The most comprehensive, accessible, and powerful OSINT skill for AI agents.
Investigate people, domains, and organizations using only publicly available information.
π Quick Start β’
β¨ Features β’
π Commands β’
π Docs β’
π― Examples
---
π What Makes This Special
| π΄ Senior-Friendly |
π Beginner-Approved |
πΌ Professional-Grade |
| Your 65-year-old dad can use it |
Step-by-step wizards guide you |
40+ commands, risk scoring, reports |
### π― Three Ways to Investigate
```bash
# π’ THE EASY BUTTON - Run everything automatically
/full example.com
# π‘ GUIDED MODE - Step-by-step wizard
/wizard person
# π΅ POWER MODE - Granular control
/recon target β /pivot data β /risk-assessment
```
---
π Quick Start
### Installation
```bash
# Clone or download
# Extract to your AI agent's skills directory
# Start investigating immediately - no API keys needed!
```
### Your First Investigation
```bash
# π₯ The fastest way - everything at once
/full example.com
# π The easiest way - guided wizard
/wizard person
# π Get a simple, easy-to-understand report
/simple-report
```
---
β¨ Features
### ποΈ Core Infrastructure
| Feature | Description | Command |
|---------|-------------|---------|
| πΎ **Session Management** | Save/load investigations | `/save`, `/load`, `/list-saves` |
| π **Entity Tracking** | Versioned entities with relationships | Automatic |
| π **Evidence Chains** | Track how you know what you know | Automatic |
| β οΈ **Contradiction Detection** | Auto-flag conflicting info | Automatic |
### π§ Intelligence Engine
| Feature | Description | Command |
|---------|-------------|---------|
| π **Pattern Recognition** | Detect username obfuscation, temp emails | Automatic |
| π― **Auto-Correlation** | Smart pivot suggestions | `/pivot` |
| π **Risk Scoring** | 1-100 automated risk assessment | `/risk-assessment` |
| π **Historical Analysis** | Archive.org integration | `/history` |
### π Visualization & Reports
| Feature | Description | Command |
|---------|-------------|---------|
| π¨ **ASCII Graphics** | Entity graphs, timelines, heatmaps | `/visualize` |
| π± **Dashboard** | Real-time investigation overview | `/dashboard` |
| π **7 Report Formats** | Executive, Technical, Simple, Legal, etc. | `/report` |
| πΎ **Multi-Format Export** | JSON, CSV, IOC, GraphML | `/report json` |
### π§ Specialized Modules
| Module | Capabilities | Command |
|--------|--------------|---------|
| π **Document Intel** | EXIF, PDF metadata, redaction check | `/analyze-doc` |
| π **Geolocation** | GPS extraction, timezone analysis | Location detection |
| π **Breach Intel** | HaveIBeenPwned, paste site monitoring | `/breach-check` |
| πΈοΈ **Network Analysis** | Social graphs, connection mapping | `/visualize network` |
| π§ **Email Forensics** | Header analysis, SPF/DKIM check | `/analyze-email` |
### π― UX & Accessibility
| Feature | Description | Command |
|---------|-------------|---------|
| ποΈ **Progressive Disclosure** | Beginner/Intermediate/Expert modes | `/mode` |
| π **Templates** | Due diligence, background check, security audit | `/template` |
| π§ **Wizards** | Step-by-step guided workflows | `/wizard` |
| π **Glossary** | 100+ OSINT terms explained | `/glossary` |
| βΏ **Senior-Friendly** | Large text, patient explanations | `/accessibility` |
### β
Quality Assurance
| Feature | Description | Command |
|---------|-------------|---------|
| π **Coverage Analysis** | What you haven't checked yet | `/coverage` |
| π― **Gap Detection** | Missing investigation vectors | `/gaps` |
| β
**Source Verification** | Check if sources are still valid | `/verify-sources` |
| π **QA Scoring** | Investigation quality metrics | `/qa-check` |
---
π Command Reference
### π― Core Investigation
```
/full [target] # π Run EVERYTHING automatically
/recon [target] # Full reconnaissance pass
/dork [domain] # Security analysis with Google dorks
/pivot [data] # Follow a lead (email, username, phone)
/timeline [subject] # Build chronological history
```
### π Reporting
```
/report # Technical intelligence summary
/simple-report # Plain-language (8th grade level)
/report brief # One-page executive brief
/report json # JSON export
/report csv # CSV export
/report legal # Evidence-focused format
/report journalist # Source-citation heavy
```
### π§ Intelligence & Analysis
```
/risk-assessment # Generate risk profile (1-100)
/risk-trend # Show risk changes over time
/history [url] # View historical snapshots
/what-changed [url] # Compare versions
/breach-check [email]# Check breach databases
/leak-search [term] # Search paste sites
```
### π Visualization
```
/visualize entities # ASCII relationship graph
/visualize timeline # Gantt-style timeline
/visualize risk # Risk heatmap
/visualize network # Connection topology
/dashboard # Interactive overview
/stats # Investigation statistics
```
### π Specialized Analysis
```
/analyze-doc # Document metadata analysis
/compare-docs [f1] [f2] # Find differences
/redaction-check [pdf] # Verify redactions
/analyze-email # Email header analysis
```
### πΎ Session Management
```
/save [name] # Save investigation
/load [name] # Load investigation
/list-saves # Show saved investigations
/compare [s1] [s2] # Compare sessions
/status # Check operation status
/cancel # Stop current operation
```
### π UX & Accessibility
```
/mode beginner|expert # Set complexity level
/template list|run|create # Investigation templates
/wizard photo|domain|person # Guided workflows
/tutorial # First-time guide
/glossary # Term definitions
/accessibility # Accessibility options
/explain [finding] # Explain specific finding
```
### β
Quality Assurance
```
/qa-check # Quality assurance scoring
/coverage # Show investigation coverage
/gaps # Identify missing areas
/verify-sources # Check source validity
```
---
π Documentation
70+ files β’ 15,000+ lines β’ Complete coverage
### π Essential Reading
| π Document | π Description | π€ For |
|-------------|----------------|--------|
| [docs/OSINT-BEGINNER-GUIDE.md](docs/OSINT-BEGINNER-GUIDE.md) | Step-by-step tutorial | π’ Beginners |
| [docs/OSINT-v2.0-RELEASE-NOTES.md](docs/OSINT-v2.0-RELEASE-NOTES.md) | What's new in v2.0 | π΅ Everyone |
| [SKILL.md](SKILL.md) | Complete command reference | π΅ Everyone |
| [docs/advanced-user-guide.md](docs/advanced-user-guide.md) | Power user workflows | π΄ Experts |
| [docs/troubleshooting.md](docs/troubleshooting.md) | FAQ & solutions | π’ Beginners |
### ποΈ By Category
ποΈ Core Systems
- [core/entity-schema.json](core/entity-schema.json) - Entity data structure
- [core/entity-manager.md](core/entity-manager.md) - Entity management guide
- [core/state-manager.md](core/state-manager.md) - Session persistence
- [core/evidence-system.md](core/evidence-system.md) - Evidence tracking
- [core/contradiction-detection.md](core/contradiction-detection.md) - Conflict detection
π§ Intelligence Engine
- [intelligence/pattern-library.md](intelligence/pattern-library.md) - Pattern definitions
- [intelligence/anomaly-detector.md](intelligence/anomaly-detector.md) - Anomaly detection
- [intelligence/risk-framework.md](intelligence/risk-framework.md) - Risk assessment
- [intelligence/scoring-algorithm.md](intelligence/scoring-algorithm.md) - Scoring formulas
- [intelligence/correlation-engine.md](intelligence/correlation-engine.md) - Auto-correlation
π Visualization & Reports
- [visualization/ascii-engine.md](visualization/ascii-engine.md) - ASCII graphics
- [visualization/dashboard.md](visualization/dashboard.md) - Dashboard design
- [reports/template-library.md](reports/template-library.md) - Report templates
- [reports/export-formats.md](reports/export-formats.md) - Export specifications
- [reports/citation-styles.md](reports/citation-styles.md) - Academic citations
π§ Specialized Modules
- [modules/document-intel.md](modules/document-intel.md) - Document forensics
- [modules/breach-intel.md](modules/breach-intel.md) - Breach detection
- [modules/geolocation.md](modules/geolocation.md) - Location analysis
- [modules/email-forensics.md](modules/email-forensics.md) - Email analysis
- [modules/network-analysis.md](modules/network-analysis.md) - Social graphs
π― UX & Accessibility
- [ux/complexity-levels.md](ux/complexity-levels.md) - Mode specifications
- [ux/templates/library.md](ux/templates/library.md) - Investigation templates
- [ux/wizards/person-investigation.md](ux/wizards/person-investigation.md) - Guided workflows
- [ux/accessibility/glossary.md](ux/accessibility/glossary.md) - 100+ term definitions
- [ux/accessibility/senior-friendly.md](ux/accessibility/senior-friendly.md) - Senior features
π Professional Playbooks
- [playbooks/journalist-source-verification.md](playbooks/journalist-source-verification.md) - For journalists
- [playbooks/hr-background-check.md](playbooks/hr-background-check.md) - For HR professionals
- [playbooks/cyber-threat-intel.md](playbooks/cyber-threat-intel.md) - For security analysts
- [playbooks/private-investigator.md](playbooks/private-investigator.md) - For PIs
---
π― Examples
### Example 1: Quick Investigation (2 minutes)
```bash
# Investigate a domain automatically
/full example.com
# Results:
# - Risk score: 65/100
# - 12 entities discovered
# - 2 reports generated (technical + simple)
# - Investigation saved
```
### Example 2: Person Investigation (5 minutes)
```bash
# Use the guided wizard
/wizard person
# Or step-by-step:
/recon "John Smith"
/pivot "johnsmith123"
/pivot "john.smith@example.com"
/timeline "John Smith"
/risk-assessment
/simple-report
```
### Example 3: Security Audit (10 minutes)
```bash
# Run security audit template
/template run security-audit
# Or manual:
/dork example.com
/visualize risk
/qa-check
/report brief
```
### Example 4: For Your 65-Year-Old Dad
```bash
# Switch to beginner mode
/mode beginner
# Use the wizard
/wizard person
# Look up any confusing terms
/glossary
# Get simple results
/simple-report
```
---
π Confidence & Risk System
### Confidence Ratings
| Icon | Level | Meaning | Trust Level |
|------|-------|---------|-------------|
| π’ | **HIGH** | Verified from authoritative source | β
Verified |
| π‘ | **MEDIUM** | Multiple sources agree | β
Likely true |
| π΄ | **LOW** | Single source, unverified | β οΈ Needs verification |
| βͺ | **SPECULATIVE** | Analyst inference | β Don't act on alone |
### Risk Scoring
| Score | Level | Action Required |
|-------|-------|-----------------|
| 0-25 | π’ **LOW** | Monitor only |
| 26-50 | π‘ **MODERATE** | Review recommended |
| 51-75 | π **HIGH** | Address within 30 days |
| 76-100 | π΄ **CRITICAL** | Immediate action required |
---
β
Success Metrics
Built for everyone. Professional-grade power.
π΄ Accessibility
65+ user completes investigation
in < 10 minutes |
β
Achieved
 |
πΌ Professional Depth
Full due diligence in < 30 min |
β
Achieved
|
π Universal Compatibility
Works on Claude, ChatGPT, all AI CLIs |
β
Achieved
|
π Documentation
15,000+ lines of docs |
β
Achieved
|
π 100% API-Free
Web search only, no keys needed |
β
Achieved
|
---
βοΈ Ethics & Legal
### β
Appropriate Use
- π¨βπΌ Journalists investigating public figures
- π Security researchers auditing infrastructure
- π€ Individuals checking their digital footprint
- π’ Due diligence research on businesses
- π Academic and educational purposes
### β Prohibited Use
- π« Harassment, stalking, or doxing
- π« Unauthorized access to private accounts
- π« Social engineering attacks
- π« Any illegal activities
Remember: With great search power comes great responsibility.
---
π€ Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
**Priority Areas:**
- π New dork patterns for emerging platforms
- π Additional language translations
- π More specialized playbooks
- π§ Community pattern contributions
---
π License
MIT License - See LICENSE file for details.
---
π Support
π Beginner's Guide β’
π Release Notes β’
π§ Troubleshooting β’
π Open an Issue
---
Ready to investigate anything, anywhere, accessible to everyone.
Built with β€οΈ for the OSINT community.
β¬οΈ Back to Top