The most comprehensive, accessible, and powerful OSINT skill for AI agents.
Investigate people, domains, and organizations using only publicly available information.

🚀 Quick Start • ✨ Features • 📚 Commands • 📖 Docs • 🎯 Examples

---

🌟 What Makes This Special

👴 Senior-Friendly	🎓 Beginner-Approved	💼 Professional-Grade
Your 65-year-old dad can use it	Step-by-step wizards guide you	40+ commands, risk scoring, reports

🎯 Three Ways to Investigate

# 🟢 THE EASY BUTTON - Run everything automatically
/full example.com

# 🟡 GUIDED MODE - Step-by-step wizard
/wizard person

# 🔵 POWER MODE - Granular control
/recon target → /pivot data → /risk-assessment

---

🚀 Quick Start

Installation

# Clone or download

# Extract to your AI agent's skills directory

# Start investigating immediately - no API keys needed!

Your First Investigation

# 🔥 The fastest way - everything at once
/full example.com

# 🎓 The easiest way - guided wizard
/wizard person

# 📊 Get a simple, easy-to-understand report
/simple-report

---

✨ Features

🏗️ Core Infrastructure

Feature	Description	Command
💾 Session Management	Save/load investigations	/save, /load, /list-saves
🔗 Entity Tracking	Versioned entities with relationships	Automatic
📋 Evidence Chains	Track how you know what you know	Automatic
⚠️ Contradiction Detection	Auto-flag conflicting info	Automatic

🧠 Intelligence Engine

Feature	Description	Command
🔍 Pattern Recognition	Detect username obfuscation, temp emails	Automatic
🎯 Auto-Correlation	Smart pivot suggestions	/pivot
📊 Risk Scoring	1-100 automated risk assessment	/risk-assessment
🕐 Historical Analysis	Archive.org integration	/history

📊 Visualization & Reports

Feature	Description	Command
🎨 ASCII Graphics	Entity graphs, timelines, heatmaps	/visualize
📱 Dashboard	Real-time investigation overview	/dashboard
📄 7 Report Formats	Executive, Technical, Simple, Legal, etc.	/report
💾 Multi-Format Export	JSON, CSV, IOC, GraphML	/report json

🔧 Specialized Modules

Module	Capabilities	Command
📄 Document Intel	EXIF, PDF metadata, redaction check	/analyze-doc
🌍 Geolocation	GPS extraction, timezone analysis	Location detection
🔐 Breach Intel	HaveIBeenPwned, paste site monitoring	/breach-check
🕸️ Network Analysis	Social graphs, connection mapping	/visualize network
📧 Email Forensics	Header analysis, SPF/DKIM check	/analyze-email

🎯 UX & Accessibility

Feature	Description	Command
🎚️ Progressive Disclosure	Beginner/Intermediate/Expert modes	/mode
📋 Templates	Due diligence, background check, security audit	/template
🧙 Wizards	Step-by-step guided workflows	/wizard
📖 Glossary	100+ OSINT terms explained	/glossary
♿ Senior-Friendly	Large text, patient explanations	/accessibility

✅ Quality Assurance

Feature	Description	Command
🔍 Coverage Analysis	What you haven't checked yet	/coverage
🎯 Gap Detection	Missing investigation vectors	/gaps
✅ Source Verification	Check if sources are still valid	/verify-sources
📊 QA Scoring	Investigation quality metrics	/qa-check

---

📚 Command Reference

🎯 Core Investigation

/full [target]        # 🚀 Run EVERYTHING automatically
/recon [target]       # Full reconnaissance pass
/dork [domain]        # Security analysis with Google dorks
/pivot [data]         # Follow a lead (email, username, phone)
/timeline [subject]   # Build chronological history

📊 Reporting

/report               # Technical intelligence summary
/simple-report        # Plain-language (8th grade level)
/report brief         # One-page executive brief
/report json          # JSON export
/report csv           # CSV export
/report legal         # Evidence-focused format
/report journalist    # Source-citation heavy

🧠 Intelligence & Analysis

/risk-assessment      # Generate risk profile (1-100)
/risk-trend          # Show risk changes over time
/history [url]       # View historical snapshots
/what-changed [url]  # Compare versions
/breach-check [email]# Check breach databases
/leak-search [term]  # Search paste sites

📈 Visualization

/visualize entities   # ASCII relationship graph
/visualize timeline   # Gantt-style timeline
/visualize risk      # Risk heatmap
/visualize network   # Connection topology
/dashboard           # Interactive overview
/stats               # Investigation statistics

🔍 Specialized Analysis

/analyze-doc         # Document metadata analysis
/compare-docs [f1] [f2]  # Find differences
/redaction-check [pdf]   # Verify redactions
/analyze-email       # Email header analysis

💾 Session Management

/save [name]         # Save investigation
/load [name]         # Load investigation
/list-saves          # Show saved investigations
/compare [s1] [s2]   # Compare sessions
/status              # Check operation status
/cancel              # Stop current operation

🎓 UX & Accessibility

/mode beginner|expert     # Set complexity level
/template list|run|create # Investigation templates
/wizard photo|domain|person # Guided workflows
/tutorial                 # First-time guide
/glossary                 # Term definitions
/accessibility            # Accessibility options
/explain [finding]        # Explain specific finding

✅ Quality Assurance

/qa-check            # Quality assurance scoring
/coverage            # Show investigation coverage
/gaps                # Identify missing areas
/verify-sources      # Check source validity

---

📖 Documentation

70+ files • 15,000+ lines • Complete coverage

📚 Essential Reading

📄 Document	📝 Description	👤 For
docs/OSINT-BEGINNER-GUIDE.md	Step-by-step tutorial	🟢 Beginners
docs/OSINT-v2.0-RELEASE-NOTES.md	What's new in v2.0	🔵 Everyone
SKILL.md	Complete command reference	🔵 Everyone
docs/advanced-user-guide.md	Power user workflows	🔴 Experts
docs/troubleshooting.md	FAQ & solutions	🟢 Beginners

🗂️ By Category

🏗️ Core Systems

• core/entity-schema.json - Entity data structure
• core/entity-manager.md - Entity management guide
• core/state-manager.md - Session persistence
• core/evidence-system.md - Evidence tracking
• core/contradiction-detection.md - Conflict detection

🧠 Intelligence Engine

• intelligence/pattern-library.md - Pattern definitions
• intelligence/anomaly-detector.md - Anomaly detection
• intelligence/risk-framework.md - Risk assessment
• intelligence/scoring-algorithm.md - Scoring formulas
• intelligence/correlation-engine.md - Auto-correlation

📊 Visualization & Reports

• visualization/ascii-engine.md - ASCII graphics
• visualization/dashboard.md - Dashboard design
• reports/template-library.md - Report templates
• reports/export-formats.md - Export specifications
• reports/citation-styles.md - Academic citations

🔧 Specialized Modules

• modules/document-intel.md - Document forensics
• modules/breach-intel.md - Breach detection
• modules/geolocation.md - Location analysis
• modules/email-forensics.md - Email analysis
• modules/network-analysis.md - Social graphs

🎯 UX & Accessibility

• ux/complexity-levels.md - Mode specifications
• ux/templates/library.md - Investigation templates
• ux/wizards/person-investigation.md - Guided workflows
• ux/accessibility/glossary.md - 100+ term definitions
• ux/accessibility/senior-friendly.md - Senior features

👔 Professional Playbooks

• playbooks/journalist-source-verification.md - For journalists
• playbooks/hr-background-check.md - For HR professionals
• playbooks/cyber-threat-intel.md - For security analysts
• playbooks/private-investigator.md - For PIs

---

🎯 Examples

Example 1: Quick Investigation (2 minutes)

# Investigate a domain automatically
/full example.com

# Results:
# - Risk score: 65/100
# - 12 entities discovered
# - 2 reports generated (technical + simple)
# - Investigation saved

Example 2: Person Investigation (5 minutes)

# Use the guided wizard
/wizard person

# Or step-by-step:
/recon "John Smith"
/pivot "johnsmith123"
/pivot "[email protected]"
/timeline "John Smith"
/risk-assessment
/simple-report

Example 3: Security Audit (10 minutes)

# Run security audit template
/template run security-audit

# Or manual:
/dork example.com
/visualize risk
/qa-check
/report brief

Example 4: For Your 65-Year-Old Dad

# Switch to beginner mode
/mode beginner

# Use the wizard
/wizard person

# Look up any confusing terms
/glossary

# Get simple results
/simple-report

---

📊 Confidence & Risk System

Confidence Ratings

Icon	Level	Meaning	Trust Level
🟢	HIGH	Verified from authoritative source	✅ Verified
🟡	MEDIUM	Multiple sources agree	✅ Likely true
🔴	LOW	Single source, unverified	⚠️ Needs verification
⚪	SPECULATIVE	Analyst inference	❌ Don't act on alone

Risk Scoring

Score	Level	Action Required
0-25	🟢 LOW	Monitor only
26-50	🟡 MODERATE	Review recommended
51-75	🟠 HIGH	Address within 30 days
76-100	🔴 CRITICAL	Immediate action required

---

✅ Success Metrics

Built for everyone. Professional-grade power.

👴 Accessibility 65+ user completes investigation in < 10 minutes	✅ Achieved
💼 Professional Depth Full due diligence in < 30 min	✅ Achieved
🌍 Universal Compatibility Works on Claude, ChatGPT, all AI CLIs	✅ Achieved
📚 Documentation 15,000+ lines of docs	✅ Achieved
🔌 100% API-Free Web search only, no keys needed	✅ Achieved

---

⚖️ Ethics & Legal

✅ Appropriate Use

• 👨‍💼 Journalists investigating public figures
• 🔒 Security researchers auditing infrastructure
• 👤 Individuals checking their digital footprint
• 🏢 Due diligence research on businesses
• 🎓 Academic and educational purposes

❌ Prohibited Use

• 🚫 Harassment, stalking, or doxing
• 🚫 Unauthorized access to private accounts
• 🚫 Social engineering attacks
• 🚫 Any illegal activities

Remember: With great search power comes great responsibility.

---

🤝 Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

Priority Areas:

• 🆕 New dork patterns for emerging platforms
• 🌍 Additional language translations
• 📋 More specialized playbooks
• 🧠 Community pattern contributions

---

📜 License

MIT License - See LICENSE file for details.

---

🆘 Support

📖 Beginner's Guide • 📋 Release Notes • 🔧 Troubleshooting • 🐛 Open an Issue

---

Ready to investigate anything, anywhere, accessible to everyone.
Built with ❤️ for the OSINT community.

⬆️ Back to Top