{"id":50778530,"url":"https://github.com/elementalsouls/Claude-OSINT","last_synced_at":"2026-06-23T08:03:05.066Z","repository":{"id":354130704,"uuid":"1221922293","full_name":"elementalsouls/Claude-OSINT","owner":"elementalsouls","description":"Two paired Claude skills · 90+ recon modules · 48 secret-regex patterns · 80+ dorks · 9 read-only credential validators · 27 attack-path templates · 5,500+ lines of structured tradecraft. Drop-in SKILL.md files that turn Claude into a god-mode external recon operator for authorized red-team and bug-bounty engagements.","archived":false,"fork":false,"pushed_at":"2026-06-08T20:41:52.000Z","size":1035,"stargazers_count":1640,"open_issues_count":2,"forks_count":317,"subscribers_count":12,"default_branch":"main","last_synced_at":"2026-06-08T22:22:59.004Z","etag":null,"topics":["agentskills","claude","skills"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elementalsouls.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://paypal.me/elementalsouls"]}},"created_at":"2026-04-26T21:09:56.000Z","updated_at":"2026-06-08T20:41:57.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/elementalsouls/Claude-OSINT","commit_stats":null,"previous_names":["elementalsouls/claude-osint"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/elementalsouls/Claude-OSINT","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-OSINT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-OSINT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-OSINT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-OSINT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elementalsouls","download_url":"https://codeload.github.com/elementalsouls/Claude-OSINT/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-OSINT/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34680621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-23T02:00:07.161Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentskills","claude","skills"],"created_at":"2026-06-12T02:00:25.395Z","updated_at":"2026-06-23T08:03:05.061Z","avatar_url":"https://github.com/elementalsouls.png","language":"Python","funding_links":["https://paypal.me/elementalsouls"],"categories":["🔒 安全与逆向 (Security \u0026 Reverse Engineering)","Python","Security Review Skills","🧠 Agent Skills"],"sub_categories":["架构演进：代码优先 (Code-First)"],"readme":"![claude-osint banner](assets/banner.png)\n\n# claude-osint\n\n\u003e 2 paired Claude skills · **90+ recon modules** · 48 secret-regex patterns · 80+ dorks · 9 read-only credential validators · 27 attack-path templates · 4,600+ lines of structured tradecraft. Drop-in `SKILL.md` files that turn Claude into a god-mode external recon operator for authorized red-team and bug-bounty engagements.\n\nBuilt by **[ElementalSoul](https://github.com/elementalsouls)** — GenAI Security Research.\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003eSPONSORED BY\u003c/sub\u003e\n  \u003cbr/\u003e\n  \u003ca href=\"https://www.atlascloud.ai/console/coding-plan\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"assets/sponsors/atlas-cloud-dark.svg\"\u003e\n      \u003cimg alt=\"Atlas Cloud\" src=\"assets/sponsors/atlas-cloud-light.svg\" height=\"36\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## What is this?\n\n`claude-osint` is a paired set of skills for the [Claude skills system](https://docs.claude.com/en/docs/claude-code/skills). Each skill is a structured `SKILL.md` file that primes Claude with expert-level methodology for one half of the offensive recon problem:\n\n- **`osint-methodology`** - *how to think.* Strategic + procedural. Asset-graph discipline, severity rubric, time budgeting, identity-fabric mapping, deliverable templates.\n- **`offensive-osint`** - *what to reach for.* Tactical arsenal. Probe paths, regexes, payloads, scoring rules, curl one-liners, tool URLs.\n\nDrop both into your Claude environment and it behaves like a senior recon analyst: it knows the techniques, the tooling, the edge cases, and the escalation paths — and it stays in scope.\n\n~4,600 lines of structured tradecraft · 96.9% PASS on a 32-prompt self-evaluation · ~85–90% practitioner coverage for the recon phase of authorized engagements.\n\n---\n\n## Structure\n\n```\nclaude-osint/\n├── skills/\n│   ├── osint-methodology/SKILL.md     # how to think  (455 lines)\n│   └── offensive-osint/\n│       ├── SKILL.md                   # what to reach for (4,168 lines)\n│       ├── scripts/secret_scan.py     # stdlib-only secret scanner\n│       └── scripts/h1_reference.py    # HackerOne disclosed-reports reference agent\n├── docs/                              # architecture · coverage · install · usage\n├── examples/                          # 4 end-to-end engagement walk-throughs\n├── tests/smoke-test-prompts.md        # 32-prompt self-evaluation\n└── assets/banner.png\n```\n\nEach skill directory is self-contained. Drop into `~/.claude/skills/` and Claude auto-triggers on relevant phrases.\n\n---\n\n## Skill Index\n\n90+ capabilities across 12 domains. Categorized like Claude-Red — pick a domain to drill in.\n\n### Reconnaissance \u0026 Asset Discovery\n\n| Capability | Skill |\n|---|---|\n| 5-stage external recon pipeline + time-budget profiles (1h / 4h / 1d / 1w) | methodology |\n| Subdomain-source stack (crt.sh + 7-source fallback chain when crt.sh 502s) | arsenal |\n| Common-prefix subdomain sweep (100+ ordered prefixes, PowerShell + bash) | arsenal |\n| Wayback CDX deep mining + legacy-app pivot (.asp/.php/.jsp/.cfm) | arsenal |\n| WHOIS / RDAP / historical-WHOIS + reverse-WHOIS pivots | arsenal |\n| Public records (OpenCorporates · SEC EDGAR · GSXT · Rusprofile · Companies House) | arsenal |\n| Bulk IP → ASN (Cymru / RIPEstat / bgp.tools) | arsenal |\n\n### Identity \u0026 SSO Mapping\n\n| Capability | Skill |\n|---|---|\n| Microsoft Entra (Azure AD) tenant fingerprint + GUID extraction | arsenal |\n| M365 deep enum (Teams federation · SharePoint · OneDrive · OAuth · device-code phishing) | arsenal |\n| Autodiscover IP correlation (passive M365 confirm even when MX wrapped by Mimecast/Proofpoint) | arsenal |\n| Okta tenant slug + `/api/v1/authn` user-enum | arsenal |\n| ADFS fingerprint + mex endpoint | arsenal |\n| Google Workspace OIDC discovery | arsenal |\n| Generic OIDC (Auth0 · Keycloak · Ping · OneLogin · Duo) | arsenal |\n| SAML metadata (5 paths) | arsenal |\n| AWS account-ID extraction from headers + ARN regex | arsenal |\n\n### Web Application Attack Surface\n\n| Capability | Skill |\n|---|---|\n| Swagger / OpenAPI discovery (28 paths) | arsenal |\n| GraphQL discovery + introspection POST body (13 paths) | arsenal |\n| GraphQL field-suggestion enum (when introspection disabled) + alias batching + depth bypass | arsenal |\n| Always-on HTTP checks (15 paths: .git/.env/actuator/heapdump/etc.) | arsenal |\n| Missing security header audit (HSTS/CSP/XFO/etc.) | arsenal |\n| Endpoint extraction regex tiers (3 tiers) | arsenal |\n| Endpoint interest score (0–100 rubric) | arsenal |\n| JS deep analysis · sourcemap leakage · internal-host regex | arsenal |\n| Subdomain takeover fingerprints (27 providers) | arsenal |\n\n### Cloud \u0026 Container\n\n| Capability | Skill |\n|---|---|\n| Cloud bucket arsenal (S3 / GCS / Azure · 6 prefixes × 15 suffixes × 47 stems) | arsenal |\n| Cloud-native fingerprints (Lambda URLs · Cloud Run · Azure Functions · Vercel · Netlify · Workers) | arsenal |\n| Kubernetes / etcd / kubelet exposure (12 ports + probes) | arsenal |\n| Container registry leak hunting (Docker Hub · Quay · GHCR · ECR · GCR · ACR) | arsenal |\n| CI/CD platform exposure (Jenkins · GitLab · TeamCity-KEV · Argo CD · Spinnaker · CircleCI) | arsenal |\n\n### Secret \u0026 Credential Hunting\n\n| Capability | Skill |\n|---|---|\n| 48-pattern secret-regex catalog (29 base + 19 modern) | arsenal |\n| Modern AI API keys (Anthropic / OpenAI / HuggingFace / Cloudflare) | arsenal (rows 30-36) |\n| Package-registry tokens (npm / PyPI / Docker Hub) | arsenal (rows 38-40) |\n| GitHub code-search dorks (13 templates) | arsenal |\n| 9 read-only credential validators (Postman / AWS / GitHub / Slack / Anthropic / OpenAI / npm / Atlassian / DataDog) | arsenal |\n| Post-discovery enumeration workflows (IAM enum · repo enum · workspace enum · JWT triage) | arsenal |\n| `secret_scan.py` runnable helper (stdlib-only, JSONL output) | arsenal |\n| `h1_reference.py` — HackerOne disclosed-reports reference agent (no API key, top-voted / top-bounty / keyword / program filter) | arsenal |\n| 80+ dork corpus across 9 categories | arsenal |\n\n### Breach Intelligence\n\n| Capability | Skill |\n|---|---|\n| HudsonRock Cavalier direct API (free; FYI: web-UI wraps a public JSON endpoint) | arsenal |\n| Domain-level breach severity mapping | arsenal |\n| `SSO_EXPOSURE` finding + legacy-mail-decommissioned escalation pattern | arsenal |\n| Breach × identity correlation (HudsonRock + HIBP + DeHashed + IntelX) | methodology |\n\n### Vendor \u0026 Edge-Appliance Fingerprinting\n\n| Capability | Skill |\n|---|---|\n| Citrix Netscaler · F5 BIG-IP · Pulse Secure / Ivanti · FortiGate | arsenal |\n| PaloAlto GlobalProtect · Cisco AnyConnect · VMware vCenter / ESXi / Horizon | arsenal |\n| Microsoft Exchange OWA (ProxyShell / ProxyLogon / ProxyNotShell) | arsenal |\n| KEV CVE enrichment + EPSS scoring + Metasploit availability | arsenal |\n| WAF / CDN bypass + origin discovery (8 techniques) | methodology, arsenal |\n\n### Email Security\n\n| Capability | Skill |\n|---|---|\n| SPF / DMARC / DKIM / BIMI / MTA-STS / TLS-RPT / DNSSEC audit (bash + PowerShell) | arsenal |\n| DMARC reporting-vendor inference (Kratikal / dmarcian / Valimail / Agari / EasyDMARC) | arsenal |\n| TXT verification token catalog (35+ SaaS tenants) | arsenal |\n| MX → IdP / mail-host inference | arsenal |\n\n### Human Intelligence\n\n| Capability | Skill |\n|---|---|\n| LinkedIn employee enumeration (P0–P5 role tiers · sock-puppet hygiene) | arsenal |\n| Job posting tech-stack analysis (Lever · Greenhouse · AshbyHQ · Workable) | arsenal |\n| Slack / Discord / Telegram / Mattermost workspace discovery | arsenal |\n| Sat imagery for physical recon (Google Earth · NearMap · Sentinel Hub) | arsenal |\n| Email-pattern inference (8 templates) | arsenal |\n\n### Supply Chain\n\n| Capability | Skill |\n|---|---|\n| Package-registry leak hunting (npm · PyPI · RubyGems · Cargo · Packagist · NuGet · Maven) | arsenal |\n| Typosquat surveillance | arsenal |\n| Postman public-workspace search (verified endpoint) | arsenal |\n| Stack Exchange OSINT sweep (8 sites) | arsenal |\n\n### Reporting \u0026 Deliverables\n\n| Capability | Skill |\n|---|---|\n| Findings rubric (CRITICAL/HIGH/MED/LOW/INFO + escalation) | methodology |\n| Severity decision matrix (88 worked examples) | arsenal |\n| Attack-path hint patterns (27 templates) | arsenal |\n| Bug-bounty submission templates (HackerOne / Bugcrowd / Intigriti) | methodology |\n| Client deliverable templates (exec summary · risk-translation matrix · cadence) | methodology |\n| Reproduction package | methodology |\n\n### Sector-Specific\n\n| Capability | Skill |\n|---|---|\n| Healthcare (DICOM · HL7 v2 · FHIR · Epic / Cerner / Allscripts) | arsenal |\n| Finance (SWIFT · FIX · Bloomberg · Temenos / Finacle / FIS / Fiserv) | arsenal |\n| ICS / SCADA (Modbus · BACnet · Siemens S7 · DNP3 · EtherNet/IP) | arsenal |\n| IoT (MQTT · CoAP · UPnP · Hikvision / Dahua DVRs) | arsenal |\n| Government (`.gov` / `.mil` · FedRAMP · FISMA · CUI · SAM.gov) | arsenal |\n\n---\n\n## Capability Map\n\nTwo skills, twelve capability domains. Drill into the [Skill Index](#skill-index) above for concrete sub-capabilities.\n\n```mermaid\n%%{init: {'theme':'base', 'themeVariables': {'primaryColor':'#1e293b','primaryTextColor':'#f1f5f9','primaryBorderColor':'#475569','lineColor':'#94a3b8'}}}%%\nflowchart LR\n    Root([\"🦅 claude-osint\"])\n\n    Root --\u003e M[\"📘 osint-methodology\u003cbr/\u003e\u003ci\u003ehow to think\u003c/i\u003e\"]\n    Root --\u003e A[\"🛠️ offensive-osint\u003cbr/\u003e\u003ci\u003ewhat to reach for\u003c/i\u003e\"]\n\n    M --\u003e M1[Recon Pipeline]\n    M --\u003e M2[Asset Graph]\n    M --\u003e M3[Identity Fabric]\n    M --\u003e M4[Findings Rubric]\n    M --\u003e M5[Reporting Templates]\n    M --\u003e M6[OpSec \u0026 Detectability]\n\n    A --\u003e A1[Probe Wordlists]\n    A --\u003e A2[Vendor Fingerprints]\n    A --\u003e A3[Cloud · K8s · CI-CD]\n    A --\u003e A4[Secret Catalog]\n    A --\u003e A5[Read-Only Validators]\n    A --\u003e A6[Email Security]\n    A --\u003e A7[Human Intel]\n    A --\u003e A8[Sector Notes]\n\n    style Root fill:#dc2626,stroke:#7f1d1d,color:#fff\n    style M fill:#1e293b,stroke:#475569,color:#f1f5f9\n    style A fill:#7c2d12,stroke:#9a3412,color:#fef3c7\n    style M1 fill:#0f172a,stroke:#334155,color:#cbd5e1\n    style M2 fill:#0f172a,stroke:#334155,color:#cbd5e1\n    style M3 fill:#0f172a,stroke:#334155,color:#cbd5e1\n    style M4 fill:#0f172a,stroke:#334155,color:#cbd5e1\n    style M5 fill:#0f172a,stroke:#334155,color:#cbd5e1\n    style M6 fill:#0f172a,stroke:#334155,color:#cbd5e1\n    style A1 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A2 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A3 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A4 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A5 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A6 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A7 fill:#1c1917,stroke:#44403c,color:#fed7aa\n    style A8 fill:#1c1917,stroke:#44403c,color:#fed7aa\n```\n\n---\n\n## Engagement Flow\n\n```mermaid\n%%{init: {'theme':'base', 'themeVariables': {'primaryColor':'#1e293b','primaryTextColor':'#f1f5f9','primaryBorderColor':'#475569','lineColor':'#94a3b8'}}}%%\nflowchart TD\n    A[\"🎯 Target authorized\u003cbr/\u003e\u003ci\u003eRoE / BB scope / ASM contract\u003c/i\u003e\"] --\u003e B[methodology\u003cbr/\u003escope check]\n    B --\u003e C[methodology\u003cbr/\u003e5-stage pipeline]\n\n    C --\u003e D1[\"🔍 Stage 1\u003cbr/\u003eSeed Discovery\"]\n    C --\u003e D2[\"🌐 Stage 2\u003cbr/\u003eAsset Expansion\"]\n    C --\u003e D3[\"📊 Stage 3\u003cbr/\u003eEnrichment\"]\n    C --\u003e D4[\"⚠️ Stage 4\u003cbr/\u003eExposure Analysis\"]\n    C --\u003e D5[\"📋 Stage 5\u003cbr/\u003eReporting\"]\n\n    D1 --\u003e E1[DNS catalog\u003cbr/\u003eWHOIS / RDAP\u003cbr/\u003epublic records]\n    D2 --\u003e E2[subdomain stack\u003cbr/\u003eprefix sweep\u003cbr/\u003eWayback CDX]\n    D3 --\u003e E3[vendor fingerprint\u003cbr/\u003eidentity fabric\u003cbr/\u003einfrastructure OSINT]\n    D4 --\u003e E4[secret catalog\u003cbr/\u003ealways-on HTTP checks\u003cbr/\u003eK8s exposure\u003cbr/\u003eread-only validators\u003cbr/\u003ebreach × identity]\n    D5 --\u003e E5[severity rubric\u003cbr/\u003eBB submission\u003cbr/\u003eclient deliverable]\n\n    E1 --\u003e F[methodology\u003cbr/\u003easset graph]\n    E2 --\u003e F\n    E3 --\u003e F\n    E4 --\u003e G[\"📋 Findings\u003cbr/\u003eseverity + confidence + evidence\"]\n    E5 --\u003e H[\"📦 Deliverable\u003cbr/\u003eexec summary + repro package\"]\n\n    F --\u003e G\n\n    style A fill:#3b82f6,color:#fff\n    style B fill:#7c2d12,color:#fef3c7\n    style C fill:#1e293b,color:#f1f5f9\n    style F fill:#7c3aed,color:#fff\n    style G fill:#dc2626,color:#fff\n    style H fill:#14532d,color:#dcfce7\n```\n\n---\n\n## Usage\n\n### With Claude Code\n\n```bash\n# Install both skills (one-time, after clone)\ngit clone https://github.com/elementalsouls/Claude-OSINT.git\ncd Claude-OSINT\nchmod +x ./scripts/sync-skill-content.sh\n./scripts/sync-skill-content.sh\nmkdir -p ~/.claude/skills\ncp -r skills/osint-methodology ~/.claude/skills/\ncp -r skills/offensive-osint   ~/.claude/skills/\nls ~/.claude/skills/\n```\n\nThen, in any Claude Code session, ask an OSINT question — both skills auto-load and trigger on relevant phrases (50+ trigger phrases each).\n\n### With the Claude Skills System\n\n```bash\n# Point Claude at a single skill before starting your session\ncat skills/offensive-osint/SKILL.md | claude --system-file -\n```\n\n### Manual (Claude.ai / Claude API)\n\nPaste the contents of any `SKILL.md` into a Project's system prompt or prepend it to your conversation. Both files are plain Markdown — also usable as a personal cheat-sheet without Claude.\n\n---\n\n## Authorization\n\nThese skills are intended for assets you **own** or have **written authorization to assess** (red-team rules of engagement, bug-bounty in-scope assets, ASM contracts).\n\nBoth skills include a soft scope-check when you ask Claude to act against an unverified third-party target. They explicitly **exclude** active exploitation, post-exploitation, malware development, and other activities beyond OSINT-driven reconnaissance. See [`SECURITY.md`](SECURITY.md) for the full posture.\n\n---\n\n## Documentation\n\n| Doc | Contents |\n|---|---|\n| [`docs/architecture.md`](docs/architecture.md) | Design philosophy · asset-graph model · confidence/severity/detectability models · sidecar coordination · diagrams |\n| [`docs/coverage.md`](docs/coverage.md) | Honest practitioner-coverage breakdown by archetype + engagement phase |\n| [`docs/installation.md`](docs/installation.md) | Symlink installs and multi-environment install patterns |\n| [`docs/usage.md`](docs/usage.md) | Trigger-phrase reference and prompt templates |\n| [`examples/`](examples/) | 4 end-to-end engagement walk-throughs (quick recon · bug-bounty · M365 deep · secret hunting) |\n| [`tests/smoke-test-prompts.md`](tests/smoke-test-prompts.md) | 32-prompt self-evaluation suite (current grade: 31/32 PASS) |\n| [`CHANGELOG.md`](CHANGELOG.md) | Version history |\n| [`CONTRIBUTING.md`](CONTRIBUTING.md) | Pull-request guidelines |\n\n---\n\n## Sponsors\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.atlascloud.ai/console/coding-plan\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"assets/sponsors/atlas-cloud-dark.svg\"\u003e\n      \u003cimg alt=\"Atlas Cloud\" src=\"assets/sponsors/atlas-cloud-light.svg\" height=\"48\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n**[Atlas Cloud](https://www.atlascloud.ai/console/coding-plan)** is a full-modal AI inference platform that gives developers a single AI API to access video generation, image generation, and LLM APIs. Instead of managing multiple vendor integrations, you connect once and get unified access to 300+ curated models across all modalities.\n\nCheck out Atlas Cloud's new coding plan promotion for more budget-friendly API access: **\u003chttps://www.atlascloud.ai/console/coding-plan\u003e**\n\n---\n\n## About\n\nOperational tradecraft accumulated across external attack-surface engagements, codified into Claude skills. Engagement-platform agnostic - slot into any ASM / ticketing / asset-graph platform you already use, or none.\n\n**Author:** [ElementalSoul](https://github.com/elementalsouls)\n\n**Original framework:** [SnailSploit/offensive-checklist](https://github.com/SnailSploit/offensive-checklist) (v1.x)\n\n**Inspired by:** [Bellingcat's Online Investigations Toolkit](https://www.bellingcat.com/resources/2024/09/24/bellingcat-online-investigations-toolkit/) \n· [IntelTechniques](https://inteltechniques.com/tools/) \n· [OSINT Framework](https://osintframework.com/)\n\n**Tool inventory:** \n. [ProjectDiscovery](https://github.com/projectdiscovery) \n· [Six2dez reconftw](https://github.com/six2dez/reconftw) \n· [SecLists](https://github.com/danielmiessler/SecLists) \n· [Assetnote Wordlists](https://wordlists.assetnote.io/)\n\n**License:** [MIT](LICENSE) — use freely, attribution appreciated.\n\n---\n\n\u003e *\"Give Claude the right skill and it stops being a chatbot. It becomes an operator.\"*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felementalsouls%2FClaude-OSINT","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felementalsouls%2FClaude-OSINT","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felementalsouls%2FClaude-OSINT/lists"}