server.py --selftest
-> SELFTEST OK (438 tools registered)
Run with Docker
docker build -t osint-terminal .
docker run --rm -p 8080:8080 -v "$(pwd)/data:/app/data" osint-terminal
The -v mount persists the result cache, history, and stats across container restarts. Set a different port with -e PORT=9000 -p 9000:9000.
Configuration
The server reads two optional environment variables:
| Variable | Default | Purpose | |-------------|---------|------------------------------------| | PORT | 8080 | HTTP port to bind. | | CACHE_TTL | 3600 | Result-cache lifetime, in seconds. |
PORT=9000 CACHE_TTL=600 python server.py
Every tool works with no API key, account, or token โ there is nothing to configure before running.
Dependencies
| Package | Required | Enables | |-----------------|----------|-------------------------------------------| | requests | yes | HTTP-based lookups (most tools). | | Pillow | optional | Image EXIF / GPS / perceptual-hash tools. | | phonenumbers | optional | Richer offline phone-number parsing. |
Tools whose optional dependency is missing degrade gracefully โ they return an explanatory message instead of failing.
API
The server is a thin JSON API over the tool registry in osint.py.
| Method | Endpoint | Description | |---------------|---------------------------------|----------------------------------------------| | GET | /api/tools | Tool registry metadata (label, accepts, desc)| | GET | /api/run/<tool>?q=<input> | Run a single tool and return its JSON result | | GET/POST | /api/batch | Run many {tool, query} pairs in parallel | | GET | /api/history | Recent queries | | DELETE | /api/history | Clear history | | GET | /api/stats | Per-tool usage and latency stats | | GET | /api/favorites | List / add / remove favorite tools | | GET | /api/export?format=csv\|json | Export history | | GET | /api/cases | List saved cases | | GET/POST/DELETE | /api/cases/<name> | Read / append-to / delete a case | | GET | /api/health[?force=1] | Smoke-test tools against known fixtures | | GET | /api/threat?q=<ioc> | Check an IP/URL/hash against IOC blocklists | | GET | /api/threat-feed | Geo-resolved C2 points for the globe | | GET | /api/cache/stats | Result-cache size and TTL | | GET | /api/cache/clear | Clear the result cache |
Example:
curl "http://localhost:8080/api/run/dns?q=example.com"
curl "http://localhost:8080/api/run/ipgeo?q=8.8.8.8"
curl -X POST "http://localhost:8080/api/batch" \
-H "Content-Type: application/json" \
-d '{"queries":[{"tool":"dns","query":"example.com"},{"tool":"tls","query":"example.com"}]}'
Tool categories
All 438 tools are keyless and grouped by the indicator type they accept. The UI auto-detects the input type (IP, domain, email, phone, coordinates, hash, and 25+ others) and filters the sidebar accordingly.
| Category | Example tools | |-----------------|---------------------------------------------------------------------| | IP / Network | IP geolocation, ASN/BGP, reverse DNS, port scan, Tor-exit check | | Domain / Web | DNS, WHOIS/RDAP, subdomains, TLS certs, security headers, tech stack| | Email | MX/SPF/DMARC posture, Gravatar, disposable detection, breach lookup | | Identity | Username hunting, GitHub/GitLab, Bluesky, Keybase, HackerNews | | Phone | E.164 parsing, carrier, region, timezone (offline) | | Image | EXIF, GPS extraction, perceptual hashing | | Crypto | BTC/ETH address & transaction lookups, wallet validation | | Threat intel | IOC reputation, CVE detail, MITRE ATT&CK, C2/malware feeds | | Academic | arXiv, PubMed, DBLP, Wikidata, ORCID | | Geo | Reverse geocode, sun times, earthquakes, ISS, flights | | Encoding | Base64/32, hex, morse, ROT-13, Caesar, JWT decode |
Browse the full registry at runtime via GET /api/tools or the sidebar.
Architecture
index.html Single-page dashboard โ vanilla JS/CSS, globe.gl loaded from CDN.
server.py Stdlib ThreadingHTTPServer: routing, caching, persistence, batch pool.
osint.py The tool registry โ 438 functions, each query -> dict, keyless sources.
- Backend:
http.server.ThreadingHTTPServerโ no Flask/Django. Responses are
- Concurrency: batch and health checks fan out over a
ThreadPoolExecutor. - Persistence: history, stats, favorites, and result cache live under
data/;
cases/. Both directories are created on first run and are
git-ignored so investigation data never gets committed.
See docs/ARCHITECTURE.md for a deeper walkthrough.
Contributing
Contributions are welcome โ new keyless tools especially. See CONTRIBUTING.md for the tool contract, coding conventions, and how to run the self-test. Please also read the Code of Conduct.
Security
To report a vulnerability or a tool that behaves unsafely, see SECURITY.md. Please do not open public issues for security reports.
License
Released under the MIT License.
Acknowledgements
Data is sourced from free, public providers including USGS, OpenSky Network, abuse.ch (Feodo Tracker, URLhaus, MalwareBazaar), crt.sh, RDAP registries, OpenStreetMap Nominatim, and many others. Please respect each provider's terms of use and rate limits.
Made with โค๏ธ for the OpenSource community