Listen to this Post
Introduction:
Open-Source Intelligence (OSINT) has evolved from manual data scraping to sophisticated, AI-driven reconnaissance. The Big Brother V5.0 represents the next generation of OSINT frameworks, consolidating 21 intelligence modules behind a single AI-assisted analysis engine. This weaponized platform enables security professionals, digital forensics experts, and threat hunters to collect and correlate publicly available information from multiple sources, generating unified intelligence reports with automated risk scoring.
Learning Objectives:
- Master the deployment and configuration of The Big Brother V5.0 OSINT framework using Docker and FastAPI
- Execute cross-module intelligence synthesis through the built-in AI Analyst for automated target identification
- Perform comprehensive digital footprint investigations including domain intelligence, email security, GitHub analysis, and breach correlation
You Should Know:
1. Deploying The Big Brother V5.0 with Docker
The Big Brother V5.0 is built on a modern FastAPI web dashboard with Docker deployment capabilities. Containerization ensures isolated, reproducible environments for OSINT operations.
Step‑by‑step deployment guide:
Linux (Ubuntu/Debian):
Update system and install Docker dependencies sudo apt update && sudo apt install -y apt-transport-https ca-certificates curl software-properties-common Add Docker's official GPG key and repository curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null Install Docker Engine and Docker Compose sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin Clone the repository (replace with actual V5.0 repo URL) git clone https://github.com/chadi0x/TheBigBrother.git cd TheBigBrother Build and launch the containerized environment sudo docker compose up -d --build
Windows (PowerShell as Administrator):
Install Docker Desktop for Windows first, then:
docker pull python:3.10-slim
docker run -d -p 8000:8000 --1ame bigbrother -v ${PWD}:/app python:3.10-slim tail -f /dev/null
docker exec -it bigbrother pip install -r requirements.txt
docker exec -it bigbrother uvicorn main:app --host 0.0.0.0 --port 8000
Verify deployment: Access the FastAPI dashboard at http://localhost:8000` and review the interactive API documentation at/docs`.
- Configuring the AI Analyst for Automated Target Profiling
The AI Analyst is the cornerstone of The Big Brother V5.0, automatically identifying target types (domains, email addresses, IPs, usernames) and orchestrating relevant OSINT modules.
Configuration workflow:
Example Python script to interact with the AI Analyst API
import requests
import json
API_BASE = "http://localhost:8000/api/v1"
TARGET = "example.com" Can be domain, email, IP, or username
Step 1: Submit target for AI analysis
analysis_payload = {"target": TARGET, "modules": ["all"]}
response = requests.post(f"{API_BASE}/analyze", json=analysis_payload)
analysis_id = response.json()["analysis_id"]
Step 2: Poll for results
import time
while True:
result = requests.get(f"{API_BASE}/results/{analysis_id}")
if result.json()["status"] == "completed":
report = result.json()["report"]
break
time.sleep(5)
Step 3: Extract risk score and evidence
risk_score = report["risk_score"]
evidence = report["evidence"]
print(f"Risk Score: {risk_score}/100")
print(f"Key Findings: {json.dumps(evidence, indent=2)}")
AI Analyst capabilities:
- Target classification: Automatically distinguishes between domains, email addresses, IP addresses, and usernames
- Module orchestration: Dynamically invokes the appropriate OSINT modules based on target type
- Report consolidation: Aggregates findings into a single intelligence report with risk scoring and supporting evidence
3. Domain Intelligence and Reconnaissance
The framework provides comprehensive domain intelligence including WHOIS, DNS, TLS, security headers, and subdomain enumeration.
Executing domain reconnaissance:
Using the CLI interface (if available) python bigbrother.py --target example.com --modules whois,dns,tls,subdomains Manual WHOIS query for verification whois example.com DNS enumeration using dig dig example.com ANY dig example.com MX dig example.com NS Subdomain enumeration with alternative tools Install subfinder go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest subfinder -d example.com -silent
Python automation for domain intelligence:
import socket
import ssl
import dns.resolver
def gather_domain_intel(domain):
DNS resolution
try:
ip = socket.gethostbyname(domain)
print(f"IP Address: {ip}")
except:
print("DNS resolution failed")
TLS/SSL certificate inspection
context = ssl.create_default_context()
with socket.create_connection((domain, 443), timeout=5) as sock:
with context.wrap_socket(sock, server_hostname=domain) as ssock:
cert = ssock.getpeercert()
print(f"Certificate Subject: {cert.get('subject')}")
print(f"Certificate Expiry: {cert.get('notAfter')}")
MX record lookup
try:
mx_records = dns.resolver.resolve(domain, 'MX')
for mx in mx_records:
print(f"MX Record: {mx.exchange} (Priority: {mx.preference})")
except:
print("No MX records found")
gather_domain_intel("example.com")
4. Email Security and Deliverability Analysis
Email intelligence modules analyze security configurations, deliverability, and potential exposure in public breaches.
Email security assessment commands:
Check SPF record dig example.com TXT | grep "v=spf1" Check DKIM record (domain-specific selector) dig selector._domainkey.example.com TXT Check DMARC record dig _dmarc.example.com TXT Using the framework's email module python bigbrother.py --target [email protected] --modules email,breach
Python script for email breach checking:
import hashlib
import requests
def check_breach(email):
Using Have I Been Pwned API (v3)
sha1_hash = hashlib.sha1(email.encode()).hexdigest().upper()
prefix, suffix = sha1_hash[:5], sha1_hash[5:]
response = requests.get(f"https://api.pwnedpasswords.com/range/{prefix}")
if response.status_code == 200:
hashes = [line.split(':') for line in response.text.splitlines()]
for h, count in hashes:
if h == suffix:
print(f"⚠️ Breach detected! {count} occurrences found")
return True
print("✅ No breaches found for this email")
return False
check_breach("[email protected]")
5. GitHub and Developer Footprint Analysis
The framework performs developer footprint analysis by scanning public GitHub repositories for sensitive information exposure.
GitHub reconnaissance techniques:
Using the framework's GitHub module python bigbrother.py --target "username" --modules github Manual GitHub search using gh CLI gh search code "password" --owner=target_org --language=Python gh search code "API_KEY" --owner=target_org Advanced dorking for GitHub Search for exposed .env files gh search code "filename:.env" --owner=target_org Search for AWS keys gh search code "AKIA" --owner=target_org
Python automation for GitHub scanning:
import requests
from github import Github
def analyze_github_footprint(username, token=None):
g = Github(token) if token else Github()
user = g.get_user(username)
Get repositories
repos = user.get_repos()
findings = []
for repo in repos:
Check for sensitive file patterns
contents = repo.get_contents("")
for content in contents:
if content.name in ['.env', 'config.py', 'secrets.json', 'credentials.txt']:
findings.append({
'repo': repo.name,
'file': content.name,
'url': content.html_url
})
return findings
Example usage
findings = analyze_github_footprint("target_username")
for f in findings:
print(f"⚠️ Exposed file: {f['repo']}/{f['file']} - {f['url']}")
6. Public Breach Intelligence and Paste Monitoring
Multi-source paste monitoring and public breach intelligence integration allow investigators to correlate exposed credentials with active targets.
Monitoring public paste sites:
Using the framework's paste monitoring module python bigbrother.py --target "company.com" --modules paste,breach Manual Pastebin monitoring via API curl -X GET "https://psbdmp.ws/api/v3/search/domain/example.com"
Python script for paste monitoring:
import requests
import time
def monitor_pastes(keyword, interval=300):
"""Monitor public paste sites for keywords"""
Pastebin scraping (ethical use only)
url = f"https://pastebin.com/archive"
response = requests.get(url)
Alternative: Use psbdmp API
api_url = f"https://psbdmp.ws/api/v3/search/{keyword}"
response = requests.get(api_url)
if response.status_code == 200:
data = response.json()
for paste in data.get('data', []):
print(f"📋 Paste found: {paste.get('id')} - {paste.get('title')}")
print(f" Content snippet: {paste.get('content', '')[:200]}...")
return response.json()
Continuous monitoring loop
while True:
monitor_pastes("target_domain.com")
time.sleep(300) Check every 5 minutes
7. Advanced Dorking and Search Reconnaissance
The framework includes dork generation capabilities for targeted search reconnaissance across multiple search engines.
Google Dorking command examples:
Generate dorks using the framework python bigbrother.py --target "example.com" --modules dork Manual Google dorks for reconnaissance Find exposed directories site:example.com intitle:"index of" Find exposed .git repositories site:example.com ".git" -gitlab -github Find exposed configuration files site:example.com "web.config" OR "appsettings.json" Find exposed logs site:example.com filetype:log Find exposed database dumps site:example.com filetype:sql "INSERT INTO"
Python dork generation utility:
def generate_dorks(domain):
dork_templates = [
f"site:{domain} intitle:\"index of\"",
f"site:{domain} \".git\" -gitlab -github",
f"site:{domain} filetype:log",
f"site:{domain} filetype:sql \"INSERT INTO\"",
f"site:{domain} \"web.config\" OR \"appsettings.json\"",
f"site:{domain} \"password\" OR \"passwd\"",
f"site:{domain} \"api_key\" OR \"apikey\"",
f"site:{domain} \"secret\" OR \"token\"",
f"site:{domain} inurl:admin",
f"site:{domain} inurl:login",
f"site:{domain} \"service account\"",
f"intitle:\"dashboard\" {domain}"
]
return dork_templates
Usage
dorks = generate_dorks("example.com")
for i, dork in enumerate(dorks, 1):
print(f"{i}. {dork}")
8. EXIF Metadata and Geospatial Intelligence
EXIF metadata extraction and geospatial intelligence (GEOINT) capabilities enable investigators to extract location data and analyze visual intelligence.
EXIF extraction commands:
Using the framework's EXIF module python bigbrother.py --target image.jpg --modules exif Manual EXIF extraction with exiftool exiftool -All image.jpg Extract GPS coordinates specifically exiftool -GPSLatitude -GPSLongitude image.jpg Using Python for automated EXIF analysis
Python script for EXIF and GEOINT:
from PIL import Image
from PIL.ExifTags import TAGS, GPSTAGS
import requests
def extract_gps_from_image(image_path):
image = Image.open(image_path)
exifdata = image.getexif()
gps_info = {}
for tag_id, value in exifdata.items():
tag = TAGS.get(tag_id, tag_id)
if tag == "GPSInfo":
for gps_tag in value:
sub_tag = GPSTAGS.get(gps_tag, gps_tag)
gps_info[bash] = value[bash]
if 'GPSLatitude' in gps_info and 'GPSLongitude' in gps_info:
lat = gps_info['GPSLatitude']
lon = gps_info['GPSLongitude']
lat_ref = gps_info.get('GPSLatitudeRef', 'N')
lon_ref = gps_info.get('GPSLongitudeRef', 'E')
Convert to decimal degrees
lat_decimal = lat[bash] + lat[bash]/60 + lat[bash]/3600
lon_decimal = lon[bash] + lon[bash]/60 + lon[bash]/3600
if lat_ref == 'S':
lat_decimal = -lat_decimal
if lon_ref == 'W':
lon_decimal = -lon_decimal
return {'latitude': lat_decimal, 'longitude': lon_decimal}
return None
Reverse geocoding with OpenStreetMap
def reverse_geocode(lat, lon):
url = f"https://nominatim.openstreetmap.org/reverse?lat={lat}&lon={lon}&format=json"
response = requests.get(url, headers={'User-Agent': 'OSINT-Tool'})
data = response.json()
return data.get('display_name', 'Location not found')
gps = extract_gps_from_image("photo.jpg")
if gps:
location = reverse_geocode(gps['latitude'], gps['longitude'])
print(f"📍 Location: {location}")
print(f" Coordinates: {gps['latitude']}, {gps['longitude']}")
9. Network Reconnaissance and IP Reputation Analysis
IP and reputation analysis modules provide threat intelligence on target infrastructure.
Network reconnaissance commands:
Using the framework's network module python bigbrother.py --target 192.168.1.1 --modules ip,reputation Manual network reconnaissance Port scanning with nmap nmap -sS -p- -T4 target_ip Service detection nmap -sV -sC target_ip Reverse DNS lookup nslookup target_ip IP reputation checking curl "https://api.abuseipdb.com/api/v2/check?ipAddress=target_ip" \ -H "Key: YOUR_API_KEY" -H "Accept: application/json"
Python network intelligence script:
import socket
import requests
import subprocess
def analyze_ip(ip_address):
results = {}
Reverse DNS
try:
results['hostname'] = socket.gethostbyaddr(ip_address)[bash]
except:
results['hostname'] = 'No reverse DNS'
Geolocation (using ip-api.com)
geo_response = requests.get(f"http://ip-api.com/json/{ip_address}")
if geo_response.status_code == 200:
geo_data = geo_response.json()
results['country'] = geo_data.get('country')
results['city'] = geo_data.get('city')
results['isp'] = geo_data.get('isp')
results['coordinates'] = f"{geo_data.get('lat')}, {geo_data.get('lon')}"
AbuseIPDB check
abuse_response = requests.get(
f"https://api.abuseipdb.com/api/v2/check",
params={'ipAddress': ip_address},
headers={'Key': 'YOUR_API_KEY', 'Accept': 'application/json'}
)
if abuse_response.status_code == 200:
abuse_data = abuse_response.json()['data']
results['abuse_score'] = abuse_data.get('abuseConfidenceScore')
results['total_reports'] = abuse_data.get('totalReports')
return results
ip_info = analyze_ip("8.8.8.8")
for key, value in ip_info.items():
print(f"{key}: {value}")
What Undercode Say:
- AI-Driven OSINT is the New Standard: The integration of an AI Analyst that automatically identifies target types and orchestrates modules represents a paradigm shift. Manual correlation of OSINT data is being replaced by intelligent automation, significantly reducing investigation time while improving accuracy.
-
Docker-First Deployment Lowers Barriers: With FastAPI and Docker deployment, The Big Brother V5.0 democratizes advanced OSINT capabilities. Security professionals can deploy sophisticated reconnaissance infrastructure without extensive DevOps expertise, enabling faster incident response and threat hunting.
-
Unified Intelligence Reporting is Critical: The framework’s ability to consolidate findings from 21 modules into a single report with risk scoring addresses a fundamental challenge in digital investigations. Analysts no longer need to manually correlate data across disparate tools, reducing the risk of missed connections and incomplete intelligence.
-
Ethical Boundaries Must Be Respected: OSINT frameworks like The Big Brother are powerful tools that must be used responsibly. The distinction between legitimate security assessments and privacy violations is clear but requires strict adherence to applicable laws, privacy requirements, and platform terms of service.
-
The Threat Intelligence Landscape is Evolving: As AI-powered OSINT becomes more accessible, both defenders and attackers gain new capabilities. Organizations must proactively monitor their digital footprint and implement robust security controls to mitigate exposure. The framework’s breach intelligence and paste monitoring modules are essential for proactive defense.
-
Skills Gap in OSINT Automation: While frameworks like The Big Brother lower technical barriers, effective use still requires understanding of OSINT methodologies, data correlation, and intelligence analysis. Security teams should invest in training to maximize the value of these tools.
Prediction:
-
+1 AI-powered OSINT frameworks will become standard components of security operations centers (SOCs) within 18 months, reducing investigation times by 60-70% through automated correlation and risk scoring.
-
+1 The integration of real-time breach intelligence and paste monitoring will enable organizations to detect credential exposure within hours instead of days, significantly reducing the window of vulnerability.
-
-1 The proliferation of accessible OSINT frameworks will lead to increased reconnaissance attacks, forcing organizations to adopt zero-trust architectures and continuous digital footprint monitoring as baseline security requirements.
-
-1 Regulatory scrutiny of AI-powered intelligence gathering will intensify as frameworks become more sophisticated, potentially leading to new compliance requirements for organizations using such tools in investigations.
-
+1 The open-source nature of tools like The Big Brother will drive innovation in OSINT automation, with community contributions expanding module coverage and improving AI analysis accuracy across diverse threat vectors.
▶️ Related Video (78% Match):
https://www.youtube.com/watch?v=-15dpxv1AYE
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Syed Muneeb – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
