IRIS-OSINT: Investigate usernames, people, emails and domains
Link to tool: https://github.com/IRIS-Team/IRIS
Multipurpose OSINT tools are considerably varied with regards to capabilities, and many of them can also be very tricky to install, configure and deploy through command-line interfaces. This is certainly a positive feature for novice Python users.
IRIS-OSINT is a very new OSINT tool that caught our eye after we were researching OSINT solutions that could identify and extract Minecraft usernames. After several tests of this Python-based script, it became very apparent that it provides a very broad range of investigative capabilities. Indeed, it is apparent that the tool will continue to grow in terms of features. Currently, this tool can:
- Get Minecraft account information by username/UUID
- Get NameMC profile information by Minecraft username/UUID
- Get Plancke account information by Minecraft username/UUID
- Look up an email or username with the WeLeakInfo API
- Lookup names and addresses by domain name
- Lookup published doxxes from the DoxBin site
- Extract IP-addresses from Ome.TV
- Extract email-addresses of Typeracer users by username
- Query the Canadian 411 service and lookup Canadian citizens’ public information by name/address/phone number
- Query the 118 service and lookup Danish citizens’ public information by name/address/phone number
- Query ‘Krak’ and lookup Danish citizens’ public information by name/address/phone number
- Extract Discord account information by token
- Extract GitHub account information by username
- Extract Keybase account information by username
- Identify and extract information from profiles on solo.to
- Extract Twitter account email and phone number from usernames
Undoubtedly, the capabilities of this tool are considerably extensive and varied. What we particularly like is its capability to extract a wide range of account information from Minecraft, which remains a space used by sex offenders seeking to groom children and vulnerable people. Another feature we like is the tool’s capability to easily extract information from Discord, Github and Twitter profiles. Whilst its capability to query public listing services in Canada and Denmark is somewhat useful as it removes the need for the Digital Investigator to run searches from the browser, we do believe that this capability could be better served.
Positive aspects aside, the script’s Github repository does not contain detailed instructions for users. Whilst the script is incredibly easy to install and configure through the command-line interface, the developers should prioritise the production of instructions before expanding the tool’s investigative capabilities further. To understand how to use the tool and view all of the available modules, we queried the tool’s help index using the ‘help’ command.
Overall, IRIS-OSINT is an effective multipurpose script that provides a good range of investigative capabilities. Unfortunately, the tool isn’t easy to deploy when taking into account the absence of user instructions on Github. That aside, we believe that this tool has great potential and should be included in every Digital Investigator’s toolkit.