"See everything. Leave no trace."
Open-source OSINT intelligence framework for security researchers,
penetration testers, and digital investigators.
git clone https://github.com/owlscan/owlscan
Full-spectrum recon against example.com — DNS, ports, tech stack, APIs, and web crawl in one command.
Six intelligence modules. One unified platform.
Scrapy-powered deep crawler. Technology fingerprinting across 50+ stacks — CMS, frameworks, CDNs, WAFs. API endpoint discovery, security header analysis, email and link harvesting.
Full DNS enumeration — A, MX, NS, TXT, SOA, CAA. Zone transfer attempts. Subdomain brute-force plus certificate transparency via crt.sh. SPF/DMARC spoofing analysis.
Async TCP scanner up to 65,535 ports. Service banner grabbing and version detection. Risk-based port assessment — identifies admin panels, databases, and exposed dev services.
30+ integrations: Shodan, VirusTotal, AbuseIPDB, GreyNoise, SecurityTrails, URLScan, AlienVault OTX, IPInfo, Hunter.io, HaveIBeenPwned, and more. Plugin architecture for custom sources.
People intelligence aggregation from public records. Cross-correlates emails, phones, social accounts, breach data, and aliases. Outputs a Shadow Score — digital exposure quantified.
JSON, CSV, HTML, PDF, XLSX, STIX 2.1, XML, Markdown. All formats support ZIP compression and AES-256-GCM encryption. Share client-ready reports or feed results into your SIEM.
Identity rotation, request jitter, user-agent spoofing, and optional Tor routing keep your recon beneath the noise floor. Purpose-built for engagements where detection is not an option.
DEPLOY GHOST MODE# Docker — Ghost Mode with Tor routing docker-compose --profile ghost up -d # CLI — Ghost Mode scan owlscan scan target.com \ --profile ghost \ --modules dns,tech \ --format json # Web UI — toggle Ghost Mode Advanced Config → Ghost Mode (low & slow) ✓
Every scan produces a Shadow Score (0–100) — a weighted composite of open ports, vulnerability findings, missing security controls, and threat intelligence flags.
Dark mode cyberpunk aesthetic or clean Phantom Dawn light mode — toggle with a single click. Both themes cover every page and component.
git clone https://github.com/owlscan/owlscan cd owlscan docker-compose up -d # Open http://localhost:5000
git clone https://github.com/owlscan/owlscan cd owlscan python -m venv .venv source .venv/bin/activate # Windows: .venv\Scripts\activate pip install -e . python run.py # Open http://127.0.0.1:5000
# Quick probe owlscan scan example.com --profile quick # Standard recon with HTML report owlscan scan example.com \ --profile standard \ --format html \ --output ./reports # People intelligence owlscan profile \ --email target@example.com \ --first-name John --last-name Doe
⚠ For authorized use only. See the Legal & Ethics section before running any scan.
Configure your own keys in Ghost Keys — every API has a free tier to get started.
Open-source. MIT licensed. No telemetry. No phone-home. Your recon stays on your machine.