Digital developer resource

OSINT Agent

Passive OSINT reconnaissance CLI powered by an AI agent for authorized security research. It selects public-source tools, connects findings, and produces structured Markdown reports.

OSINT Agent resource preview using the project ASCII cover image

Features

  • AI-guided passive reconnaissance workflow
  • Supports domains, IPs, emails, people, usernames, and companies
  • Produces structured Markdown investigation reports
  • Built for authorized security research and attack surface mapping
  • Designed around public sources without exploitation or active port scanning

Resource Details

OSINT Agent is a passive reconnaissance CLI that uses an AI agent to select public-source investigation tools, connect findings, and produce structured Markdown reports for authorized security research.

What it does

Instead of manually chaining OSINT commands, the operator provides a target such as a domain, IP address, email, person, username, or company. The agent decides which public-source tools to run, when to stop, and how to summarize the evidence into a coherent report.

Core capabilities

  • AI-guided workflow using a LangGraph ReAct loop with DeepSeek-compatible chat models.
  • 26 passive tools covering WHOIS, DNS records, certificate transparency, Shodan InternetDB, BGPView ASN data, Wayback Machine, GitHub recon, username enumeration, TLS certificate inspection, HTTP headers, robots.txt, metadata extraction, email validation, Gravatar lookup, contact extraction, and passive port/CVE lookups.
  • Browser automation with Playwright for public search and page navigation, with responsible controls for robots.txt, request delay, User-Agent, scan profiles, and optional authorized stealth mode.
  • Modular CLI with targeted groups such as dns, whois, ip, web, email, social, and archive.
  • Rich terminal output, bilingual English/Spanish reports, report Q&A, defensive attack-surface review, and Docker support.

Technical stack

Python 3.10+, LangGraph, LangChain, DeepSeek API, Playwright Chromium, Rich, python-whois, requests, Docker, pytest, and Markdown reporting.

Security positioning

The project is intentionally passive: it collects publicly available information only and avoids exploitation, intrusion, and active port scanning. It is built for lawful, authorized research, defensive assessments, education, and security workflow automation.

What it demonstrates

This project demonstrates agentic security tooling, practical OSINT methodology, responsible-use controls, CLI product design, Dockerized delivery, and structured evidence reporting for cybersecurity workflows.

Documentation

How to use this resource

Review the OSINT Agent project as a reference implementation for passive reconnaissance workflows. Use it only against assets you own or where you have explicit authorization.

Project source

GitHub repository: https://github.com/giovanniromero-dev/osint-agent

Security note

This resource is intended for responsible security research, asset discovery, and defensive attack surface mapping.

FAQ

What is OSINT Agent?

OSINT Agent is a passive reconnaissance CLI that uses an AI agent to select public-source investigation steps and produce structured reports for authorized security research.

Does OSINT Agent perform active scanning?

No. The project is designed around passive public-source reconnaissance and avoids exploitation or active port scanning.

Who is this resource for?

It is for security researchers, developers, and teams that need a reference workflow for responsible OSINT and external attack surface discovery.

Need this applied?

Want me to run this against your application?

I can audit your web application, API, or codebase against this checklist and deliver a prioritized findings report with remediation guidance.