{"id":13642643,"url":"https://github.com/netevert/pockint","last_synced_at":"2025-04-07T15:08:40.366Z","repository":{"id":50181895,"uuid":"180627896","full_name":"netevert/pockint","owner":"netevert","description":"A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️","archived":false,"fork":false,"pushed_at":"2023-10-18T02:04:12.000Z","size":2538,"stargazers_count":262,"open_issues_count":16,"forks_count":44,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-31T12:08:59.970Z","etag":null,"topics":["dfir","incident-response","incident-response-tooling","infosec","infosec-19","osint","osint-professionals","osint-python","osinttool","portable","python","python3","tkinter-gui","tkinter-python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netevert.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-04-10T17:09:17.000Z","updated_at":"2025-03-11T19:30:29.000Z","dependencies_parsed_at":"2023-01-25T04:00:53.655Z","dependency_job_id":"7be48e6d-d53a-459d-b2d1-4c88ded90d03","html_url":"https://github.com/netevert/pockint","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netevert%2Fpockint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netevert%2Fpockint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netevert%2Fpockint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netevert%2Fpockint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netevert","download_url":"https://codeload.github.com/netevert/pockint/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247675597,"owners_count":20977376,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","incident-response","incident-response-tooling","infosec","infosec-19","osint","osint-professionals","osint-python","osinttool","portable","python","python3","tkinter-gui","tkinter-python"],"created_at":"2024-08-02T01:01:34.327Z","updated_at":"2025-04-07T15:08:40.343Z","avatar_url":"https://github.com/netevert.png","language":"Python","readme":"![Icon](https://github.com/netevert/pockint/blob/master/docs/icon.png)\n=======\n[![made with python](https://img.shields.io/badge/-made%20with%20python-blue.svg?logo=python\u0026style=flat-square\u0026logoColor=white)](https://www.python.org)\n![Supported platforms](https://img.shields.io/badge/platform-Windows-informational.svg?style=flat-square)\n[![GitHub release](https://img.shields.io/github/release/netevert/pockint.svg?style=flat-square)](https://github.com/netevert/pockint/releases)\n![GitHub All Releases](https://img.shields.io/github/downloads/netevert/pockint/total.svg?style=flat-square)\n[![Twitter Follow](https://img.shields.io/twitter/follow/netevert.svg?style=social)](https://twitter.com/netevert)\n\nPOCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. A lightweight and portable GUI program, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner.\n\n![demo](https://github.com/netevert/pockint/blob/master/docs/demo.gif)\n\n## Installation\n\nYou can grab the latest version from the [releases page](https://github.com/netevert/pockint/releases/latest). POCKINT is provided as a single executable that can be stored and run anywhere on computers. POCKINT is available for Windows only.\n\n## Features\n\nWhy use it? POCKINT is designed to be **simple, portable and powerful**.\n\n:star: **Simple**: There's plenty of awesome OSINT tools out there. Trouble is they either require analysts to be reasonably comfortable with the command line (think [pOSINT](https://github.com/ecstatic-nobel/pOSINT)) or give you way too many features (think [Maltego](https://www.paterva.com/web7/)). POCKINT focuses on simplicity: _INPUT_ \u003e _RUN TRANSFORM_ \u003e _OUTPUT_ ... rinse and repeat. It's the ideal tool to get results quickly and easily through a simple interface.\n\n:package: **Portable**: Most tools either require installation, a license or configuration. POCKINT is ready to go whenever and wherever. Put it in your jump kit USB, investigation VM or laptop and it will just run.\n\n:rocket: **Powerful**: POCKINT combines cheap OSINT sources (whois/DNS) with the power of specialised [APIs](https://www.theguardian.com/media/pda/2007/dec/14/thenutshellabeginnersguide). From the get go you can use a suite of in-built transforms. Add in a couple of API keys and you can unlock even more specialised data mining capabilities.\n\nThe latest version is capable of running the following data mining tasks:\n\n\u003cdetails\u003e\u003csummary\u003eHostnames\u003c/summary\u003e\n\u003cp\u003e\n\n|Source |Transform |API key needed? |\n| ----------------------------------------- | ---------------------- | ---------------- |\n| DNS | IP lookup |:x: |\n| DNS | MX lookup |:x: |\n| DNS | NS lookup |:x: |\n| DNS | TXT lookup |:x: |\n| WHOIS | Domain dnssec status |:x: |\n| WHOIS | Domain creation |:x: |\n| WHOIS | Domain expiration |:x: |\n| WHOIS | Domain emails |:x: |\n| WHOIS | Domain registrar |:x: |\n| WHOIS | Registrant location |:x: |\n| WHOIS | Registrant org |:x: |\n| WHOIS | Registrant name |:x: |\n| WHOIS | Registrant address |:x: |\n| WHOIS | Registrant zipcode |:x: |\n| [crt.sh](https://crt.sh/) | Subdomains |:x: |\n| [Virustotal](https://www.virustotal.com) | Downloaded samples |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Detected URLs |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Subdomains |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Passive DNS |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | malicious check |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Malware type |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Malware hash |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Observed urls |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Geolocate |:heavy_check_mark:|\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\u003csummary\u003eIP Adresses\u003c/summary\u003e\n\u003cp\u003e\n\n**Note:** Only IPv4 Addresses are supported\n\n|Source |Transform |API key needed? |\n| ----------------------------------------- | -------------------- | ---------------- |\n| DNS | Reverse lookup |:x: |\n| [Shodan](https://www.shodan.io/) | Ports |:heavy_check_mark:|\n| [Shodan](https://www.shodan.io/) | Geolocate |:heavy_check_mark:|\n| [Shodan](https://www.shodan.io/) | Coordinates |:heavy_check_mark:|\n| [Shodan](https://www.shodan.io/) | CVEs |:heavy_check_mark:|\n| [Shodan](https://www.shodan.io/) | ISP |:heavy_check_mark:|\n| [Shodan](https://www.shodan.io/) | City |:heavy_check_mark:|\n| [Shodan](https://www.shodan.io/) | ASN |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Network report |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Communicating samples|:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Downloaded samples |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Detected URLs |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Passive DNS |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Malicious check |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Malware type |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Malware hash |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Observed urls |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Geolocate |:heavy_check_mark:|\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\u003csummary\u003eUrls\u003c/summary\u003e\n\u003cp\u003e\n\n|Source |Transform |API key needed? |\n| ----------------------------------------- | ------------------------- | ---------------- |\n| DNS | Extract hostname |:x: |\n| [Virustotal](https://www.virustotal.com) | Malicious check |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Reported detections |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Geolocate |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Parse url |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | malicious check |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Http response analysis |:heavy_check_mark:|\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\u003csummary\u003eHashes\u003c/summary\u003e\n\u003cp\u003e\n \n**Note:** Both MD5 and SHA256 hashes are supported\n\n|Source |Transform |API key needed? |\n| ----------------------------------------- | -------------------- | ---------------- |\n| [Virustotal](https://www.virustotal.com) | Malicious check |:heavy_check_mark:|\n| [Virustotal](https://www.virustotal.com) | Malware type |:heavy_check_mark:|\n| [OTX](https://otx.alienvault.com/) | Malicious check |:heavy_check_mark:|\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\u003csummary\u003eEmails\u003c/summary\u003e\n\u003cp\u003e\n\n|Source |Transform |API key needed? |\n| --------- | -------------------- | ---------------- |\n| N/A | Extract domain |:x: |\n\n\u003c/p\u003e\n\u003c/details\u003e\n\nNew APIs and input integrations are in the works, consult the [issues page](https://github.com/netevert/pockint/issues) to check out what's brewing or feel free to propose your own.\n\nLike it?\n=========\nIf you like the tool please consider [contributing](https://github.com/netevert/pockint/blob/master/CONTRIBUTING.md).\n\nThe tool received a few \"honourable\" mentions, including:\n\n- [KitPloit](https://www.kitploit.com/2019/10/pockint-portable-osint-swiss-army-knife.html)\n- [kalilinuxtutorials.com](https://kalilinuxtutorials.com/pockint-portable-osint-swiss-army-knife-dfir-osint/)\n- [hacking.land](https://www.hacking.land/2019/10/pockint-portable-osint-swiss-army-knife.html)\n- [awesomeopensource.com](https://awesomeopensource.com/project/netevert/pockint)\n\n**Please note:** There have been a small number of reports indicating that pockint triggers false positives on antivirus protected systems (to date [Avast, AVG](https://github.com/netevert/pockint/issues/22) and [Norton](https://twitter.com/ChiefCovfefe/status/1204807996028657664)). The issue [seems to be caused by pyinstaller](https://stackoverflow.com/questions/43777106/program-made-with-pyinstaller-now-seen-as-a-trojan-horse-by-avg), the [python package](https://www.pyinstaller.org/) used to freeze and distribute pockint. If pockint triggers your antivirus please submit an issue and the author will submit a false positive report to the concerned antivirus provider.\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetevert%2Fpockint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetevert%2Fpockint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetevert%2Fpockint/lists"}