Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. 🛠️ Tool

🛠️ Tool

Scheduled Pinned Locked Moved Uncategorized
osintreconpentesting
1 Posts 1 Posters 3 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • hasamba@infosec.exchangeH This user is from outside of this forum
    hasamba@infosec.exchangeH This user is from outside of this forum
    hasamba@infosec.exchange
    wrote last edited by
    #1

    ----------------

    🛠️ Tool
    ===================

    Opening: Claude-OSINT is a paired set of Claude skills intended to operationalize offensive reconnaissance inside a Claude skills environment. The project bundles a methodology skill (osint-methodology) and a tactical skill (offensive-osint) to provide structured tradecraft, scoring rules, and probe paths tailored for authorized red-team and bug-bounty engagements.

    Key Features:
    • Modular skills: Two self-contained SKILL.md files that prime Claude for strategy and tactics respectively.
    • Broad coverage: ~5,500 lines of tradecraft, 90+ recon modules, 48 secret-regex patterns, 80+ dorks, 9 read-only credential validators, and 27 attack-path templates.
    • Recon capabilities: Subdomain discovery stacks (crt.sh + fallback), Wayback/CDX deep mining, WHOIS/RDAP pivots, bulk IP→ASN mappings, and public-records pivots such as OpenCorporates and SEC EDGAR.
    • Identity & SSO mapping: Fingerprinting and enumeration for Microsoft Entra/M365, Okta tenant slugs, ADFS metadata, Google Workspace OIDC discovery, and generic OIDC/SAML paths.
    • App surface discovery: Swagger/OpenAPI discovery paths, GraphQL discovery and field-enumeration strategies, always-on HTTP checks (common sensitive files and endpoints), and security header audits.

    Technical Implementation:
    • The repository structure centers on skills/ containing SKILL.md files that encode prompts, heuristics, regexes and scoring rules, plus a small standard-library-only secret_scan.py for local secret scanning.
    • The approach is to supply Claude with structured tradecraft (procedural steps, regex tiers, payload ideas, and scoring thresholds) rather than a runnable scanner binary.

    Use Cases:
    • Red-team external recon phases with time-budgeted pipelines (1h/4h/1d/1w).
    • Bug-bounty reconnaissance to enumerate SSO, open APIs, and legacy backups using crafted dorks and regexes.
    • Augmenting human analysts by surfacing prioritized attack paths and identity pivots.

    Limitations:
    • The repository provides methodology and prompting artifacts rather than turnkey scanning infrastructure; operationalization requires an authorized Claude skills environment.
    • No active exploitation tooling is included; focus remains on discovery, mapping, and validation primitives.

    🔹 tool #osint #recon #pentesting

    🔗 Source: https://github.com/elementalsouls/Claude-OSINT

    1 Reply Last reply
    1
    0
    • R relay@relay.infosec.exchange shared this topic
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups