Skip to content

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals πŸ•΅οΈ πŸ•΅οΈ πŸ•΅οΈ

License

Notifications You must be signed in to change notification settings

netevert/pockint

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Icon

made with python Supported platforms GitHub release GitHub All Releases Twitter Follow

POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. A lightweight and portable GUI program, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner.

demo

Installation

You can grab the latest version from the releases page. POCKINT is provided as a single executable that can be stored and run anywhere on computers. POCKINT is available for Windows only.

Features

Why use it? POCKINT is designed to be simple, portable and powerful.

⭐ Simple: There's plenty of awesome OSINT tools out there. Trouble is they either require analysts to be reasonably comfortable with the command line (think pOSINT) or give you way too many features (think Maltego). POCKINT focuses on simplicity: INPUT > RUN TRANSFORM > OUTPUT ... rinse and repeat. It's the ideal tool to get results quickly and easily through a simple interface.

πŸ“¦ Portable: Most tools either require installation, a license or configuration. POCKINT is ready to go whenever and wherever. Put it in your jump kit USB, investigation VM or laptop and it will just run.

πŸš€ Powerful: POCKINT combines cheap OSINT sources (whois/DNS) with the power of specialised APIs. From the get go you can use a suite of in-built transforms. Add in a couple of API keys and you can unlock even more specialised data mining capabilities.

The latest version is capable of running the following data mining tasks:

Hostnames

Source Transform API key needed?
DNS IP lookup ❌
DNS MX lookup ❌
DNS NS lookup ❌
DNS TXT lookup ❌
WHOIS Domain dnssec status ❌
WHOIS Domain creation ❌
WHOIS Domain expiration ❌
WHOIS Domain emails ❌
WHOIS Domain registrar ❌
WHOIS Registrant location ❌
WHOIS Registrant org ❌
WHOIS Registrant name ❌
WHOIS Registrant address ❌
WHOIS Registrant zipcode ❌
crt.sh Subdomains ❌
Virustotal Downloaded samples βœ”οΈ
Virustotal Detected URLs βœ”οΈ
Virustotal Subdomains βœ”οΈ
OTX Passive DNS βœ”οΈ
OTX malicious check βœ”οΈ
OTX Malware type βœ”οΈ
OTX Malware hash βœ”οΈ
OTX Observed urls βœ”οΈ
OTX Geolocate βœ”οΈ

IP Adresses

Note: Only IPv4 Addresses are supported

Source Transform API key needed?
DNS Reverse lookup ❌
Shodan Ports βœ”οΈ
Shodan Geolocate βœ”οΈ
Shodan Coordinates βœ”οΈ
Shodan CVEs βœ”οΈ
Shodan ISP βœ”οΈ
Shodan City βœ”οΈ
Shodan ASN βœ”οΈ
Virustotal Network report βœ”οΈ
Virustotal Communicating samples βœ”οΈ
Virustotal Downloaded samples βœ”οΈ
Virustotal Detected URLs βœ”οΈ
OTX Passive DNS βœ”οΈ
OTX Malicious check βœ”οΈ
OTX Malware type βœ”οΈ
OTX Malware hash βœ”οΈ
OTX Observed urls βœ”οΈ
OTX Geolocate βœ”οΈ

Urls

Source Transform API key needed?
DNS Extract hostname ❌
Virustotal Malicious check βœ”οΈ
Virustotal Reported detections βœ”οΈ
OTX Geolocate βœ”οΈ
OTX Parse url βœ”οΈ
OTX malicious check βœ”οΈ
OTX Http response analysis βœ”οΈ

Hashes

Note: Both MD5 and SHA256 hashes are supported

Source Transform API key needed?
Virustotal Malicious check βœ”οΈ
Virustotal Malware type βœ”οΈ
OTX Malicious check βœ”οΈ

Emails

Source Transform API key needed?
N/A Extract domain ❌

New APIs and input integrations are in the works, consult the issues page to check out what's brewing or feel free to propose your own.

Like it?

If you like the tool please consider contributing.

The tool received a few "honourable" mentions, including:

Please note: There have been a small number of reports indicating that pockint triggers false positives on antivirus protected systems (to date Avast, AVG and Norton). The issue seems to be caused by pyinstaller, the python package used to freeze and distribute pockint. If pockint triggers your antivirus please submit an issue and the author will submit a false positive report to the concerned antivirus provider.