A comprehensive, containerized framework for secure and organized Open Source Intelligence (OSINT) operations.
- Modular Architecture: Extensible design with separate modules for different OSINT tasks
- Containerized Tools: Pre-configured security tools in isolated containers
- Secure by Default: Built-in security measures for safe operations
- Data Management: Organized storage and export of collected intelligence
- Network Privacy: Advanced routing and VPN integration
- User-Friendly Interface: Intuitive terminal-based menu system
- Linux-based OS (Ubuntu 20.04+ recommended)
- Docker and Docker Compose
- 4GB+ RAM (8GB recommended)
- 20GB+ free disk space
- Root/sudo access
The project uses a two-layer configuration system:
- Development/Environment Configuration (
.envfile) - Deployment Configuration (Ansible variables)
This is the primary configuration file for local development and deployment:
# Copy the template
cp .env.template .env
# Edit the configuration
nano .env # or use your preferred editorFor deployment, the .env variables are converted to Ansible variables:
-
Generate Ansible variables:
# Run the conversion script ./deploy/scripts/update_ansible_vars.shThis will:
- Read
.envfile - Convert variables to Ansible format (lowercase)
- Save to
deploy/ansible/group_vars/all/env_vars.yml
- Read
-
Variable Mapping:
.env Variable Ansible Variable Example DATA_DIRdata_dir/opt/osint/dataLOG_LEVELlog_levelINFO -
Using Variables in Ansible:
# Example in osint_servers.yml data_directory: "{{ data_dir | default('/opt/osint/data') }}"
- Never commit sensitive data to version control
- Always run
update_ansible_vars.shafter changing.env - Use
default()filter in Ansible for fallback values - Document new variables in
.env.template
SERVER_IP: Your server's public IP addressSERVER_REGION: Server region (e.g., 'EU', 'US')SERVER_USER: Default SSH user (default: 'root')SSH_KEY_PATH: Path to SSH private key (default: '~/.ssh/id_ed25519')
PRIMARY_NETWORK_INTERFACE: Primary network interface (default: 'eth0')
MULLVAD_ACCOUNT_NUMBER: Your Mullvad account numberMULLVAD_ACCOUNT_KEY: Your Mullvad account keyMULLVAD_RELAY_COUNTRY: VPN relay country code (default: 'se')MULLVAD_RELAY_CITY: (Optional) Specific city for VPN relayWIREGUARD_ADDRESS: WireGuard internal network (default: '10.0.0.1/24')
NEO4J_URI: Neo4j connection URI (default: 'bolt://localhost:7687')NEO4J_USER: Neo4j username (default: 'neo4j')NEO4J_PASSWORD: Neo4j password (default: 'osintpassword')SENTRY_DSN: Sentry DSN for error tracking
DATA_DIR: Base directory for all data (default: '/opt/osint/data')LOG_DIR: Directory for log files (default: '/opt/osint/logs')WEB_DATA_DIR: Web module data (default: '${DATA_DIR}/web')NETWORK_DATA_DIR: Network module data (default: '${DATA_DIR}/network')IDENTITY_DATA_DIR: Identity module data (default: '${DATA_DIR}/identity')DOMAIN_DATA_DIR: Domain module data (default: '${DATA_DIR}/domain')
ENVIRONMENT: Runtime environment ('development' or 'production')
SSH_PUBLIC_KEY: SSH public key for authenticationCAMPO_PASSWORD: Password for the 'campo' user account
- Linux/macOS (for Ansible control node)
- Python 3.8+
- Ansible
- SSH access to target server
- Git
- Ubuntu 22.04 LTS (recommended)
- Root access
- SSH server running
- Internet access for package downloads
-
On your local machine, clone the repository:
git clone https://github.com/yourusername/moon.git cd moon -
Configure deployment settings:
# Copy and edit the environment template cp .env.template .env nano .env # Update with your settings # Configure the inventory file nano deploy/ansible/inventory/osint_servers.yml
-
Install Ansible and dependencies:
# On Ubuntu/Debian sudo apt update sudo apt install -y python3-pip python3-venv # Create and activate virtual environment python3 -m venv venv source venv/bin/activate # Install Ansible and required collections pip install ansible ansible-galaxy collection install -r deploy/ansible/requirements.yml
-
Deploy to target server:
# Test Ansible connection ansible all -i deploy/ansible/inventory/osint_servers.yml -m ping # Run the deployment playbook ansible-playbook -i deploy/ansible/inventory/osint_servers.yml deploy/ansible/site.yml
-
Verify deployment:
# Check running containers ansible all -i deploy/ansible/inventory/osint_servers.yml -m shell -a "docker ps" # View logs (example for web container) ansible all -i deploy/ansible/inventory/osint_servers.yml -m shell -a "docker logs osint-web"
-
Access the web interface (if applicable):
https://your-server-ip:8443 -
Access the terminal interface via SSH:
ssh osint@your-server-ip
-
Common management commands (run on target server):
# View container status sudo docker ps -a # View logs for a container sudo docker logs osint-web # Access container shell sudo docker exec -it osint-web /bin/bash # Restart services sudo docker restart osint-web osint-network
For development or testing on a single machine:
-
Clone and set up the repository as shown above
-
Build and start containers:
# Make the manager script executable chmod +x core/containers/manager.sh # Build and start all containers sudo ./core/containers/manager.sh build all sudo ./core/containers/manager.sh start all
-
Access the terminal interface:
sudo ./ui/terminal/main.sh
For production deployments, use the automated deployment script:
-
Clone the repository on your management machine:
git clone https://github.com/yourusername/moon.git cd moon -
Install Ansible (if not already installed):
sudo apt update sudo apt install -y ansible
-
Configure the inventory: Edit
deploy/ansible/inventory/osint_servers.ymlto specify your target servers. -
Set up environment variables: Copy the example environment file and update it with your configuration:
cp .env.example .env nano .env # Update with your settings -
Run the deployment script:
sudo ./deploy/scripts/deploy.sh
This will:
- Generate SSH keys if needed
- Run Ansible playbooks to configure the system
- Set up containers and services
- Configure networking and security
-
Verify the deployment:
# Check container status sudo ./core/containers/manager.sh status # Check network configuration sudo ./core/network/control.sh status
- Interface management and monitoring
- Secure DNS configuration with privacy-focused resolvers
- Advanced routing for operational security
- Leak prevention mechanisms
- USB tethering support
- credentials.sh: Secure credential management with AES-256-CBC encryption
- wipe.sh: Secure data deletion with multiple wiping modes
The terminal interface provides access to various OSINT modules:
-
Domain Intelligence
- Subdomain enumeration
- DNS analysis
- WHOIS lookups
-
Network Scanning
- Port scanning
- Service detection
- Vulnerability assessment
-
Identity Research
- Username searches
- Email investigations
- Social media discovery
-
Web Analysis
- Technology detection
- Content discovery
- Security headers analysis
-
Security & Privacy
- VPN management
- Tor routing
- DNS privacy
-
System Controls
- Tool updates
- System status
- Data management
- Always use a VPN when conducting OSINT operations
- Regularly update all tools and dependencies
- Review collected data before sharing or storing
- Use secure wipe for sensitive information
- Maintain operational security by limiting data exposure
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For support or questions, please open an issue on our GitHub repository.
π‘ Tip: Always ensure you have proper authorization before performing any security testing or scanning activities.