Intel-One: passive reconnaissance command line tool


Conceived and developed a passive reconnaissance command line tool able to gather information from a variety of sources to link a target domain, company or individual to publicly available information. Reduced manual user interaction by engineering a highly customisable single input to multiple output solution.


Powerful searches in one click

Specifically, there exist 4 flags that perform everything:

  • -i for individuals
  • -d for domains
  • -c for companies
  • -e for emails
  • In addition, all of the above include social media and search engine search inclusive.

Constantly improving the user experience

  • A well-documented help menu explaining all the available options with examples.
  • Individual flags to perform all available features in isolation.

Targeting individuals

  • Real-time social media search matching the provided keyword in recent posts on everything that exists out there.
  • Specific social media search using Facebook, Linkedin, Twitter (including tweets and analytics for the provided user), Instagram, Pinterest, Youtube, Tumblr and Reddit.
  • Multiple people search engines from various countries using just a name or both a name and a location.
  • Get insights on lifetime Reddit user activity by providing a username.
  • Search engine search in google, duckduckgo, Baidu, Bing, qwant, clustering multi-search, excite search (newest posts) and fact bites (old posts).
  • Github and ‘nerdy data’ search to search keywords on the published source code.
  • Search about the email validity of any email and reverse email lookup.
  • Perform all of the above using just one flag.

Targeting companies

  • Same social media search as above when applicable.
  • Company search using multiple company search engines returning difficult to find and often confidential information about companies.
  • Annual reports, slideshows, PDFs and other insights.
  • Search for the company’s email format.
  • Search engine search in google, duckduckgo, Baidu and Bing.
  • Perform all of the above using just one flag.

Targeting domains

  • Whois lookup.
  • DNS lookup.
  • Web vulnerability scan.
  • View archived versions of a website since its day 1.
  • View robots.txt file including links not indexed by search engines.
  • Perform all of the above using just one flag.

Other features

  • search.
  • Perform search engine search and social media search alone very easy. These searches are included in the ‘ALL in One’ flags.


git clone




  • Includes functions able to target companies such as the Edgar search.
  • Includes functions to retrieve domain info such as whois lookup and a vulnerability scanner.
  • Includes search engines such as Google and people search engines such as pipl.
  • Includes non directly related to OSINT functionality such as shodan search.
  • Includes social media search and posts gathering in various ways.
  • Includes functions that help in all other classes.
  • The parent class from which the rest of the classes inherit contains functionality about query manipulation.


  • Clear, concise and extensive tests for each of the above class and function.
  • Include specific class tests, end to end and robustness testing.


  • Explains with a description and an example of each available function.


  • Contains the welcome screen of the tool.


  • The main thread of the program responsible for running it.

Copyright (c) 2017 Joseph Katsioloudes