Loading repository data…
Loading repository data…
ruyynn / repository
GhostIntel is a Python-based OSINT framework for digital investigation using public data such as username, email, domain, IP address, and phone number.
Zero API Keys • 100% Public Data • Made in Indonesia
| Section | Description |
|---|---|
| About GhostIntel | What is this tool? |
| Why v2.5? | Key advantages |
| What's New | v2.5 features |
| Quick Start | Installation & first scan |
| Web UI | Localhost dashboard |
| Phone OSINT | 8 countries supported |
| Email Breach | Leak alerts + risk score |
| Username OSINT | 129+ platforms |
| Domain OSINT | DNS + HTTP + tech stack |
| IP OSINT | Location + threat score |
| Reports | JSON, HTML, TXT, MD |
| Batch Processing | Multi-target scan |
| Screenshots | See it in action |
| Star History | Project growth |
| Disclaimer | Read before using |
GhostIntel is a robust and versatile OSINT (Open Source Intelligence) framework designed to empower cybersecurity enthusiasts, digital investigators, and ethical hackers. Built with Python and completely API-free, GhostIntel allows users to explore, analyze, and gather publicly available information about individuals, organizations, and digital assets quickly and efficiently.
The framework provides tools to investigate a wide range of data sources, including usernames, emails, phone numbers, domains, and IP addresses, making it an all-in-one solution for understanding online footprints, detecting exposure, and performing digital reconnaissance.
GhostIntel is designed with ease of use and efficiency in mind. Its Web UI makes navigation intuitive, while features like batch scanning and attachments support allow users to handle multiple targets and save results for further analysis. The framework is ideal for tasks such as:
By combining automation, flexibility, and accessibility, GhostIntel enables users to work quickly and efficiently, whether for personal research, professional cybersecurity projects, or educational purposes. It emphasizes transparency, security, and the ethical use of publicly available information, making it a reliable tool for anyone exploring the digital world.
In short, GhostIntel is more than just a toolkit — it's a complete framework for understanding and analyzing the online presence of individuals and organizations, empowering users to make informed decisions based on publicly accessible data.
How it works: Just type a target — username, email, phone, domain, or IP — and GhostIntel scans hundreds of public sources to find everything connected to it.
| # | Feature | What It Means |
|---|---|---|
| 1 | Zero API Keys | Use immediately — no signup, no payment, no hidden costs |
| 2 | Async & Fast | Parallel scanning, 10x faster than similar tools |
| 3 | Auto Detect | Paste anything, GhostIntel auto-detects the type |
| 4 | Web UI | Beautiful localhost dashboard (BRAND NEW in v2.5!) |
| 5 | 8 Countries | Phone OSINT: ID, US, GB, MY, IN, AU, SG, PH |
| 6 | 129+ Platforms | Username checking across 129+ sites simultaneously |
| 7 | Data Correlation | Links findings across all modules automatically |
| 8 | Breach Detection | Email leak alerts + risk score (0-100) |
| 9 | Batch Processing | Scan multiple targets from a single file |
| 10 | 4 Report Formats | JSON, HTML, TXT, Markdown |
Developed by Ruyynn — Made in Indonesia, for the global cybersecurity community.
GhostIntel stands out because it's built for real investigations — not just another wrapper around paid APIs.
ZERO API KEYS → No registration, no payments, just pure OSINT
ASYNC & FAST → 10x faster than other free tools
AUTO DETECT → Input anything, GhostIntel figures it out
WEB UI → Localhost dashboard with dark/light theme
8 COUNTRIES → Phone OSINT: ID/US/GB/MY/IN/AU/SG/PH
129+ PLATFORMS → Most comprehensive username checker
BREACH DETECTION → Email alerts with risk scoring
BATCH PROCESSING → Scan hundreds of targets at once
ROTATING USER-AGENT → 14+ UAs to avoid being blocked
This is a MAJOR upgrade from v2.0. Here's what's new:
| Feature | v2.0 | v2.5 | Impact |
|---|---|---|---|
| Web UI | No | Yes | Game changer! Full dashboard |
| Phone Countries | 5 | 8 | Added AU, SG, PH |
| Breach Detection | No | Yes | Email leak alerts + risk score |
| Batch Processing | No | Yes | Multi-target scanning |
| Markdown Reports | No | Yes | New report format |
| JSON Compression | No | Yes | Gzip support |
| Rotating User-Agent | No | Yes | 14+ UAs to avoid blocks |
| SSL/TLS Info | No | Yes | Certificate details |
| Risk Scoring | No | Yes | IP risk score (0-100) |
| Username Platforms | 100+ | 129+ | +29 more platforms |
v2.5 is the most complete version yet — with Web UI, breach detection, and 8 countries for phone OSINT!
# Clone the repository
git clone https://github.com/ruyynn/GhostIntel.git
cd GhostIntel
# Install dependencies
pip install -r requirements.txt
# Verify installation
python ghostintel.py -h
# Username investigation
python ghostintel.py -u ruyynn
# Email with breach detection
python ghostintel.py -e user@gmail.com --report
# Phone number (Indonesia)
python ghostintel.py -p 08123456789
# Domain recon with tech detection
python ghostintel.py -d example.com --deep
# IP geolocation + risk score
python ghostintel.py -i 8.8.8.8
# Launch Web UI (NEW!)
python ghostintel.py -web
The biggest feature in v2.5! GhostIntel now has a beautiful web interface.
python ghostintel.py -web
# Open http://localhost:7331 in your browser
| Feature | Description |
|---|---|
| Dark/Light Theme | Toggle themes, preference saved automatically |
| Scan History | Auto-saved, click to re-run any scan |
| Live Detection | Real-time entity type detection as you type |
| Visual Results | Card-based display with color-coded status |
| Clickable Links | Direct links to discovered profiles |
| Export Options | JSON/Markdown export directly from browser |
| Mobile Friendly | Responsive design, works on phone/tablet |
| Quick/Deep Mode | Toggle single or all-module scan |
The only Indonesian OSINT tool with multi-country phone lookup!
| Country | Code | Example Command | Providers |
|---|---|---|---|
| 🇮🇩 Indonesia | +62 | -p 08123456789 | Telkomsel, Indosat, XL, Three, Smartfren |
| 🇺🇸 USA | +1 | -p +12125551234 | AT&T, Verizon, T-Mobile |
| 🇬🇧 UK | +44 | -p +447700123456 | EE, O2, Vodafone, Three |
| 🇲🇾 Malaysia | +60 | -p +60123456789 | Maxis, Celcom, DiGi, U Mobile |
| 🇮🇳 India | +91 | -p +919876543210 | Airtel, Vi, Jio, BSNL |
| 🇦🇺 Australia | +61 | -p +61412345678 | Telstra, Optus, Vodafone |
| 🇸🇬 Singapore | +65 | -p +6581234567 | Singtel, StarHub, M1, SIMBA |
| 🇵🇭 Philippines | +63 | -p +639171234567 | Globe, Smart, DITO |
What you get from phone scan:
New in v2.5! GhostIntel now checks email domains against known data breaches.
python ghostintel.py -e user@yahoo.com --report
What you get:
Known breaches in database:
Check usernames across 129+ platforms simultaneously:
| Category | Platforms |
|---|---|
| Social | Facebook, Instagram, Twitter, TikTok, Threads, Bluesky, Snapchat, Pinterest |
| Developer | GitHub, GitLab, Bitbucket, HackerOne, Bugcrowd, Keybase, SourceForge |
| Gaming | Steam, Roblox, Xbox, PlayStation, Nintendo, Chess.com, Lichess |
| Music | Spotify, SoundCloud, Bandcamp, Genius, Mixcloud, Last.fm |
| Video | YouTube, Twitch, Vimeo, Kick, Rumble, Dailymotion, Odysee |
| Indonesian | Kaskus, Kompasiana, Detik Forum, Indowebster, Lintas.me |
| Professional | LinkedIn, Upwork, Fiverr, Freelancer, AngelList, Crunchbase |
| Blog/Forum | Medium, Reddit, Quora, Dev.to, HackerNews, ProductHunt |
python ghostintel.py -d example.com --deep
DNS Records:
HTTP Analysis:
Technology Detection (70+ patterns):