extensions icon indicating copy to clipboard operation
extensions copied to clipboard
verified publisher icon raycast

Add osint-toolkit extension

Open jergensturdley opened this issue 3 months ago • 7 comments

Summary

OSINT Toolkit streamlines the process of investigating potential security threats by providing instant access to 15+ leading threat intelligence platforms. Simply paste any IP address, domain, URL, or file hash, and the extension automatically detects the IOC type and presents all relevant OSINT sources.

defanged-search ***

Checklist

Features

Auto-Detection

  • Automatically identifies IOC types: IPv4, IPv6, domains, URLs, and file hashes (MD5, SHA1, SHA256)
  • Handles defanged IOCs (e.g., hxxp://example[.]com) and automatically refangs them
  • Smart validation ensures only valid IOCs are processed

Favorites System

  • Mark frequently used OSINT sources as favorites
  • Quick action to open all favorite sources with a single keyboard shortcut
  • Favorites persist across sessions

Multiple Search Options

  • Open individual sources
  • Open all available sources at once
  • Open only your favorite sources
  • Copy IOCs in original or defanged format
  • Copy search URLs for sharing

Customizable

  • Enable or disable individual OSINT platforms
  • Automatic clipboard copy on selection (optional)

Commands

Search IOC

The primary command that auto-detects the IOC type and displays all relevant OSINT sources. This is the recommended command for most use cases.

Usage:

  • Launch with search ioc
  • Paste any IOC (IP, domain, URL, or hash)
  • Results appear automatically as you type

The Raycast command title is "Search IOC" (internal command id: search-ioc).

Supported Platforms

  • macOS and Windows

Multi-Purpose Platforms

  • VirusTotal - Analyze files, URLs, domains, and IP addresses
  • AlienVault OTX - Open Threat Exchange collaborative intelligence
  • Pulsedive - Free threat intelligence platform
  • Kaspersky OpenTIP - Kaspersky threat intelligence (hash only)

IP Intelligence

  • AbuseIPDB - IP address threat intelligence and blacklist service
  • Shodan - Search engine for internet-connected devices
  • ipinfo.io - Comprehensive IP address data
  • GreyNoise - Internet background noise intelligence

URL and Domain Analysis

  • URLScan.io - Website scanner and domain investigation
  • WebCheck - All-in-one website analysis tool
  • WHOIS - Domain registration information lookup

Malware Analysis

  • Hybrid Analysis - Free automated malware analysis
  • Joe Sandbox - Advanced malware analysis (hash and IP)
  • MalwareBazaar - Malware sample sharing platform
  • threat.rip - Fast threat intelligence for file hashes

Threat Intelligence

  • ThreatFox - IOC sharing platform by abuse.ch
  • IBM X-Force Exchange - Threat intelligence sharing platform

Certificate and SSL

  • Censys - Internet-wide search for devices and certificates
  • crt.sh - Certificate transparency log search

You can enable or disable individual OSINT platforms in the preferences:

  1. Open Raycast preferences (Cmd+,)
  2. Navigate to Extensions > OSINT Toolkit
  3. Toggle checkboxes for each platform

Additional Settings

  • Copy IOC on Selection - Automatically copy the IOC to clipboard when opening a source

Privacy and Security

  • No IOC data is stored or transmitted to third parties
  • All searches open directly in your browser
  • The extension only constructs search URLs; actual queries are performed by your browser
  • All OSINT platforms are accessed via their public web interfaces

jergensturdley avatar Nov 28 '25 08:11 jergensturdley

Congratulations on your new Raycast extension! :rocket:

Due to our current reduced availability, the initial review may take up to 10-15 business days.

Once the PR is approved and merged, the extension will be available on our Store.

raycastbot avatar Nov 28 '25 08:11 raycastbot

Greptile Summary

This PR introduces a new OSINT Toolkit extension that provides security analysts instant access to 15+ threat intelligence platforms for researching IOCs. The extension features auto-detection of IOC types (IPv4, IPv6, domains, URLs, hashes), defanging/refanging support, a favorites system, and configurable platform preferences.

Key strengths:

  • Comprehensive IOC detection with solid validation logic
  • Clean separation of concerns across utility modules
  • Proper error handling and user feedback via toasts
  • Well-documented with clear README and detailed changelog
  • Appropriate use of Raycast API (LocalStorage for favorites, ActionPanel for UX)
  • Good support for 19 OSINT platforms with platform-specific URL handling

Issues found:

  • Domain mismatch for WebCheck between configuration and URL builder (needs clarification)
  • Unnecessary type assertions with getPreferenceValues<ExtensionPreferences>() (Raycast auto-generates types)
  • Title casing inconsistency in package.json

Confidence Score: 4/5

  • This PR is safe to merge with minor improvements recommended for consistency and code quality.
  • The extension demonstrates solid architecture with well-tested IOC detection, proper state management, and comprehensive platform support. The main concerns are minor: a domain mismatch that needs verification and unnecessary type assertions that don't affect runtime. The code follows Raycast conventions, includes proper error handling, and provides good user experience with favorites and keyboard shortcuts. All files are properly documented and the changelog follows the required format.
  • Pay close attention to the WebCheck domain configuration to ensure consistency between osint-sources.ts and url-builder.ts.

Important Files Changed

Filename Overview
extensions/osint-toolkit/package.json Configuration file with 20 platform preferences. Title casing inconsistency noted. All preferences properly structured and defaults are appropriate.
extensions/osint-toolkit/src/search-ioc.tsx Main command component with proper IOC detection, favorites management, and action panels. Type assertions could be simplified. Logic is sound and handles error cases well.
extensions/osint-toolkit/src/utils/url-builder.ts URL construction logic is comprehensive with platform-specific handling. Domain mismatch for WebCheck between source config and URL builder needs clarification.
extensions/osint-toolkit/CHANGELOG.md Changelog properly uses {PR_MERGE_DATE} placeholder and follows semantic versioning. Comprehensive feature listing included.

greptile-apps[bot] avatar Nov 28 '25 08:11 greptile-apps[bot]

Why was this deleted?

pernielsentikaer avatar Dec 07 '25 07:12 pernielsentikaer

@pernielsentikaer I am not sure, I requested copilot review and received this message by surprise. Reopened as this was not intentional and looking into it.

jergensturdley avatar Dec 07 '25 17:12 jergensturdley

Why was this deleted?

Confirmed user error on my end when trying to sync my fork; deleted the wrong branch. Sorry about that.

jergensturdley avatar Dec 07 '25 18:12 jergensturdley

This pull request has been automatically marked as stale because it did not have any recent activity.

It will be closed if no further activity occurs in the next 7 days to keep our backlog clean 😊

raycastbot avatar Dec 22 '25 18:12 raycastbot

@copilot open a new pull request to apply changes based on the comments in this thread

jergensturdley avatar Dec 23 '25 04:12 jergensturdley

Hi 👋

Is this somehow similar to Raycast Store: OSINT Web Check by @gksander

pernielsentikaer avatar Jan 24 '26 20:01 pernielsentikaer