OSINT-with-LLM
POC : OSINT with LLM
This repository demonstrates domain, IP, and email reconnaissance with LLM-powered security reporting..
Overview
The project is divided into two main components:
- Recon Modules
- LLM Analysis and reporting
Recon Modules
Purpose
Gathering information about an ip, domain or email
Approach
- Domain OSINT:
-
WHOIS Lookup
-
Shodan Info Gathering
-
SSL Certificate Validation
-
VirusTotal “malicious/clean” status
-
- IP Recon:
- AbuseIPDB score & classification
- Email Recon:
- Breach/exposure lookup
LLM Analysis and reporting
-
Converts technical OSINT into human-readable summaries
-
Extracts key findings & risk insights
-
Generates reports
Required API keys for OSINT modules
- VT_API_KEY=your_virustotal_api_key
- ABUSEIPDB_KEY=your_abuseipdb_api_key
- SHODAN_KEY=your_shodan_api_key
Usage
Install dependencies
pip3 install -r requirements.txt
Demo
python3 main.py
When finished:
-
OSINT recon runs
-
LLM analyzes results
-
A report is saved in /reports/
Demo with domain
Demo with ip
Demo with email
Notes
- The scripts are designed to be run locally, in a Python 3.13+ environment with the listed dependencies.
- Install Ollama on your machine and add the MISTRAL model.
- This poc is only for education purpose.