OSINT Agent

OSINT Agent is a passive reconnaissance CLI that uses an AI agent to select public-source investigation tools, connect findings, and produce structured Markdown reports for authorized security research.

What it does

Instead of manually chaining OSINT commands, the operator provides a target such as a domain, IP address, email, person, username, or company. The agent decides which public-source tools to run, when to stop, and how to summarize the evidence into a coherent report.

Core capabilities

• AI-guided workflow using a LangGraph ReAct loop with DeepSeek-compatible chat models.
• 26 passive tools covering WHOIS, DNS records, certificate transparency, Shodan InternetDB, BGPView ASN data, Wayback Machine, GitHub recon, username enumeration, TLS certificate inspection, HTTP headers, robots.txt, metadata extraction, email validation, Gravatar lookup, contact extraction, and passive port/CVE lookups.
• Browser automation with Playwright for public search and page navigation, with responsible controls for robots.txt, request delay, User-Agent, scan profiles, and optional authorized stealth mode.
• Modular CLI with targeted groups such as dns, whois, ip, web, email, social, and archive.
• Rich terminal output, bilingual English/Spanish reports, report Q&A, defensive attack-surface review, and Docker support.

Technical stack

Python 3.10+, LangGraph, LangChain, DeepSeek API, Playwright Chromium, Rich, python-whois, requests, Docker, pytest, and Markdown reporting.

Security positioning

The project is intentionally passive: it collects publicly available information only and avoids exploitation, intrusion, and active port scanning. It is built for lawful, authorized research, defensive assessments, education, and security workflow automation.

What it demonstrates

This project demonstrates agentic security tooling, practical OSINT methodology, responsible-use controls, CLI product design, Dockerized delivery, and structured evidence reporting for cybersecurity workflows.