OSINT Research Assistant

Instantly query IPs, domains, and file hashes across 7 free threat intelligence services. No API keys or sign-up required.

OSINT Research Assistant is a free, lightweight browser extension designed for cybersecurity analysts, threat hunters, incident responders, and security researchers. It accelerates threat investigation workflows by enabling fast, in-browser lookups of indicators of compromise (IOCs) without requiring any API keys or account registration. HOW IT WORKS Select any IP address, domain name, URL, or file hash (MD5, SHA-1, SHA-256) on a web page, right-click, and choose "OSINT Lookup". A floating results panel opens directly on the page and queries 7 free threat intelligence services simultaneously. SERVICES QUERIED - IP-API: Geolocation, ISP, proxy and VPN detection - Shodan InternetDB: Open ports and known CVEs for an IP address - GreyNoise Community: IP threat classification (malicious, benign, or unknown scanner) - Whois / RDAP: Domain registration dates, registrar, name servers, and IP block information - crt.sh: SSL/TLS certificate history and subdomain enumeration via Certificate Transparency logs - Google DNS: DNS record lookup (A, AAAA, MX, TXT, NS, CNAME) - CIRCL HASHLOOKUP: File hash identification and malicious file detection via the NSRL database SUPPORTED IOC TYPES - IPv4 and IPv6 addresses - Domain names - URLs - MD5, SHA-1, and SHA-256 file hashes KEY FEATURES - No API keys, no registration, no configuration required — install and use immediately - All services used are free and publicly available - Results are displayed in a draggable, resizable panel on the current page - Color-coded threat verdicts: clean, suspicious, or malicious - English and Turkish language support with instant switching - Runs entirely in the browser — no backend server, no data stored or transmitted beyond the selected IOC WHO IS IT FOR This extension is intended for cybersecurity professionals performing authorized security research, penetration testers, SOC analysts triaging alerts, CTF participants, and anyone who needs quick threat context on an indicator of compromise. PRIVACY The extension does not collect, store, or transmit any personal data. The only data sent externally is the text the user selects and explicitly submits for lookup (an IP address, domain, or hash). This data is sent directly to the respective third-party threat intelligence APIs listed above. No browsing history, page content, or identifying information is ever accessed or transmitted.