A OSINT and infrastructure analysis tool leveraging multiple APIs to gather intelligence about domains, certificates, and web assets.
- Infrastructure Analysis (DNS, WHOIS, Reverse DNS)
- SSL/TLS Certificate Intelligence
- Favicon Hash Analysis
- Web Asset Analysis via URLScan.io
- Network Reconnaissance via Shodan
- Python 3.8+
- Required API keys:
- OpenAI API key
- Shodan API key
- URLScan.io API key
- Clone the repository:
git clone https://github.com/Mar8x/cybersleuth.git
cd cybersleuth- Install dependencies:
pip install openai shodan requests beautifulsoup4 mmh3 python-whois dnspython prompt_toolkit- Set up environment variables:
export OPENAI_API_KEY='your-openai-key'
export SHODAN_API_KEY='your-shodan-key'
export URLSCAN_API_KEY='your-urlscan-key'Run the tool:
python cybersleuth.pyExample commands:
Analyze certificates for domain.comFind subdomains from certificates for domain.comCheck recent certificate activity for domain.comReview certificate authorities for domain.com
Type 'exit' to quit the program.
cybersleuth.py: Main entry point and CLI interfaceagent.py: OpenAI GPT integration and command processingtools.py: Core OSINT and analysis functions
┌─────────────────────────────────────────────────────────────────┐
│ YOUR LOCAL MACHINE │
│ ┌─────────────┐ ┌──────────────┐ ┌────────────────────┐ │
│ │ │ │ CyberSleuth │ │ Environment Vars │ │
│ │ User Input ├───►│ (Main App) │◄───┤ API Keys (.env) │ │
│ │ │ │ │ │ - OpenAI │ │
│ └─────────────┘ └──────┬───────┘ │ - Shodan │ │
│ │ │ - URLScan │ │
│ ▼ └────────────────────┘ │
│ ┌────────────────────────┐ │
│ │ Agent (OpenAI GPT) │ │
│ └────────────┬───────────┘ │
│ │ │
│ ┌──────────────────────┐ │ ┌───────────────────────┐ │
│ │ Tools Module │ │ │ Security Features │ │
│ │ - Certificate Info │◄ ┘ │ │ │
│ │ - WHOIS │ │ - Rate Limiting TBD │ │
│ │ - DNS Records │ │ - Error Handling │ │
│ │ - Favicon Analysis │ │ - Input Validation TBD│ │
│ └─────────┬────────────┘ └───────────────────────┘ │
└────────────┼────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────┐ ┌──────────────────┐
│ External APIs (HTTPS) │ │ Security Notes │
│ - crt.sh │ │ - API Rate Limits│
│ - Shodan │ │ - IP Tracking │
│ - URLScan.io │ │ - Query Logging │
│ - WHOIS Servers │ │ - Data Retention │
└─────────────────────────┘ └──────────────────┘
This tool uses the following services:
- Certificate data: crt.sh (Certificate Transparency logs)
- Network intelligence: Shodan (https://shodan.io)
- URL scanning: URLScan.io (https://urlscan.io)
- DNS information: Public DNS services
- WHOIS data: Public WHOIS servers
- Store API keys in environment variables or
.envfile - Use separate API keys for development and production
- Rotate API keys regularly
- Never commit API keys to version control
- Follow your organization's data handling policies
- Use OpenAI organization ID and project-specific API keys
- Consider data privacy implications when sending queries
- Review OpenAI's data usage policies: https://openai.com/policies/api-data-usage-policies
-
Query Tracking:
- All external API queries may be logged
- Services track IP addresses and usage patterns
- Favicon search will be done from cybersleuth's IP.
- Consider using approved proxies for sensitive research for example with proxychains
-
Data Handling:
- No persistent storage of results - only commands
- Memory-only operation - verify with your openAI project settings
- Sanitized error messages
- Follow your organization's data retention policies
-
Rate Limiting:
- Respect API rate limits
- Implement backoff strategies
- Monitor usage patterns
- Obtain necessary approvals before deployment
- Review your company's:
- Data handling policies
- API usage guidelines
- Security requirements
- Privacy impact assessments
- Third-party service policies