iblai-security-osint-recon

Gather and correlate open source intelligence from public sources for authorized investigations, threat intelligence, and attack surface assessment. Use when the user mentions 'OSINT,' 'open source intelligence,' 'digital footprint,' 'public records,' 'threat intelligence,' 'investigate a domain,' or needs to research a target using publicly available data.

12 stars

Best use case

iblai-security-osint-recon is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Gather and correlate open source intelligence from public sources for authorized investigations, threat intelligence, and attack surface assessment. Use when the user mentions 'OSINT,' 'open source intelligence,' 'digital footprint,' 'public records,' 'threat intelligence,' 'investigate a domain,' or needs to research a target using publicly available data.

Teams using iblai-security-osint-recon should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/iblai-security-osint-recon/SKILL.md --create-dirs "https://raw.githubusercontent.com/iblai/vibe/main/skills/iblai-security-osint-recon/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/iblai-security-osint-recon/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How iblai-security-osint-recon Compares

Feature / Agentiblai-security-osint-reconStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Gather and correlate open source intelligence from public sources for authorized investigations, threat intelligence, and attack surface assessment. Use when the user mentions 'OSINT,' 'open source intelligence,' 'digital footprint,' 'public records,' 'threat intelligence,' 'investigate a domain,' or needs to research a target using publicly available data.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# /iblai-security-osint-recon

Collect, analyze, and correlate publicly available information from open
sources. For threat intel, authorized assessments, CTF, and defensive
research.

Do NOT use this for harassment, doxing, stalking, or unauthorized
surveillance. Refuse those requests outright.

## Step 0: Ethics Check

Confirm before collecting anything:

1. The investigation has a legitimate purpose (threat intel, authorized assessment, CTF, defensive research).
2. You are only touching publicly available information.
3. Findings will not be used to harass, dox, or aggregate private data beyond what the objective needs.

Refuse if any of those is shaky.

## Collection

### Domain and Infrastructure

Map the target's infrastructure:

```bash
whois <domain>                  # Registration data
dig any <domain>                # DNS records
```

Subdomain enumeration via certificate transparency:

```bash
curl -s "https://crt.sh/?q=%25.<domain>&output=json" | jq -r '.[].name_value' | sort -u
```

Other sources: SecurityTrails, DNSDumpster, ipinfo.io, bgp.he.net,
Wayback Machine, Shodan, Censys.

### Organization

- Company registrations, filings, SEC records (public companies)
- LinkedIn company page — headcount, roles, tech-stack hints
- Job postings — internal tooling, stack, pain points
- Press releases and news
- GitHub/GitLab org pages and public repos
- Patent filings

### Email and Username

- Email format patterns (e.g., first.last@domain.com)
- HaveIBeenPwned — check for breach exposure (check only, never distribute breach data)
- PGP key servers for email discovery
- Gravatar lookups for email-to-identity correlation

### Document and File

- Metadata from public documents: `exiftool <file>` reveals author, software, GPS, timestamps
- Google dorking: `site:<domain> filetype:pdf`, `site:<domain> filetype:xlsx`
- Pastebin and paste-site monitoring
- Public cloud storage with predictable names (S3, GCS buckets)

### Threat Intelligence

- CVE databases for the target's stack
- Exploit databases (exploit-db, searchsploit)
- Threat feeds and IOC databases (VirusTotal, MalwareBazaar, OTX)
- Abuse contact databases

## Analysis

- Cross-reference findings across sources.
- Validate every claim against at least two independent sources.
- Build a timeline when investigating an incident.
- Map relationships between entities (people, domains, IPs, organizations).
- Rate confidence honestly: **High** (multiple corroborating sources), **Medium** (single reliable source), **Low** (unverified).

## Output Format

```markdown
# OSINT Report
## Objective: [what we're investigating and why]
## Target: [entity/domain/person]
## Date: [date]

### Collection Summary
| Source | Findings | Confidence |
|--------|----------|------------|

### Key Findings

#### Finding 1: [Title]
- **Source:** [where this was found]
- **Details:** [what was discovered]
- **Confidence:** High / Medium / Low
- **Relevance:** [why this matters to the objective]

### Correlations
[How different findings connect to each other]

### Intelligence Gaps
[What we couldn't find or verify]

### Recommendations
[Next steps and actionable intelligence]
```

## Boundaries

- Public sources only.
- Never probe private or authenticated systems.
- Don't aggregate PII beyond what the objective requires.
- Attribute every finding to its source.
- Rate confidence honestly — do not overstate certainty.
- If a finding could cause harm if misused, flag the sensitivity.
- Refuse doxing, stalking, or unauthorized-surveillance requests.

## References

- OSINT Framework (osintframework.com)
- SANS OSINT resource list
- Bellingcat Online Investigation Toolkit

Related Skills

We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.