← Back to work
02 · Open-source intelligence · 2024

Intel's OSINT Telegram Bot

A full open-source-intelligence platform delivered through a chat interface. Breach search, network recon, threat intel, digital forensics — one bot, button-driven, with a credit system and public REST API.

Role
Sole engineer
Stack
Python, asyncio
Host
Arch Linux · systemd
Users
200+ active
OSINT bot screen
01 · Why a bot

A web app for OSINT was the wrong shape.

Investigators don't sit at desks running a SaaS dashboard. They're on phones, between meetings, copying a phone number out of a screenshot and needing answers in seconds. Telegram already lives on every device they use; turning it into the front-end was the right move.

Every module is a button. No CLI knowledge required. The CLI veterans get a full REST API.

Five investigation tracks, one interface.

  • Identity & leak — aggregated breach databases, plaintext + hash searches, mutual breach detection.
  • Network recon — Shodan integration, port maps, banner-grab summaries, ASN ownership chains.
  • Threat intel — malware/phishing scanners, IOC lookups, freshness scoring.
  • Digital forensics — EXIF extraction with GPS pinning, Wayback Machine timeline reconstruction.
  • Geolocation — IP and metadata to coords, with confidence intervals shown to the user (so they don't over-trust a result).
Bot screen 1 Bot screen 2 Bot screen 3 Bot screen 4
02 · Architecture

Async-first, provider-agnostic.

Every external data source lives behind a thin async wrapper. The bot's command layer doesn't care whether a phone-lookup result came from Provider A or Provider B — it gets a normalized response or a graceful failure with a credit refund. Adding a new provider is one file.

Credits, rate limits, and quotas live in a single SQLite-backed ledger. systemd handles restarts; structured logging streams to journalctl. The whole thing runs on one small Arch box.

# providers/base.py
class Provider:
    name: str
    cost: int

    async def query(self, target: str) -> "NormalResult":
        raise NotImplementedError

    async def health(self) -> bool:
        ...

# register: just add to PROVIDERS list. The bot picks them up.
"OSINT tools fail when they over-promise. The hardest UX work was showing users how confident a result is — not just the result."
03 · What's next

Web companion + investigation graphs.

Long-running investigations need a paper trail. The next phase adds a web dashboard that mirrors a user's bot history into linked entity graphs — the kind of thing Maltego does, but rendered as a clean force-directed view in the browser, free for existing bot users.

navigate · selectGlobality v3