Welcome to Flowsint
Complete documentation for Flowsint - a modular OSINT investigation platform.
What is Flowsint?
Flowsint is a modular investigation and reconnaissance platform focused on OSINT (Open Source Intelligence). It provides:
- Graph-based visualization of entity relationships
- 30+ automated enrichers for intelligence gathering
- Modular architecture with clean separation of concerns
- Privacy-first design with local data storage
- Extensible platform for custom enrichers
- Automated search flows (more on that here)
Disclaimer !
The author(s) and contributor(s) of this tool assume no responsibility or liability for any damages, losses, or consequences that may result from the use or misuse of this software. By using this tool, you acknowledge and agree that:
- You are solely responsible for your use of this software
- You will use this tool in compliance with all applicable laws and regulations
- You will obtain proper authorization before conducting any security testing or reconnaissance activities
- You understand the potential risks and legal implications of using security tools
Why Flowsint?
OSINT tools can be envisionned as consumables: research methods change, security mechanisms evolve, but once again, the visualization, exploitation, and analysis of this data remains the same. Analysts need to be able to list, centralize, and visualize connections to have a clear understanding of their investigation.
Flowsint aims at providing the "solid foundation" necessary for any investigation, onto which tools can be connected. The idea is also that connecting/disconnecting these tools should be easy. A new tool comes out, and with a few manipulations it can be integrated into your investigation workflow.
If you've already practiced some OSINT, you know that analysts often rely on a multitude of research tools: scripts, third-party services, specialized applications... But these tools often work in silos and quickly become obsolete if they're not maintained: a service disappears, an API changes, an access point closes. The analyst juggles with unstable tools and sometimes has to manually adapt their data to continue their investigation.
OSINT tools, for most, are consumables: they evolve, appear, disappear.
However, the fundamental need always remains the same: to see, exploit, and analyze data in a clear and understandable way.
This is exactly what Flowsint was built for: a solid and durable foundation on which your investigations rest.
Tools become simple extensions - they plug in and unplug easily, and a new tool can easily be integrated with your investigation workflow.
Flowsint is the stable infrastructure that allows you to stay agile in the face of constant evolution of methods and sources.
Flowsint is a local tool, running on your machine only. This ensures a great level of confidentiality, but comes with responsabilities.
At your own risk
All enrichers run locally on your machine. This means you can get banned from some services or get flagged from infrastructures if you start making thousands of requests to the same service. You need to always know what you are doing, and understand that gathering can go very fast in scale.
For example, you can very easily happen to be making DNS resolution requests for 10 000 IPs.
Know you infrastructure and your limits. Know how the tools used in the enrichers actually work. You can have a list of the available enrichers and tools here.
If all those points are clear for you, let's start investigating !