logo

Enrichers catalog

Quick start guide to using Enrichers for your OSINT investigations.

ASN

asn_to_cidrs: Given an ASN, enumerate its announced CIDR ranges. Tools/Pivots: asnmap (CLI), jq (CLI)

CIDR

cidr_to_ips: Expand a CIDR to IPs by PTR enumeration heuristics. Tools/Pivots: dnsx (CLI)

Crypto

cryptowallet_to_transactions: Fetch ETH wallet transactions and map wallet-to-wallet relationships. Tools/APIs: Etherscan API

cryptowallet_to_nfts: Fetch ERC-721/1155 NFT transfers for a wallet. Tools/APIs: Etherscan API

Domain

domain_to_ip: Resolve domains to IPv4 addresses. Tools/Pivots: DNS resolution (socket)

domain_to_subdomains: Discover subdomains for a domain. Tools/APIs: subfinder (CLI), fallback to crt.sh JSON API

domain_to_whois: Retrieve WHOIS registration data for a domain. Tools/APIs: python-whois

domain_to_asn: Map a domain to its ASN by resolving and querying ASN data. Tools/Pivots: system DNS, asnmap (CLI)

domain_to_root_domain: Convert a subdomain to its registrable root. Tools/Pivots: internal domain utils

domain_to_history: Retrieve historical WHOIS records and extract related entities (individuals, organizations, emails, phones, locations). Tools/APIs: Whoxy API

domain_to_website: Convert a domain to a reachable website URL (HTTP/HTTPS), following redirects. Tools/Pivots: HTTP HEAD requests

Email

email_to_breaches: Check whether an email appears in known breaches. Tools/APIs: Have I Been Pwned API

email_to_gravatar: Check Gravatar existence and profile for an email (via MD5 hash). Tools/APIs: Gravatar endpoints

Individual

individual_to_domains: Find domains registered by a specific person; extract related contacts and attributes. Tools/APIs: Whoxy API

individual_to_organization: Find organizations related to a person in French registries. Tools/APIs: SIRENE (via internal SireneTool) — see INSEE Sirene API

IP

ip_to_domain: Reverse-resolve IPs to domains via PTR and Certificate Transparency pivots. Tools/APIs: DNS PTR (socket), crt.sh JSON API

ip_to_infos: Enrich IPs with geolocation and ISP data. Tools/APIs: ip-api.com

ip_to_asn: Map IPs to their ASN. Tools/Pivots: AsnmapTool (asnmap)

Leak

to_hibp_leaks: Query HIBP for breaches/pastes/hashes for emails. Tools/APIs: hibpwned library (HIBP)

Organization

org_to_domains: Find domains registered by an organization; extract contacts and related entities. Tools/APIs: Whoxy API

org_to_infos: Enrich organizations with French registry data and leaders. Tools/APIs: SIRENE (SireneTool) — see INSEE Sirene API

org_to_asn: Find ASNs associated with an organization name. Tools/Pivots: asnmap (CLI), jq (CLI)

Phone

phone_to_infos: Probe phone footprint across services (demo modules) and normalize number. Tools/APIs: ignorant modules (Amazon, Snapchat, Instagram), httpx

phone_to_breaches: Check whether a phone number appears in known breaches. Tools/APIs: Have I Been Pwned API

Social

username_to_socials_sherlock: Enumerate social accounts for a username using Sherlock. Tools/Pivots: sherlock (CLI)

username_to_socials_maigret: Enumerate social accounts for a username using Maigret and parse rich metadata. Tools/Pivots: maigret (CLI)

Website

website_to_crawler: Crawl a website to extract emails and phone numbers. Tools/APIs: ReconCrawlTool (reconcrawl)

website_to_links: Crawl a website and collect internal/external links and domains. Tools/APIs: reconspread Crawler

website_to_text: Fetch and extract visible text from a webpage. Tools/APIs: HTTP GET, BeautifulSoup

website_to_webtrackers: Extract analytics/ads tracking codes from a website. Tools/APIs: recontrack TrackingCodeExtractor

Notes

  • Some enrichers optionally depend on docker binaries: subfinder, asnmap, dnsx, and jq which are installed in the docker container.
  • API-keyed enrichers read keys from params or environment (e.g., HIBP_API_KEY, ETHERSCAN_API_KEY, WHOXY_API_KEY).
Developers
Managing enrichers

Need troubleshooting or spotted a bug ? Feel free to submit an issue here.