Automated OSINT Recon Tool | See What's Hidden in the Shadows
A powerful, modular OSINT reconnaissance tool designed specifically for bug bounty hunters, and security researchers.
Powered by real free APIs: AlienVault OTX, URLScan.io, Internet Archive, ThreatFox, Shodan, SecurityTrails and more. π
(ASCII Art placeholder)
ββββββββββββ βββββββββ βββ βββββββ βββ ββββββββββββ
ββββββββββββ βββββββββ βββββββββββ βββ ββββββββββββ
βββ βββ ββ βββββββββ ββββββ ββββββββββββ βββ
βββ ββββββββββββββββ ββββββ βββββββββββ βββ
βββ ββββββββββββββββββββββββββββββββββββ βββ βββ
βββ ββββββββ ββββββββββββββ βββββββ βββ βββ βββ
βββββββ βββββββ βββββββ ββββββββββββ
βββββββββββββββββββββββββββββββββββββ
βββ ββββββββββββββββββββββ βββ
βββ ββββββββββββββββββββββ βββ
ββββββββββββ ββββββββββββββ βββ
βββββββ βββ ββββββββββ βββ βββ
- Features
- Quick Start
- Usage Examples
- Optional API Keys (Turbocharge your scans)
- Output Formats
- Project Architecture
- Disclaimer
Twilight Orbit runs 12 parallel modules to extract every drop of public intelligence on a target.
| Module | Description | Data Sources / Libraries |
|---|---|---|
| π DNS Lookup | A, AAAA, MX, NS, TXT, CNAME, SOA records. | dnspython |
| π WHOIS | Domain registration, registrar, dates, nameservers, status. | python-whois |
| π Subdomains | Discovers hidden subdomains via active brute-forcing and passive certificate transparency logs. | dnspython, crt.sh, SecurityTrails API |
| π Port Scanner | Lightning fast TCP connect scanner for the Top 100 most common vulnerable ports. | socket (stdlib) |
| π‘οΈ HTTP Headers | Security header analysis with severity ratings (HSTS, CSP, Clickjacking, MIME-sniffing). | httpx |
| π SSL/TLS | Certificate details, issuer, SANs, expiry dates, cipher suites, and protocol versions. | ssl, socket |
| βοΈ Tech Detection | Fingerprints frameworks, CMS, CDNs, and analytics via HTTP response headers. | httpx |
| π Geolocation | Finds the physical location, ISP, and ASN for the target IP address. | ip-api.com |
| π§ Email Harvest | Discovers employee and corporate emails via web scraping and public databases. | Custom scraper, Hunter.io API |
| π°οΈ Wayback Machine | Searches the Internet Archive for historical snapshots and hidden paths. | archive.org CDX API |
| ποΈ Wayback Secrets | Scans historical .env, .json, and .sql file archives for leaked API keys (AWS, Google, Stripe). |
archive.org CDX API |
| π DOM Fingerprint | Bypasses WAFs via Headless Chromium to detect hidden JavaScript frontend frameworks. | playwright |
| π Dependency Analyzer | Parses client-side scripts to identify outdated libraries with known CVEs (e.g. ancient jQuery). | httpx, regex |
| π¨ Threat Intel | Cross-references the domain against global threat intelligence feeds. | AlienVault OTX, URLScan.io, ThreatFox, HackerTarget |
| π Shodan / VT | Queries the biggest cybersecurity databases for vulnerabilities and malware reputation. | Shodan, VirusTotal, AbuseIPDB |
- Python 3.10+
- Works on Windows, macOS, and Linux
The fastest way to get started is to clone the repository and set up a virtual environment.
# Clone the repository
git clone https://github.com/WIzbisy/twilight-orbit.git
cd twilight-orbit
# Create a virtual environment (Recommended)
python -m venv venv
# Activate the virtual environment
# On Windows:
.\venv\Scripts\activate
# On Linux/Mac:
source venv/bin/activate
# Install the required dependencies
pip install -r requirements.txtTwilight Orbit is built on top of click for a clean, intuitive command-line interface.
Run all 12 modules against a target domain.
python -m twilight_orbit scan example.comOnly care about subdomains and open ports? Use the --modules (or -m) flag.
python -m twilight_orbit scan example.com -m subdomains,ports,dnsTwilight Orbit generates interactive HTML reports that are perfect for delivering to clients or bug bounty programs.
# Output results to an HTML file
python -m twilight_orbit scan example.com --output report.html
# Output results to machine-readable JSON (useful for CI/CD or jq parsing)
python -m twilight_orbit scan example.com --output results.jsonView all available commands and modules.
python -m twilight_orbit --help
python -m twilight_orbit modulesTwilight Orbit performs highly effective reconnaissance out-of-the-box with zero configuration. However, you can turbocharge the modules by providing API keys for premium (but free-tier) services.
Twilight Orbit uses python-dotenv to automatically load keys. Create a .env file in the root directory like this:
# βββ Threat Intelligence ββββββββββββββββββββββββββββββββββββββββββ
# Enhances the port scanner and checks for known CVEs
SHODAN_API_KEY=your_shodan_key_here
# Checks the target against 70+ antivirus engines
VIRUSTOTAL_API_KEY=your_vt_key_here
# Checks if the target IP has been reported for malicious activity
ABUSEIPDB_API_KEY=your_abuseipdb_key_here
# βββ Recon Enhancements βββββββββββββββββββββββββββββββββββββββββ
# Pulls from Hunter's massive database of corporate emails
HUNTER_API_KEY=your_hunter_key_here
# Pulls thousands of historical subdomains from DNS history
SECURITYTRAILS_API_KEY=your_securitytrails_key_hereWhere to get free keys:
- Shodan (Free 100 queries/month)
- VirusTotal (Free 500 queries/day)
- AbuseIPDB (Free 1000 queries/day)
- Hunter.io (Free 50 searches/month)
- SecurityTrails (Free 50 queries/month)
- Terminal (Rich): Beautiful, color-coded tables, progress bars, and panels rendered natively in your terminal using the
richlibrary. - HTML Report: A stunning, self-contained, dark-themed HTML report. It parses the data into clean tables with security score widgets.
- JSON: A complete data dump for building automation pipelines.
If you want to contribute or build your own modules, here is the architecture:
twilight-orbit/
βββ twilight_orbit/
β βββ cli.py # CLI entry point (Click)
β βββ scanner.py # Orchestrator that runs the modules in parallel
β βββ config.py # Global configuration & constants
β βββ modules/
β β βββ dns_lookup.py # DNS records module
β β βββ whois_lookup.py # WHOIS data module
β β βββ subdomains.py # Subdomain discovery (crt.sh & SecurityTrails)
β β βββ port_scanner.py # Top 100 ports scanner
β β βββ http_headers.py # Security headers analyzer
β β βββ ssl_info.py # SSL/TLS cert evaluator
β β βββ tech_detect.py # Tech fingerprinting
β β βββ geo_lookup.py # IP geolocation
β β βββ email_harvest.py # Email discovery (Scraping & Hunter.io)
β β βββ wayback.py # Wayback Machine API
β β βββ wayback_secrets.py # Historical API Key detection
β β βββ dom_fingerprint.py # Headless browser framework detection
β β βββ dependency_chain.py# Frontend vulnerable libs check
β β βββ threat_intel.py # AlienVault OTX, URLScan, ThreatFox
β β βββ shodan_vt.py # Shodan, VirusTotal, AbuseIPDB
β βββ reporting/
β βββ console.py # Terminal rendering logic (Rich)
β βββ json_report.py # JSON export logic
β βββ html_report.py # HTML template and rendering
βββ tests/ # (Optional) Unit tests structure
βββ requirements.txt # Project dependencies
βββ .env # (You create this) API Keys
βββ .gitignore # Ignored files for git
βββ setup.py # Package setup and installation
βββ CONTRIBUTING.md # Guide for contributors
βββ LICENSE # MIT License
βββ README.md # Project documentation
We welcome contributions! Please see the CONTRIBUTING.md file for guidelines on how to add new modules, fix bugs, or improve documentation.
β οΈ Twilight Orbit is intended for authorized security testing, educational purposes.You must only scan targets that you own or have explicit written permission to test (e.g., Bug Bounty programs). Unauthorized scanning of infrastructure may be illegal in your jurisdiction. The authors and maintainers are not responsible for any misuse of this tool.
This project is licensed under the MIT License.