CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

CVE-2026-42866

Tookie OSINT prior to version 4.1fix is vulnerable to path traversal when producing output files. In modules/modules.py (functions write_txt, write_csv, write_json, and the shipped but commented scan_file), the output filename is formed as open(f"{user}."), where user is unsanitized from -u or -U...

EUVD-2026-23946

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

EUVD-2025-11013

Malicious code in bioql PyPI...

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

CVE-2025-32778 Web-Check allows command Injection via Unvalidated URL in Screenshot API

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

Snoop - OSINT Tool For Research Social Media Accounts By Username

OSINT Tool for research social media accounts by username Install Requests Install Requests pip install requests Install BeautifulSoup Install BeautifulSoup pip install beautifulsoup4 Execute the program Execute Snoop python3 snoop.py Download Snoop...

Malicious code in osint-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10a834a37294b0f3aaf52345444f8c5c2a15dde780c8342446c53ecc05d623c0 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...

MAL-2024-12320 Malicious code in osint-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10a834a37294b0f3aaf52345444f8c5c2a15dde780c8342446c53ecc05d623c0 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...

Poastal - The Email OSINT Tool

Poastal is an email OSINT tool that provides valuable information on any email address. With Poastal, you can easily input an email address and it will quickly answer several questions, providing you with crucial information. Features Determine the name of the person who has the email. Check if t...

OSINT Tool ‘Illicit Services’ Shuts Down Amidst Exploitation Concerns

By Waqas The owner and administrator of the Illicit Services OSINT Tool cites the rise in illegitimate activities and exploitation as reasons for closure. This is a post from HackRead.com Read the original post: OSINT Tool Illicit Services Shuts Down Amidst Exploitation Concerns...

What is an OSINT Tool – Best OSINT Tools 2023

By Waqas An OSINT tool is a must for every researcher - In this article, we will explore the 15 best OSINT tools that you can use for your investigations. This is a post from HackRead.com Read the original post: What is an OSINT Tool - Best OSINT Tools 2023...

Fedora: Security Advisory for commit-stream (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence

!\Security Nation\ Steve Micallef of SpiderFoot on Open-Source Intelligencehttps://blog.rapid7.com/content/images/2022/06/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creato...

Blackbird - An OSINT Tool To Search For Accounts By Username In 101 Social Networks

Blackbird An OSINT tool to search fast for accounts by username across 101 sites. The Lockheed SR-71 "Blackbird" is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation. Disclaimer This or previous...

[SECURITY] Fedora 36 Update: commit-stream-0.1.2-6.fc36

OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API...

SocialPwned - An OSINT Tool That Allows To Get The Emails, From A Target, Published In Social Networks Such As Instagram, Linkedin And Twitter To Find Possible Credentials Leaks In PwnDB Or Dehashed And Obtain Google Account Information Via GHunt

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt. The purpose of this tool is to facilitate the...

Terra - OSINT Tool On Twitter And Instagram

OSINT Tool On Twitter And Instagram. Installation Clone the github repo $ git clone https://github.com/xadhrit/terra.git Change Directory $ cd terra Requirements : For requirements run following commands: $ python3 -m pip install -r requirements.txt Note For Twitter Credentials : You need...

Nexfil - OSINT Tool For Finding Profiles By Username

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds. The goal behind this tool was to get results quickly while maintaining low amounts of false positives. If you like my work please star this proje...