{"id":50379113,"url":"https://github.com/owlscan/owlscan","last_synced_at":"2026-05-30T11:01:07.242Z","repository":{"id":360318084,"uuid":"1249507785","full_name":"owlscan/owlscan","owner":"owlscan","description":"OwlScan is a community-powered, open-source OSINT intelligence framework built for security researchers, penetration testers, investigators, and enthusiasts. It combines web scraping, network reconnaissance, people intelligence aggregation, and threat analysis into a single cohesive platform.","archived":false,"fork":false,"pushed_at":"2026-05-30T09:07:47.000Z","size":2517,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-30T09:14:08.113Z","etag":null,"topics":["automation","bug-bounty","cybersecurity","dns-recon","ethical-hacking","flask","footprinting","hacking","information-gathering","infosec","network-scanner","osint","penetration-testing","python","recon","reconnaissance","security","security-research","security-tools","threat-intelligence"],"latest_commit_sha":null,"homepage":"https://owlscan.sh","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/owlscan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["the-clipper"]}},"created_at":"2026-05-25T19:21:37.000Z","updated_at":"2026-05-30T09:07:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/owlscan/owlscan","commit_stats":null,"previous_names":["the-clipper/nightowl","nightowl-osint/nightowl","owlscan/owlscan"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/owlscan/owlscan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owlscan%2Fowlscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owlscan%2Fowlscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owlscan%2Fowlscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owlscan%2Fowlscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/owlscan","download_url":"https://codeload.github.com/owlscan/owlscan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owlscan%2Fowlscan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33689564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","bug-bounty","cybersecurity","dns-recon","ethical-hacking","flask","footprinting","hacking","information-gathering","infosec","network-scanner","osint","penetration-testing","python","recon","reconnaissance","security","security-research","security-tools","threat-intelligence"],"created_at":"2026-05-30T11:00:29.790Z","updated_at":"2026-05-30T11:01:07.234Z","avatar_url":"https://github.com/owlscan.png","language":"Python","funding_links":["https://github.com/sponsors/the-clipper"],"categories":[],"sub_categories":[],"readme":"# 🦉 OwlScan // PHANTOM SIGNAL\n\n```\n  ██████╗ ██╗    ██╗██╗     ███████╗ ██████╗ █████╗ ███╗   ██╗\n ██╔═══██╗██║    ██║██║     ██╔════╝██╔════╝██╔══██╗████╗  ██║\n ██║   ██║██║ █╗ ██║██║     ███████╗██║     ███████║██╔██╗ ██║\n ██║   ██║██║███╗██║██║     ╚════██║██║     ██╔══██║██║╚██╗██║\n ╚██████╔╝╚███╔███╔╝███████╗███████║╚██████╗██║  ██║██║ ╚████║\n  ╚═════╝  ╚══╝╚══╝ ╚══════╝╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝\n         \u003e\u003e OPEN-SOURCE OSINT INTELLIGENCE FRAMEWORK \u003c\u003c\n                 \"See everything. Leave no trace.\"\n```\n\n[![Python 3.10+](https://img.shields.io/badge/python-3.10+-00ff41?style=flat-square\u0026logo=python)](https://python.org)\n[![License: MIT](https://img.shields.io/badge/license-MIT-00f3ff?style=flat-square)](LICENSE)\n[![Platform](https://img.shields.io/badge/platform-Linux%20%7C%20macOS%20%7C%20Windows%20%7C%20Docker-b026ff?style=flat-square)]()\n[![GitHub Stars](https://img.shields.io/github/stars/owlscan/owlscan?style=flat-square\u0026color=00ff41)](https://github.com/owlscan/owlscan/stargazers)\n[![Open Issues](https://img.shields.io/github/issues/owlscan/owlscan?style=flat-square\u0026color=b026ff)](https://github.com/owlscan/owlscan/issues)\n[![CI](https://img.shields.io/github/actions/workflow/status/owlscan/owlscan/ci.yml?branch=main\u0026style=flat-square\u0026label=CI\u0026color=00ff41)](https://github.com/owlscan/owlscan/actions/workflows/ci.yml)\n[![PyPI](https://img.shields.io/pypi/v/owlscan?style=flat-square\u0026color=b026ff\u0026logo=pypi\u0026logoColor=white)](https://pypi.org/project/owlscan/)\n[![Project Site](https://img.shields.io/badge/site-owlscan.sh-00f3ff?style=flat-square\u0026logo=github)](https://owlscan.sh)\n[![Changelog](https://img.shields.io/badge/changelog-view-00ff41?style=flat-square)](CHANGELOG.md)\n\n\n---\n\n## 🎬 Demo\n\n### CLI — Ghost Run in action\n\n![CLI scan demo](https://raw.githubusercontent.com/owlscan/owlscan/main/docs/assets/demo.gif)\n\n### Web UI — Shadow Grid (Dashboard)\n\n![Dashboard](https://raw.githubusercontent.com/owlscan/owlscan/main/docs/assets/screenshot_dashboard.svg)\n\n### Web UI — Launch Ghost Run\n\n![Launch Ghost Run](https://raw.githubusercontent.com/owlscan/owlscan/main/docs/assets/screenshot_launch.svg)\n\n### Web UI — Scan Results\n\n![Scan results](https://raw.githubusercontent.com/owlscan/owlscan/main/docs/assets/screenshot_results.svg)\n\n### Web UI — Theme Options\n\nOwlScan ships with two built-in UI themes, selectable via the **☀/🌙 toggle** in the top navigation bar. Your preference is saved automatically and persists across sessions.\n\n| Theme | Description |\n|-------|-------------|\n| **Dark** *(default)* | Cyberpunk aesthetic — deep charcoal background, neon green/cyan/purple accents, matrix rain canvas, glowing owl logo |\n| **Light** | \"Phantom Dawn\" — soft blue-grey background, muted accent palette, clean black ASCII logo, matrix rain disabled |\n\n\u003e **Asciinema recording:** Watch the full interactive demo on asciinema.org, or play it locally:\n\u003e ```bash\n\u003e pip install asciinema\n\u003e asciinema play https://raw.githubusercontent.com/owlscan/owlscan/main/docs/assets/demo.cast\n\u003e ```\n\n[![asciicast](https://asciinema.org/a/1163488.svg)](https://asciinema.org/a/1163488)\n\n---\n\n## ⚡ What is OwlScan?\n\nOwlScan is a **community-powered, open-source OSINT intelligence framework** built for security researchers, penetration testers, investigators, and enthusiasts. It combines web scraping, network reconnaissance, people intelligence aggregation, and threat analysis into a single cohesive platform.\n\n\u003e **LEGAL DISCLAIMER:** OwlScan is for **authorized security research, OSINT investigations, and educational purposes only**. Only scan targets you have explicit permission to test. You are solely responsible for compliance with all applicable laws. The developers assume NO liability for misuse.\n\n---\n\n## 🔥 Features\n\n### 🕷 Web Reconnaissance\n- **Scrapy-powered** deep web crawler with JavaScript rendering support\n- **Technology detection** — fingerprints 50+ technologies (CMS, frameworks, CDNs, WAFs)\n- **API endpoint hunter** — discovers REST APIs, GraphQL, Swagger docs, admin panels, `.env` leaks\n- **Security header analysis** with graded posture scoring\n- **Email, phone, link, and comment harvesting**\n\n### 🌐 Network Intelligence\n- **Async port scanner** — 65,535 ports, banner grabbing, service detection\n- **DNS recon** — A/AAAA/MX/NS/TXT/SOA/CAA, zone transfer attempts, subdomain brute-force\n- **Certificate transparency** via crt.sh — uncover subdomains via SSL history\n- **SPF/DMARC analysis** — identify email spoofing vulnerabilities\n- **Reverse DNS** and co-hosted domain discovery\n\n### 🔬 Intelligence APIs (30+ Integrations)\n\n| Category | APIs |\n|----------|------|\n| **Network Scanning** | Shodan, Censys, ZoomEye, BinaryEdge |\n| **Threat Intelligence** | VirusTotal, AbuseIPDB, GreyNoise, AlienVault OTX |\n| **Email** | Hunter.io, HaveIBeenPwned, HaveIBeenPwned |\n| **Domain/Web** | SecurityTrails, URLScan.io, WhoisXML, Local WHOIS |\n| **Geolocation** | IPInfo.io |\n| **People Search** | Pipl, FullContact, WhitePages, Spokeo, Clearbit |\n| **Social** | GitHub, Twitter/X |\n| **Custom** | Bring your own API via plugin architecture |\n\n### 👤 Shadow Profiler (People Intelligence)\nLexisNexis-style identity aggregation from public records:\n- Cross-correlates data from multiple people-search APIs\n- Discovers emails, phones, addresses, relatives, employers\n- Breach data correlation via HIBP and other sources\n- Social media profile linking\n- **Shadow Score** — digital exposure quantification (0-100)\n- Social graph building and timeline reconstruction\n\n### 📦 Export Formats\n| Format | Description |\n|--------|-------------|\n| **JSON** | Raw machine-readable data |\n| **CSV** | Spreadsheet-compatible |\n| **HTML** | Self-contained cyberpunk-styled report |\n| **PDF** | Professional dossier via ReportLab |\n| **XML** | Structured data |\n| **XLSX** | Excel workbook |\n| **STIX 2.1** | Threat intelligence sharing format |\n| **Markdown** | Human-readable report |\n\nAll formats support **ZIP compression** and **AES-256-GCM encryption**.\n\n### 🌑 Ghost Mode\n- Low-and-slow scanning profiles to minimize detection\n- Identity rotation via user-agent spoofing\n- Tor proxy integration (Docker compose profile: `ghost`)\n- Configurable request jitter and delays\n\n### 🔔 Additional Features\n- **Real-time live feed** — WebSocket-powered terminal during scans\n- **Shadow Score** — composite risk/exposure scoring\n- **Scheduled Phantoms** — recurring automated ghost runs\n- **API health monitor** — dashboard showing configured APIs and rate limits\n- **Light/Dark theme** — toggle between cyberpunk Dark mode and \"Phantom Dawn\" Light mode via the ☀/🌙 button; preference persisted in localStorage\n- **Full REST API** — integrate OwlScan into your own toolchain\n- **CLI interface** — `owlscan scan`, `owlscan profile`, `owlscan export`\n- **Docker** — single-command deployment\n\n---\n\n## 🚀 Quick Start\n\n### Option 1: Docker (Recommended)\n```bash\ngit clone https://github.com/owlscan/owlscan\ncd owlscan\ndocker-compose up -d\n# Open http://localhost:5000\n```\n\n### Option 2: Manual Installation\n```bash\n# Python 3.10+ required\ngit clone https://github.com/owlscan/owlscan\ncd owlscan\npip install -e .\nowlscan init\nowlscan web --open-browser\n```\n\n### Option 3: CLI Scan\n```bash\n# Quick probe\nowlscan scan example.com --profile quick\n\n# Full spectrum with export\nowlscan scan 192.168.1.1 --type ip_recon --format html --output ./reports\n\n# People intelligence\nowlscan profile --email target@company.com --first-name John --last-name Doe\n```\n\n---\n\n## ⚙️ Configuration\n\n### Environment Variables (Recommended for API Keys)\n```bash\nexport SHODAN_API_KEY=\"your-shodan-key\"\nexport VIRUSTOTAL_API_KEY=\"your-vt-key\"\nexport HUNTER_API_KEY=\"your-hunter-key\"\nexport HIBP_API_KEY=\"your-hibp-key\"\nexport GREYNOISE_API_KEY=\"your-greynoise-key\"\nexport IPINFO_TOKEN=\"your-ipinfo-token\"\nexport ABUSEIPDB_API_KEY=\"your-abuseipdb-key\"\nexport ALIENVAULT_API_KEY=\"your-otx-key\"\nexport GITHUB_TOKEN=\"your-github-token\"\nexport SECURITYTRAILS_API_KEY=\"your-st-key\"\n# See config/owlscan.yaml for full list\n```\n\n### Config File\nCopy `config/owlscan.yaml` to `~/.owlscan/config.yaml` and customize.\n\n---\n\n## 🔌 Adding Custom APIs\n\nOwlScan uses a plugin architecture. Adding a new intelligence source takes ~20 lines:\n\n```python\n# owlscan/intel/apis/my_api.py\nfrom owlscan.intel.apis.base import BaseIntelAPI, register_api, APICategory, APITier\n\n@register_api\nclass MyAPI(BaseIntelAPI):\n    NAME = \"myapi\"\n    DESCRIPTION = \"My custom intelligence source\"\n    REQUIRES_KEY = True\n    TIER = APITier.FREE_LIMITED\n    CATEGORIES = [APICategory.NETWORK]\n    BASE_URL = \"https://api.myservice.com/v1\"\n    SIGN_UP_URL = \"https://myservice.com/signup\"\n\n    async def search(self, query: str, **kwargs):\n        data = await self._get(\n            f\"{self.BASE_URL}/search\",\n            params={\"q\": query, \"key\": self._api_key}\n        )\n        return [self._wrap_result(\"my_result\", data)]\n```\n\nThen import it in `owlscan/intel/orchestrator.py` and it auto-registers.\n\n---\n\n## 🏗 Architecture\n\n```\nowlscan/\n├── core/               — Engine, config, database, models\n├── scrapers/           — Scrapy crawler, tech detector, port scanner, API hunter, DNS recon\n├── intel/\n│   ├── apis/           — 30+ API integrations (plugin architecture)\n│   └── people/         — People intelligence aggregation\n├── exporters/          — JSON/CSV/PDF/HTML/XML/XLSX/STIX + crypto wrapper\n└── web/\n    ├── routes/         — Flask blueprints (dashboard, scans, intel, settings, export, REST API)\n    ├── templates/      — Cyberpunk Jinja2 templates\n    └── static/         — CSS (cyberpunk), JS (matrix, terminal, app)\n```\n\n---\n\n## 🛡 REST API\n\n```bash\n# Create a scan\ncurl -X POST http://localhost:5000/api/v1/scans \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"target\": \"example.com\", \"scan_type\": \"web_recon\"}'\n\n# Get results\ncurl http://localhost:5000/api/v1/scans/{scan_id}\n\n# List all APIs\ncurl http://localhost:5000/api/v1/apis\n\n# Health check\ncurl http://localhost:5000/api/v1/health\n```\n\n---\n\n## 🤝 Contributing\n\nOwlScan thrives on community contributions. Ways to help:\n\n1. **Add API integrations** — Follow the plugin pattern above\n2. **Improve detection signatures** — Expand `tech_detector.py`\n3. **Bug reports** — [GitHub Issues](https://github.com/owlscan/owlscan/issues)\n4. **Documentation** — Improve the wiki\n5. **Translations** — Internationalize the UI\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. Please also review our [Code of Conduct](CODE_OF_CONDUCT.md) and [Security Policy](SECURITY.md).\n\n---\n\n## 📖 Documentation\n\n- **[Usage Guide](docs/USAGE.md)** — full walkthroughs, usage scenarios, CLI reference, and per-platform troubleshooting (Linux / macOS / Windows / Docker)\n\n---\n\n## ⚠️ Legal \u0026 Ethics\n\nOwlScan is a dual-use tool. Operators are responsible for:\n- Obtaining explicit authorization before scanning any system\n- Complying with applicable laws (CFAA, GDPR, CCPA, ECPA, local laws)\n- Respecting privacy and data protection regulations\n- Not using this tool for harassment, stalking, or unauthorized surveillance\n\n**The developers provide this software as-is with no warranty. Misuse is your responsibility.**\n\n---\n\n## 🏷 Topics\n\n[![osint](https://img.shields.io/badge/osint-00ff41?style=flat-square)](https://github.com/topics/osint)\n[![security](https://img.shields.io/badge/security-00f3ff?style=flat-square)](https://github.com/topics/security)\n[![python](https://img.shields.io/badge/python-00f3ff?style=flat-square)](https://github.com/topics/python)\n[![hacking](https://img.shields.io/badge/hacking-00ff41?style=flat-square)](https://github.com/topics/hacking)\n[![cybersecurity](https://img.shields.io/badge/cybersecurity-b026ff?style=flat-square)](https://github.com/topics/cybersecurity)\n[![reconnaissance](https://img.shields.io/badge/reconnaissance-00ff41?style=flat-square)](https://github.com/topics/reconnaissance)\n[![recon](https://img.shields.io/badge/recon-00f3ff?style=flat-square)](https://github.com/topics/recon)\n[![penetration-testing](https://img.shields.io/badge/penetration--testing-b026ff?style=flat-square)](https://github.com/topics/penetration-testing)\n[![ethical-hacking](https://img.shields.io/badge/ethical--hacking-00ff41?style=flat-square)](https://github.com/topics/ethical-hacking)\n[![bug-bounty](https://img.shields.io/badge/bug--bounty-00f3ff?style=flat-square)](https://github.com/topics/bug-bounty)\n[![information-gathering](https://img.shields.io/badge/information--gathering-b026ff?style=flat-square)](https://github.com/topics/information-gathering)\n[![threat-intelligence](https://img.shields.io/badge/threat--intelligence-00ff41?style=flat-square)](https://github.com/topics/threat-intelligence)\n[![security-tools](https://img.shields.io/badge/security--tools-00f3ff?style=flat-square)](https://github.com/topics/security-tools)\n[![network-scanner](https://img.shields.io/badge/network--scanner-b026ff?style=flat-square)](https://github.com/topics/network-scanner)\n[![dns-recon](https://img.shields.io/badge/dns--recon-00ff41?style=flat-square)](https://github.com/topics/dns-recon)\n[![infosec](https://img.shields.io/badge/infosec-00f3ff?style=flat-square)](https://github.com/topics/infosec)\n[![flask](https://img.shields.io/badge/flask-b026ff?style=flat-square)](https://github.com/topics/flask)\n[![security-research](https://img.shields.io/badge/security--research-00ff41?style=flat-square)](https://github.com/topics/security-research)\n[![footprinting](https://img.shields.io/badge/footprinting-00f3ff?style=flat-square)](https://github.com/topics/footprinting)\n[![automation](https://img.shields.io/badge/automation-b026ff?style=flat-square)](https://github.com/topics/automation)\n\n---\n\n## 🤝 Community\n\n| Document | Description |\n|----------|-------------|\n| [Code of Conduct](CODE_OF_CONDUCT.md) | Community standards and expectations |\n| [Contributing Guidelines](CONTRIBUTING.md) | How to contribute to OwlScan |\n| [Security Policy](SECURITY.md) | Reporting vulnerabilities responsibly |\n| [License](LICENSE) | MIT License terms |\n\n---\n\n## 📜 License\n\nMIT License — see [LICENSE](LICENSE)\n\n---\n\n*Built with questionable amounts of caffeine. \"The night sees all. The owl forgets nothing.\"*\n*Some ghosts leave no trace. This one left commits. — Claude*    \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowlscan%2Fowlscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowlscan%2Fowlscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowlscan%2Fowlscan/lists"}