Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/netevert/pockint
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
https://github.com/netevert/pockint
dfir incident-response incident-response-tooling infosec infosec-19 osint osint-professionals osint-python osinttool portable python python3 tkinter-gui tkinter-python
Last synced: 6 days ago
JSON representation
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
- Host: GitHub
- URL: https://github.com/netevert/pockint
- Owner: netevert
- License: mit
- Created: 2019-04-10T17:09:17.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2023-10-18T02:04:12.000Z (over 1 year ago)
- Last Synced: 2025-01-14T14:09:48.696Z (13 days ago)
- Topics: dfir, incident-response, incident-response-tooling, infosec, infosec-19, osint, osint-professionals, osint-python, osinttool, portable, python, python3, tkinter-gui, tkinter-python
- Language: Python
- Homepage:
- Size: 2.42 MB
- Stars: 261
- Watchers: 11
- Forks: 45
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-rainmana - netevert/pockint - A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️ (Python)
- awesome-starz - netevert/pockint - A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️ (Python)
README
=======
[](https://www.python.org)
[](https://github.com/netevert/pockint/releases)
[](https://twitter.com/netevert)
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. A lightweight and portable GUI program, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner.
## Installation
You can grab the latest version from the [releases page](https://github.com/netevert/pockint/releases/latest). POCKINT is provided as a single executable that can be stored and run anywhere on computers. POCKINT is available for Windows only.
## Features
Why use it? POCKINT is designed to be **simple, portable and powerful**.
:star: **Simple**: There's plenty of awesome OSINT tools out there. Trouble is they either require analysts to be reasonably comfortable with the command line (think [pOSINT](https://github.com/ecstatic-nobel/pOSINT)) or give you way too many features (think [Maltego](https://www.paterva.com/web7/)). POCKINT focuses on simplicity: _INPUT_ > _RUN TRANSFORM_ > _OUTPUT_ ... rinse and repeat. It's the ideal tool to get results quickly and easily through a simple interface.
:package: **Portable**: Most tools either require installation, a license or configuration. POCKINT is ready to go whenever and wherever. Put it in your jump kit USB, investigation VM or laptop and it will just run.
:rocket: **Powerful**: POCKINT combines cheap OSINT sources (whois/DNS) with the power of specialised [APIs](https://www.theguardian.com/media/pda/2007/dec/14/thenutshellabeginnersguide). From the get go you can use a suite of in-built transforms. Add in a couple of API keys and you can unlock even more specialised data mining capabilities.
The latest version is capable of running the following data mining tasks:
Hostnames
|Source |Transform |API key needed? |
| ----------------------------------------- | ---------------------- | ---------------- |
| DNS | IP lookup |:x: |
| DNS | MX lookup |:x: |
| DNS | NS lookup |:x: |
| DNS | TXT lookup |:x: |
| WHOIS | Domain dnssec status |:x: |
| WHOIS | Domain creation |:x: |
| WHOIS | Domain expiration |:x: |
| WHOIS | Domain emails |:x: |
| WHOIS | Domain registrar |:x: |
| WHOIS | Registrant location |:x: |
| WHOIS | Registrant org |:x: |
| WHOIS | Registrant name |:x: |
| WHOIS | Registrant address |:x: |
| WHOIS | Registrant zipcode |:x: |
| [crt.sh](https://crt.sh/) | Subdomains |:x: |
| [Virustotal](https://www.virustotal.com) | Downloaded samples |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Detected URLs |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Subdomains |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Passive DNS |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | malicious check |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Malware type |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Malware hash |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Observed urls |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Geolocate |:heavy_check_mark:|
IP Adresses
**Note:** Only IPv4 Addresses are supported
|Source |Transform |API key needed? |
| ----------------------------------------- | -------------------- | ---------------- |
| DNS | Reverse lookup |:x: |
| [Shodan](https://www.shodan.io/) | Ports |:heavy_check_mark:|
| [Shodan](https://www.shodan.io/) | Geolocate |:heavy_check_mark:|
| [Shodan](https://www.shodan.io/) | Coordinates |:heavy_check_mark:|
| [Shodan](https://www.shodan.io/) | CVEs |:heavy_check_mark:|
| [Shodan](https://www.shodan.io/) | ISP |:heavy_check_mark:|
| [Shodan](https://www.shodan.io/) | City |:heavy_check_mark:|
| [Shodan](https://www.shodan.io/) | ASN |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Network report |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Communicating samples|:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Downloaded samples |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Detected URLs |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Passive DNS |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Malicious check |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Malware type |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Malware hash |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Observed urls |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Geolocate |:heavy_check_mark:|
Urls
|Source |Transform |API key needed? |
| ----------------------------------------- | ------------------------- | ---------------- |
| DNS | Extract hostname |:x: |
| [Virustotal](https://www.virustotal.com) | Malicious check |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Reported detections |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Geolocate |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Parse url |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | malicious check |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Http response analysis |:heavy_check_mark:|
Hashes
**Note:** Both MD5 and SHA256 hashes are supported
|Source |Transform |API key needed? |
| ----------------------------------------- | -------------------- | ---------------- |
| [Virustotal](https://www.virustotal.com) | Malicious check |:heavy_check_mark:|
| [Virustotal](https://www.virustotal.com) | Malware type |:heavy_check_mark:|
| [OTX](https://otx.alienvault.com/) | Malicious check |:heavy_check_mark:|
Emails
|Source |Transform |API key needed? |
| --------- | -------------------- | ---------------- |
| N/A | Extract domain |:x: |
New APIs and input integrations are in the works, consult the [issues page](https://github.com/netevert/pockint/issues) to check out what's brewing or feel free to propose your own.
Like it?
=========
If you like the tool please consider [contributing](https://github.com/netevert/pockint/blob/master/CONTRIBUTING.md).
The tool received a few "honourable" mentions, including:
- [KitPloit](https://www.kitploit.com/2019/10/pockint-portable-osint-swiss-army-knife.html)
- [kalilinuxtutorials.com](https://kalilinuxtutorials.com/pockint-portable-osint-swiss-army-knife-dfir-osint/)
- [hacking.land](https://www.hacking.land/2019/10/pockint-portable-osint-swiss-army-knife.html)
- [awesomeopensource.com](https://awesomeopensource.com/project/netevert/pockint)
**Please note:** There have been a small number of reports indicating that pockint triggers false positives on antivirus protected systems (to date [Avast, AVG](https://github.com/netevert/pockint/issues/22) and [Norton](https://twitter.com/ChiefCovfefe/status/1204807996028657664)). The issue [seems to be caused by pyinstaller](https://stackoverflow.com/questions/43777106/program-made-with-pyinstaller-now-seen-as-a-trojan-horse-by-avg), the [python package](https://www.pyinstaller.org/) used to freeze and distribute pockint. If pockint triggers your antivirus please submit an issue and the author will submit a false positive report to the concerned antivirus provider.