Semi-automatic OSINT framework and package manager

License: GPL-3.0

Language: Rust

Keywords: bug-bounty, certificate-transparency, intelligence, investigation, location, lua, osint, osint-framework, pentesting, recon, reconnaissance, rust, security, security-audit, security-scanner

sn0int Build Status Documentation Status @sn0int registry status

sn0int (pronounced /snoɪnt/) is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the results in a unified format for followup investigations.

Among other things, sn0int is currently able to:

  • Harvest subdomains from certificate transparency logs and passive dns
  • Enrich ip addresses with asn and geoip info
  • Harvest emails from pgp keyservers and whois
  • Discover compromised logins in breaches
  • Find somebody's profiles across the internet
  • Enumerate local networks with unique techniques like passive arp
  • Gather information about phonenumbers
  • Attempt to bypass cloudflare with shodan
  • Harvest data and images from instagram profiles
  • Scan images for nudity

sn0int is heavily inspired by recon-ng and maltego, but remains more flexible and is fully opensource. None of the investigations listed above are hardcoded in the source, instead those are provided by modules that are executed in a sandbox. You can easily extend sn0int by writing your own modules and share them with other users by publishing them to the sn0int registry. This allows you to ship updates for your modules on your own since you don't need to send a pull request.

For questions and support join us on IRC:




pacman -S sn0int


brew install sn0int

For everything else please have a look at the detailed list.

Getting started


This tool was written for companies to help them understand their attack surface from a blackbox point of view. It's often difficult to understand that something is easier to discover than some people assume, putting them at risk of false security.

It's also designed to be useful for red team assessments and bug bounties, which also help companies to identify weaknesses that could result in a compromise.

Some functionality was written to do the same thing for individuals to raise awareness about personal attack surface, privacy and how much data is publicly available. These issues are often out of scope in bug bounties and sometimes by design. We believe that blaming the user is the wrong approach and these issues should be addressed at the root cause by the people designing those systems.



Project Statistics

Sourcerank 8
Repository Size 2.74 MB
Stars 513
Forks 55
Watchers 21
Open issues 33
Dependencies 523
Contributors 5
Tags 21
Last updated
Last pushed

Top Contributors See all

kpcyrd Tobias Stoeckmann Georg Semmler Patrick Meyer hovman

Packages Referencing this Repo

sn0int registry
Latest release 0.5.0 - Updated - 513 stars
Common code for sn0int
Latest release 0.9.0 - Updated - 513 stars
Semi-automatic OSINT framework and package manager
Latest release 0.15.0 - Updated - 513 stars

Recent Tags See all

v0.15.0 January 18, 2020
v0.14.0 November 23, 2019
v0.13.0 August 26, 2019
v0.12.0 June 19, 2019
v0.11.2 May 13, 2019
v0.11.1 April 25, 2019
v0.11.0 April 22, 2019
v0.10.0 February 28, 2019
v0.9.1 February 03, 2019
v0.9.0 January 29, 2019
v0.8.1 January 13, 2019
v0.8.0 January 07, 2019
v0.7.0 December 24, 2018
v0.6.0 December 08, 2018
v0.5.2 November 26, 2018

Something wrong with this page? Make a suggestion

Last synced: 2019-11-23 20:22:33 UTC

Login to resync this repository