Hey everyone,
I recently open-sourced OpenOSINT, a Python-based CLI framework designed to automate reconnaissance and threat intelligence workflows.
The architectural problem:
Traditional OSINT automation usually relies on rigid bash scripts or static Python pipelines. If a tool fails, or if a specific finding requires a sudden pivot (e.g., finding an unexpected subdomain and needing to run a specific vulnerability check on it), a static pipeline simply breaks or requires massive if/else chains.
The approach:
To solve this, I built an orchestrator leveraging the native tool-use/function calling APIs from Anthropic and OpenAI.
Here is how it works under the hood:
- Dynamic Orchestration: You provide a target (IP, domain, email) and a query. The LLM acts purely as a reasoning engine.
- Tool Registration: Local OSINT scripts are mapped as available tools. The framework reads the Python functions, parses docstrings and type hints, and feeds them to the LLM as an array of available actions.
- Execution Loop: The LLM decides which tools to call, in what order, and dynamically pipes the structured output of one tool as the input parameter for the next one.
- Modularity: Adding a new capability is plug-and-play. You just drop a new Python script into the modules directory, and the agent automatically knows it exists and how to use it based on the schema.
It's strictly CLI-native and outputs structured reports.
You can check out the code and the CLI demo here:
https://github.com/OpenOSINT/OpenOSINT
I'm looking for some technical feedback on the codebase. Specifically, I'd love to hear your thoughts on how to better optimize the context window limits when dealing with massive raw outputs (like huge DNS dumps or nmap scans) before feeding them back into the LLM's memory.
Any architectural critiques or suggestions are welcome!
I wanna help people with integrate clam av easily in nodejs projects