npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

osintkit

v0.2.1

Published

OSINT CLI for personal digital footprint analysis

Downloads

107

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

codechocodecho

Keywords

osintsecurityprivacyclirecon

Readme

osintkit

OSINT CLI for personal digital footprint analysis. Input an email, phone, username, or name — get a risk-scored report saved locally as JSON, HTML, and Markdown.

MIT licensed. No server. Everything stays on your machine.

📖 Full documentation: docs.codecho.de/osintkit

Installation

npm install -g osintkit

This automatically installs all Python dependencies via the postinstall script. Just run osintkit new when it's done.

Requirements: Python 3.10+, Node.js 16+

Quick Start

osintkit setup      # Configure API keys (optional, all have free tiers)
osintkit scan [email protected]  # Scan directly — no profile needed
osintkit new        # Create a profile and run a scan
osintkit list       # View all profiles
osintkit refresh    # Re-run scan on a profile
osintkit open       # View profile details + open latest report

Commands

| Command | Alias | Description | |---------|-------|-------------| | osintkit scan [target] | sc | Scan directly — no profile needed | | osintkit new | n | Create a new profile and run a scan | | osintkit list | ls | List all profiles with last risk score | | osintkit refresh [id] | r | Re-run scan for a profile | | osintkit open [id] | o | Show profile details and open latest report | | osintkit export [id] | exp | Export as JSON or Markdown | | osintkit setup | s | Configure API keys interactively | | osintkit config set-key <key> <value> | cfg set-key | Update a single API key | | osintkit config show | cfg show | Show which keys are set (values hidden) | | osintkit tag [id] | — | Add, remove, or list tags on a profile | | osintkit delete [id] | rm | Delete a profile | | osintkit update | up | Check for and install a newer version | | osintkit bug | — | Report a bug (opens GitHub issue pre-filled) | | osintkit version | v | Show version |

What It Checks

Stage 1 — No API keys needed

| Module | Input | What it does | |--------|-------|-------------| | Maigret | username | 3000+ site username search | | Sherlock | username | 400+ site username search | | Holehe | email | 120+ platform email registration check | | HIBP k-anonymity | email | Password breach check (no key needed) | | Gravatar | email | Profile existence + avatar | | theHarvester | email/domain | Web presence, subdomains | | crt.sh | email/domain | Certificate transparency logs | | Wayback CDX | email | Historical web appearances | | Shodan InternetDB | email/domain | Open ports + CVEs (no key) | | ThreatFox | email domain | Malware C2 / IOC check (no key) | | libphonenumber | phone | Carrier, region, line type (offline) | | Paste search | email | Paste site appearances | | Data brokers | name/email | Public broker listing scan | | Dark web | email | Ahmia / public dark web index | | Breach lookup | email | BreachDirectory | | emailrep.io | email | Email reputation, spam, disposable check | | WHOIS | email domain | Domain registration info | | urlscan.io | email domain | Domain scan history & malicious verdicts | | GitHub | username | Public profile (no key needed) |

Stage 2 — Optional free API keys

| Service | Key name | Input | Free tier | Get key | |---------|----------|-------|-----------|---------| | VirusTotal | virustotal | email domain | 500/day | virustotal.com | | OTX AlienVault | otx | email domain | Unlimited | otx.alienvault.com | | AbuseIPDB | abuseipdb | email domain | 1,000/day | abuseipdb.com | | GreyNoise | greynoise | email domain | 50/week | greynoise.io | | IntelligenceX | intelligencex | email/username | 50/day | intelx.io | | Netlas | netlas | email domain | 50/day | netlas.io | | Pulsedive | pulsedive | email domain | 10/day | pulsedive.com | | SecurityTrails | securitytrails | domain | see site | securitytrails.com | | Hunter.io | hunter | email | 25/month | hunter.io | | NumVerify | numverify | phone | 100/month | numverify.com |

Stage 2 modules only run when a key is configured. Rate-limited modules show yellow, not red — the scan always completes.

Output

Each scan creates a folder at ~/osint-results/<target>_<date>/ containing:

  • report.html — rendered report with risk score and findings
  • findings.json — full structured data
  • findings.md — markdown summary

Risk score 0–100 accounts for: breach exposure, social footprint, data broker listings, dark web/paste appearances, domain reputation (VirusTotal), IP abuse score (AbuseIPDB), email reputation flags, and threat intelligence pulse count (OTX).

API Keys (All Optional)

Keys are stored in ~/.osintkit/config.yaml (permissions: 600, never readable by other users).

osintkit config set-key virustotal YOUR_KEY
osintkit config set-key otx        YOUR_KEY
osintkit config set-key abuseipdb  YOUR_KEY
osintkit config show                           # see which keys are set
osintkit setup                                 # interactive wizard

Full API key guide: docs.codecho.de/osintkit/api-keys.html

Optional Tools

These tools run automatically if installed; modules gracefully show "not installed" if missing.

pip install maigret holehe sherlock-project theHarvester python-whois

Run from Source

git clone https://github.com/diesesschnitzel/osintkit.git
cd osintkit
pip install -r requirements.txt -r requirements-tools.txt
PYTHONPATH=. python3 -m osintkit.cli new

Ethics

Only use osintkit on targets you have explicit permission to investigate. GDPR applies to EU subjects. A disclaimer is shown before every scan.

Support & Bug Reports

License

MIT