gOSINT is a small OSINT framework in golang, it’s actually in development and still not ready for production if you want, feel free to contribute!

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend.

What gOSINT can do

  • Find mails from git repository
  • Find Dumps for mail address
  • Search for mail address linked to domain/mail address in PGP keyring
  • Retrive Info from domain whois (waiting to be implemented)
  • Search for mail address in source code (waiting to be implemented)


You can use the building script, just clone the directory and execute it

The package will be installed in /usr/local/bin
You can then call gOSINT from command line

Manual Building


Before building gOSINT manually you need to solve the dependencies:


Currently gOSINT is still an early version and few modules are supported

  • git support for mail retriving (using github API, bitbucket API or RAW clone and search)
  • Search for mails in PGP Server
  • https://haveibeenpwned.com/ search for mail in databreach
  • WHOIS support (the module is ready but has to be integrated)
  • Search for mail address in source (module ready, needs to be integrated)
  • https://shodan.io search
  • Social Media search
  • Search Engine search



Currently gOSINT supports the following actions

retrive mail from git commits

pass the result to pgp search and pwnd module

search for breaches where targetMail is preset

search for others mail in PGP Server

pass the result to haveibeenpwn module

Download gOSINT