GitPedia

Pockint

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

From edoardogerosa·Updated April 13, 2026·View on GitHub·

POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. A lightweight and portable GUI program, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner. The project is written primarily in Python, distributed under the MIT License license, first published in 2019. Key topics include: dfir, incident-response, incident-response-tooling, infosec, infosec-19.

Latest release: v.1.2.0
January 18, 2020View Changelog →

Icon

made with python
Supported platforms
GitHub release
GitHub All Releases
Twitter Follow

POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. A lightweight and portable GUI program, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner.

demo

Installation

You can grab the latest version from the releases page. POCKINT is provided as a single executable that can be stored and run anywhere on computers. POCKINT is available for Windows only.

Features

Why use it? POCKINT is designed to be simple, portable and powerful.

:star: Simple: There's plenty of awesome OSINT tools out there. Trouble is they either require analysts to be reasonably comfortable with the command line (think pOSINT) or give you way too many features (think Maltego). POCKINT focuses on simplicity: INPUT > RUN TRANSFORM > OUTPUT ... rinse and repeat. It's the ideal tool to get results quickly and easily through a simple interface.

:package: Portable: Most tools either require installation, a license or configuration. POCKINT is ready to go whenever and wherever. Put it in your jump kit USB, investigation VM or laptop and it will just run.

:rocket: Powerful: POCKINT combines cheap OSINT sources (whois/DNS) with the power of specialised APIs. From the get go you can use a suite of in-built transforms. Add in a couple of API keys and you can unlock even more specialised data mining capabilities.

The latest version is capable of running the following data mining tasks:

<details><summary>Hostnames</summary> <p>
SourceTransformAPI key needed?
DNSIP lookup:x:
DNSMX lookup:x:
DNSNS lookup:x:
DNSTXT lookup:x:
WHOISDomain dnssec status:x:
WHOISDomain creation:x:
WHOISDomain expiration:x:
WHOISDomain emails:x:
WHOISDomain registrar:x:
WHOISRegistrant location:x:
WHOISRegistrant org:x:
WHOISRegistrant name:x:
WHOISRegistrant address:x:
WHOISRegistrant zipcode:x:
crt.shSubdomains:x:
VirustotalDownloaded samples:heavy_check_mark:
VirustotalDetected URLs:heavy_check_mark:
VirustotalSubdomains:heavy_check_mark:
OTXPassive DNS:heavy_check_mark:
OTXmalicious check:heavy_check_mark:
OTXMalware type:heavy_check_mark:
OTXMalware hash:heavy_check_mark:
OTXObserved urls:heavy_check_mark:
OTXGeolocate:heavy_check_mark:
</p> </details> <details><summary>IP Adresses</summary> <p>

Note: Only IPv4 Addresses are supported

SourceTransformAPI key needed?
DNSReverse lookup:x:
ShodanPorts:heavy_check_mark:
ShodanGeolocate:heavy_check_mark:
ShodanCoordinates:heavy_check_mark:
ShodanCVEs:heavy_check_mark:
ShodanISP:heavy_check_mark:
ShodanCity:heavy_check_mark:
ShodanASN:heavy_check_mark:
VirustotalNetwork report:heavy_check_mark:
VirustotalCommunicating samples:heavy_check_mark:
VirustotalDownloaded samples:heavy_check_mark:
VirustotalDetected URLs:heavy_check_mark:
OTXPassive DNS:heavy_check_mark:
OTXMalicious check:heavy_check_mark:
OTXMalware type:heavy_check_mark:
OTXMalware hash:heavy_check_mark:
OTXObserved urls:heavy_check_mark:
OTXGeolocate:heavy_check_mark:
</p> </details> <details><summary>Urls</summary> <p>
SourceTransformAPI key needed?
DNSExtract hostname:x:
VirustotalMalicious check:heavy_check_mark:
VirustotalReported detections:heavy_check_mark:
OTXGeolocate:heavy_check_mark:
OTXParse url:heavy_check_mark:
OTXmalicious check:heavy_check_mark:
OTXHttp response analysis:heavy_check_mark:
</p> </details> <details><summary>Hashes</summary> <p>

Note: Both MD5 and SHA256 hashes are supported

SourceTransformAPI key needed?
VirustotalMalicious check:heavy_check_mark:
VirustotalMalware type:heavy_check_mark:
OTXMalicious check:heavy_check_mark:
</p> </details> <details><summary>Emails</summary> <p>
SourceTransformAPI key needed?
N/AExtract domain:x:
</p> </details>

New APIs and input integrations are in the works, consult the issues page to check out what's brewing or feel free to propose your own.

Like it?

If you like the tool please consider contributing.

The tool received a few "honourable" mentions, including:

Please note: There have been a small number of reports indicating that pockint triggers false positives on antivirus protected systems (to date Avast, AVG and Norton). The issue seems to be caused by pyinstaller, the python package used to freeze and distribute pockint. If pockint triggers your antivirus please submit an issue and the author will submit a false positive report to the concerned antivirus provider.

Contributors

Showing top 2 contributors by commit count.

edoardogerosa

edoardogerosa

8 commits

dependabot[bot]

dependabot[bot]

3 commits

View all contributors on GitHub →

This article is auto-generated from edoardogerosa/pockint via the GitHub API.Last fetched: 6/28/2026