Ruyynn | OSINT & PentestingHey infosec folks 👋
I’ve been working on **GhostIntel** — a free, open-source OSINT & threat-intelligence CLI framework written in Python.
MIT licensed — fork it, modify it, integrate it into your workflow.
The idea was simple: during investigations I kept jumping between multiple OSINT sites and tools, so I started building a CLI that could enrich indicators directly from the terminal.
Drop almost anything into GhostIntel and it will try to figure it out automatically:
→ username · email · phone · domain · IP
What it can do right now:
👤 Username → checks 100+ platforms in parallel
📱 Phone → carrier + region intelligence (ID · US · UK · MY · IN)
📧 Email → MX · SPF · DMARC · Gravatar · disposable detection
🌐 Domain → DNS records + HTTP status inspection
🌍 IP → geolocation · reverse DNS · RDAP (ARIN · RIPE · APNIC · LACNIC · AFRINIC) · proxy detection
📊 Reports → export investigation results to JSON · HTML · TXT
Async-powered so lookups can run concurrently.
No API keys required.
No configuration needed.
Everything uses publicly available OSINT sources.
Built from Indonesia 🇮🇩 for the global OSINT / infosec community.
If anyone here works in:
• threat intelligence
• OSINT investigations
• SOC / DFIR
• bug bounty research
I’d genuinely appreciate your feedback.
→ What sources should be added?
→ What would improve your investigation workflow?
→ Anything broken or behaving weirdly?
Suggestions, criticism, and PRs are all welcome.
GitHub - ruyynn/GhostIntel: GhostIntel is a Python-based OSINT framework for digital investigation using public data such as username, email, domain, IP address, and phone number.
GhostIntel is a Python-based OSINT framework for digital investigation using public data such as username, email, domain, IP address, and phone number. - ruyynn/GhostIntel