‹ 首页

offensive-osint

@snailsploit · 收录于 1 周前 · 上游提交 2 个月前

Comprehensive OSINT methodology skill for offensive security, red team intelligence gathering, and bug bounty reconnaissance. Covers domain recon, email harvesting, social media profiling, GitHub/code leaks, Shodan/Censys enumeration, breach data lookup, employee profiling, infrastructure mapping, cryptocurrency tracing, geospatial intelligence, and AI-assisted analysis workflows. Use when performing reconnaissance against a target domain or organization, investigating a person or entity, tracing cryptocurrency flows, geolocating images or events, or building an attack-surface map.

适合你,如果需要进行安全侦察或情报收集

/ 下载安装
offensive-osint.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add snailsploit/claude-red/offensive-osint
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- snailsploit/claude-red/offensive-osint
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify snailsploit/claude-red/offensive-osint
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
2669GitHub stars
~4.8K上下文体积 · 单文件
镜像托管

怎么用

商店整理自技能原文 · 版本 aeb41ec · 表述以原文为准
它做什么

装上后,Claude 会按照一套 OSINT 方法论,帮你收集目标域名、组织、人员、加密货币或地理信息。它会推荐工具、记录发现并建议下一步。

什么时候触发

当你需要对一个目标(如域名、组织、个人、加密货币地址或地理事件)进行侦察时触发。

装好后可以这样说
Claude 会推荐子域名和邮箱收集工具。
Claude 会推荐区块链浏览器和分析工具。
Claude 会推荐反向图片搜索工具。
技能原文 SKILL.md作者撰写 · MIT · aeb41ec

Offensive OSINT Methodology

Workflow
  1. Define target scope (domain, org, person, crypto address, or geo subject)
  2. Select applicable categories below based on scope
  3. Work top-down within each category; pivot on discovered artifacts
  4. Archive every key artifact: URL + timestamp + screenshot (PNG) + hash (SHA-256)
  5. Log findings in JSONL with a run_id and tool versions for reproducibility
  6. Suggest next steps based on what each tool returns

General OSINT
Search Engines

| Tool | Notes | |------|-------| | Carrot2 | Clusters results by topic | | etools | Metasearch engine | | Kagi | Privacy-first, non-personalized results | | Brave Search | Independent index; Goggles for custom ranking | | PDF Search | Search PDF files and view table of contents | | Google Fact Check Explorer | Cross-site fact-check search |


Username & Email Investigation

| Tool | Purpose | |------|---------| | Sherlock | Username search across social networks | | Maigret | Collect profiles by username from many sites | | What's My Name | Username search across platforms | | Holehe | Check if email is registered on platforms | | Epieos | Email address pivots and metadata | | OSINT Industries | Email/username/phone lookups | | Hunter.io | Find email addresses for a domain | | EmailRep | Email reputation and associated data | | Emailable | Verify email existence | | Mugetsu | X/Twitter username history | | RocketReach / Apollo | Email enrichment and pattern guessing | | PhoneInfoga | Phone number intelligence framework |

Browser extensions: GetProspect, SignalHire


People Search

Phone Number OSINT

Social Media

| Platform | Tool | |----------|------| | Instagram | Picuki — view profiles without account | | X/Twitter | snscrape — preferred CLI scraper; use Twint only as fallback | | Facebook | Graph Search, sowsearch.info, lookup-id.com, whopostedwhat.com | | Facebook (research) | Meta Content Library — CrowdTangle successor (researcher-gated) | | YouTube/Twitch | Social Blade — analytics | | TikTok | Tokboard — trend and profile analytics | | Reddit | Reveddit — removed content; RedTrack.social — user history | | Bluesky | Firesky — real-time firehose; SkyView — follower graphs | | Mastodon | FediSearch — cross-instance search; Fedifinder — find Twitter users on Mastodon | | Faces | Search4Faces |


Public Records & Company Information
RU/CN Registries

Russia: Rusprofile, Kontur.Focus (freemium), zakupki.gov.ru (procurement), EGRUL/EGRIP (official, captcha-gated)

China: GSXT (National Enterprise Credit), Qichacha/Tianyancha (freemium), MIIT ICP/Beian (ICP filings)

Sanctions & Compliance

Breach & Leak Data

Infrastructure & Attack-Surface OSINT
ASN/BGP & Internet Measurement
Certificates & CT Monitoring
  • crt.sh — Search Certificate Transparency logs
  • Censys Certificates — CT and x509 attribute pivots
  • CertStream — Real-time CT feed via WebSocket
  • Rapid7 Open Data — Sonar DNS/HTTP/SSL datasets
  • Cert Spotter [Freemium] — CT monitoring and alerts
  • Favicon hash (mmh3): cluster infrastructure; pair with Shodan/Censys favicon search

Threat Intel & IOCs
Malware Analysis & Sandboxes

Cryptocurrency OSINT
Blockchain Explorers

| Chain | Explorer | |-------|---------| | Bitcoin | Blockchain.com, Blockchair | | Ethereum | Etherscan | | BNB Chain | BSCScan | | Polygon PoS | PolygonScan | | Solana | Solscan | | Multi-chain | OKLink [Freemium], Cielo |

L2 Explorers: Arbiscan, Optimistic Etherscan, BaseScan, zkSync Era, L2Beat (risk/TVL comparison)

Transaction Tracking & Analytics
NFT & Exchange Intelligence
Bridge Monitoring

Media Intelligence
Reverse Image & Facial Search
Image Forensics
Video Analysis
Browser Extensions for Media

Geospatial Intelligence
Satellite Imagery & Mapping
Geolocation Tools

Street View: Google Street View, Apple Maps, Yandex Maps, Baidu Maps

Flight OSINT
Maritime OSINT

AI-Assisted OSINT
Warning: Never paste PII, sensitive IOCs, or unique pivots into cloud LLMs. They log inputs and may use them for training. Use local models (Ollama, LM Studio) for sensitive analysis.

| Tool | Strength | |------|---------| | ChatGPT (paid) | Log parsing, dataset analysis, Code Interpreter for CSVs/JSON, GPT-4 Vision for image OCR | | Claude (paid) | 200K token context for large document dumps and report synthesis | | Gemini 1.5 Pro | 2M token context; Deep Research mode with citations | | Perplexity Pro (paid) | Real-time web search + reasoning; multi-query synthesis |

Local/privacy-preserving: Ollama (Llama 3, Mistral), LM Studio, GPT4All

Commercial AI OSINT Platforms
Deepfake & Synthetic Media Detection

Archiving & Evidence Preservation
  • archive.today — One-page content archiver with screenshot
  • URLScan.io — On-demand webpage scan with resource map
  • ArchiveBox — Self-hosted archiving (HTML, PDF, screenshots, media)
  • Hunchly — Evidence capture for investigators (paid)
  • Wayback SavePageNow API v3 — On-demand archiving with job IDs
  • SingleFileZ — Browser extension for offline HTML archives
  • Kasm Workspaces — Containerized OSINT workspace/browser isolation

Evidence handling:

  • Capture: URL + timestamp + PNG screenshot + WARC/SingleFileZ archive
  • Hash all downloaded files (SHA-256) and record in case notes
  • Separate work profiles/containers per case; store evidence read-only
  • Use JSONL (NDJSON) logs with run_id and tool versions for reproducibility

Automation & Workflows
  • n8n — Self-hosted workflow automation (e.g., RSS → scrape → alert pipelines)
  • Huginn — Agent-based monitoring, scraping, alerting
  • Playwright — Headless browser automation with stealth plugins
  • Browsertrix Crawler — Archival crawling with WARC export
  • Prefect / Apache Airflow — Workflow orchestration for data pipelines

Regional Search Engines

Telegram & Messaging Intelligence
  • TGStat — Channel analytics and search
  • Telemetr — Channel growth, overlaps, forwards
  • Combot — Group analytics (partially paid)
  • TelegramDB Search Bot — Basic Telegram OSINT
  • Discord ID — Basic Discord account information
  • Sogou Weixin search — WeChat Official Accounts content search
  • View public Telegram channels: https://t.me/s/<channel>
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。