explaingit

alpkeskin/mosint

5,817GoAudience · developerComplexity · 2/5LicenseSetup · moderate

TLDR

A command-line OSINT tool that takes an email address and automatically queries multiple external services to surface data breaches, related domains, leaked pastebin data, linked social media accounts, and DNS and IP information.

Mindmap

mindmap
  root((repo))
    What it does
      Email OSINT gathering
      Multi-source queries
      CLI tool in Go
    Data Sources
      Data breach databases
      Pastebin and leak sites
      Social media accounts
    More Features
      DNS domain lookups
      IP address info
      JSON output export
    Setup
      Go install or Docker
      API keys required
      Config file in home dir
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Investigate an email address to find associated data breaches, related domains, and linked social media accounts

USE CASE 2

Check whether an email appears in known data breach databases as part of a security audit or incident response

USE CASE 3

Scan pastebin and leak sites for public mentions of a target email address

USE CASE 4

Automate OSINT email lookups and export structured JSON results for use in other security workflows

Tech stack

GoDockerJSON

Getting it running

Difficulty · moderate Time to first run · 30min

Requires API keys from HaveIBeenPwned, Hunter.io, Intelligence X, and BreachDirectory, must create a YAML config file in your home directory before the tool will run at all.

MIT license, free to use, modify, and distribute for any purpose including commercial use, as long as you keep the copyright notice.

In plain English

Mosint is a command-line tool for gathering publicly available information about an email address. OSINT stands for Open Source Intelligence, meaning information collected from sources accessible to anyone. You give the tool an email address and it automatically queries multiple external services to piece together what is known about that address. The tool checks whether the email appears in known data breaches, incidents where private databases of usernames and passwords were stolen and later exposed online. It also looks for related email addresses and domains, scans pastebin sites where leaked data is commonly posted, and checks social media accounts connected to the address. In addition, it can perform DNS lookups on the associated domain and pull more information about the IP address. Several of the external services it queries require API keys, which means you would need to register for accounts on those platforms separately to unlock their full capabilities. Services include HaveIBeenPwned, Hunter.io, Intelligence X, and BreachDirectory, among others. The tool reads API keys from a configuration file stored in your home directory, and without that configuration file in place, mosint will not run. Installation is done through the Go programming language's package manager with a single terminal command. The tool also supports running inside Docker for a containerized setup. Results can be saved to a JSON file for use in other workflows. Mosint is written in Go and licensed under the MIT license, so it is free to use and modify. The README describes it as designed for security researchers investigating email addresses as part of legitimate information-gathering work.

Copy-paste prompts

Prompt 1
I want to use mosint to investigate an email address. Walk me through creating the config file with my HaveIBeenPwned and Hunter.io API keys, then running a full scan.
Prompt 2
How do I run mosint inside Docker without installing Go locally? Show me the command to scan an email and save the results to a JSON file.
Prompt 3
I am doing OSINT on a corporate domain. How can I use mosint to find what email addresses and subdomains are publicly associated with example.com?
Prompt 4
Mosint returned a JSON file with breach and leak results. Help me write a Python script to parse the output and summarize which services found matches and what data was exposed.
Open on GitHub → Explain another repo

← alpkeskin on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.