OSINT tools and more but without API key
Metabigor - OSINT power without API key hassle
What is Metabigor?
Metabigor is Intelligence tool, its goal is to do OSINT tasks and more but without any API key.
Features
- Network Discovery - Find IP ranges (CIDRs) from ASN, organization, domain, or IP address
- Certificate Transparency - Discover subdomains via crt.sh certificate logs
- IP Enrichment - Get port, service, and vulnerability data via Shodan InternetDB (free, no API key)
- GitHub Code Search - Find secrets, credentials, and subdomains in public repositories via grep.app
- IP Clustering - Group IPs by ASN for infrastructure mapping
- Related Domains - Discover related domains via certificate logs, reverse WHOIS, and analytics tracking
- CDN/WAF Detection - Identify if IPs are behind CDN or WAF providers
Installation
Pre-built Binaries
You can download pre-built binaries for your platform from the releases page. Choose the appropriate binary for your operating system and architecture, download it, and place it in your PATH.
Build from repository
git clone https://github.com/j3ssie/metabigor.git
cd metabigor
make build
binary at ./bin/metabigor
Commands
net โ Network Discovery
Discover CIDRs and network ranges for an ASN, IP, domain, or organization. Auto-detects input type.
# Find CIDRs for an ASN
echo "AS13335" | metabigor net
metabigor net --input AS13335
Lookup which ASN owns an IP
echo "1.1.1.1" | metabigor net --ip
Find CIDRs associated with a domain
echo "cloudflare.com" | metabigor net --domain
Search by organization name
echo "Cloudflare" | metabigor net --org
Use live online sources instead of local DB
echo "AS13335" | metabigor net --dynamic
Batch input from file
metabigor net -I asn-list.txt -o results.txt
Force input type with override flags
echo "13335" | metabigor net --asn
cert โ Certificate Transparency Search
Query crt.sh for domains and certificates.
# Find domains in certificate transparency logs
echo "hackerone.com" | metabigor cert
Search by organization name
echo "HackerOne Inc" | metabigor cert
Strip wildcard prefixes (*.) from results
echo "example.com" | metabigor cert --clean
Show only wildcard entries
echo "example.com" | metabigor cert --wildcard
JSON output
echo "example.com" | metabigor cert --json
Save to file
echo "example.com" | metabigor cert --clean -o domains.txt
ip โ IP Enrichment (Shodan InternetDB)
Query Shodan's free InternetDB API for open ports, hostnames, vulnerabilities, and tags.
# Lookup a single IP
echo "1.1.1.1" | metabigor ip
Scan a CIDR range (auto-expands)
echo "1.1.1.0/28" | metabigor ip
Flat IP:PORT output (useful for piping to other tools)
echo "1.1.1.0/28" | metabigor ip --flat
CSV output
echo "1.1.1.0/28" | metabigor ip --csv
JSON output
echo "1.1.1.1" | metabigor ip --json
Bulk scan from file with higher concurrency
metabigor ip -I ips.txt -c 20 --flat -o open-ports.txt
github โ Code Search (grep.app)
Search public GitHub code via grep.app.
# Search for a domain in code
echo "hackerone.com" | metabigor github
Search for API keys or secrets patterns
echo "AKIA" | metabigor github
Paginate results
echo "example.com" | metabigor github --page 2
JSON output with repo, path, snippet
echo "example.com" | metabigor github --json
Save results
echo "target.com" | metabigor github -o github-results.txt
ipc โ IP Clustering
Group a list of IPs by ASN using the local database. Useful for understanding the infrastructure behind a set of IPs.
# Cluster IPs from stdin
cat ips.txt | metabigor ipc
JSON output with full details
cat ips.txt | metabigor ipc --json
From file
metabigor ipc -I ips.txt -o clusters.txt
related โ Related Domain Discovery
Find domains related to a target via multiple OSINT sources.
# Use all sources (crt.sh, WHOIS, analytics)
echo "hackerone.com" | metabigor related
Certificate transparency only
echo "hackerone.com" | metabigor related -s crt
Reverse WHOIS via viewdns.info
echo "hackerone.com" | metabigor related -s whois
Google Analytics / GTM correlation
echo "hackerone.com" | metabigor related -s ua
Save results
echo "target.com" | metabigor related -o related-domains.txt
cdn โ CDN/WAF Detection
Check if IPs belong to CDN or WAF providers. Shows vendor and type by default.
# Check if IP is behind CDN/WAF (shows vendor and type)
echo "1.1.1.1" | metabigor cdn
Check multiple IPs from file
cat ips.txt | metabigor cdn
Strip CDN/WAF IPs from output (show only non-CDN IPs)
cat ips.txt | metabigor cdn --strip-cdn
JSON output with full details
echo "1.1.1.1" | metabigor cdn --json
Find origin servers (non-CDN IPs only)
cat ips.txt | metabigor cdn --strip-cdn -o origin-ips.txt
Pipeline: Resolve domains then check for CDN
cat domains.txt | dnsx -silent -resp-only | metabigor cdn
update โ Update ASN Database
metabigor update
Painless integrate Metabigor into your recon workflow?
This project was part of Osmedeus Engine. Check out how it was integrated at @OsmedeusEngine
Credits
๐ Data Sources
- Local Database - IP-to-ASN and IP-to-Country mappings (2M+ entries)
- crt.sh - Certificate Transparency logs
- Shodan InternetDB - Free IP enrichment API
- grep.app - GitHub code search
- bgp.he.net - Live BGP routing data
- viewdns.info - Reverse WHOIS lookups
- builtwith.com - Analytics tracking correlation
- projectdiscovery/cdncheck - CDN/WAF detection library
Disclaimer
This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only.
License
Metabigor is made with โฅ by @j3ssie and it is released under the MIT license.

