----------------️ Tool===================Opening: Claude-OSINT is a paired set of Claude skills intended to operationalize offensive reconnaissance inside a Claude skills environment. The project bundles a methodology skill (osint-methodology) and a tactical skill (offensive-osint) to provide structured tradecraft, scoring rules, and probe paths tailored for authorized red-team and bug-bounty engagements.Key Features:• Modular skills: Two self-contained SKILL.md files that prime Claude for strategy and tactics respectively.• Broad coverage: ~5,500 lines of tradecraft, 90+ recon modules, 48 secret-regex patterns, 80+ dorks, 9 read-only credential validators, and 27 attack-path templates.• Recon capabilities: Subdomain discovery stacks (crt.sh + fallback), Wayback/CDX deep mining, WHOIS/RDAP pivots, bulk IP→ASN mappings, and public-records pivots such as OpenCorporates and SEC EDGAR.• Identity & SSO mapping: Fingerprinting and enumeration for Microsoft Entra/M365, Okta tenant slugs, ADFS metadata, Google Workspace OIDC discovery, and generic OIDC/SAML paths.• App surface discovery: Swagger/OpenAPI discovery paths, GraphQL discovery and field-enumeration strategies, always-on HTTP checks (common sensitive files and endpoints), and security header audits.Technical Implementation:• The repository structure centers on skills/ containing SKILL.md files that encode prompts, heuristics, regexes and scoring rules, plus a small standard-library-only secret_scan.py for local secret scanning.• The approach is to supply Claude with structured tradecraft (procedural steps, regex tiers, payload ideas, and scoring thresholds) rather than a runnable scanner binary.Use Cases:• Red-team external recon phases with time-budgeted pipelines (1h/4h/1d/1w).• Bug-bounty reconnaissance to enumerate SSO, open APIs, and legacy backups using crafted dorks and regexes.• Augmenting human analysts by surfacing prioritized attack paths and identity pivots.Limitations:• The repository provides methodology and prompting artifacts rather than turnkey scanning infrastructure; operationalization requires an authorized Claude skills environment.• No active exploitation tooling is included; focus remains on discovery, mapping, and validation primitives. tool #osint #recon #pentesting Source: https://github.com/elementalsouls/Claude-OSINT
