# OsintCat > The all-in-one Intelligence platform. Query 1,500+ data sources instantly via our API or analyze data in the Dashboard. OsintCat is a comprehensive OSINT (Open Source Intelligence) platform designed for security professionals, investigators, and developers. It provides a unified interface and API to access a wide range of data sources, including breach data, public records, social media intelligence, and network reconnaissance tools. ## Core Navigation - [Home](/) - The landing page with feature overview, pricing, and capability summary. - [Dashboard](/dashboard) - The main authenticated interface for accessing all OSINT modules and managing your account. - [API Documentation](/api/docs) - Technical documentation for integrating OsintCat's data sources. - [Full Documentation](https://docs.osintcat.net/) - Comprehensive guides, quickstart tutorials, and detailed API reference. - [Pricing](/pricing) - Subscription tiers and feature comparison. - [Login](/login) - Authentication portal. - [Register](/register) - New user registration. - [Forgot Password](/forgot) - Account recovery. - [Contact Support](/support) - Support and help resources. ## Intelligence Modules (Dashboard) ### General - [Dashboard Home](/dashboard/home) - Overview of account statistics and recent activity. - [Account Settings](/dashboard/account) - Manage profile, security (2FA/Passkeys), and API keys. - [Billing & Plans](/dashboard/pricing) - Manage subscription and billing history. ### OSINT Tools - [Email OSINT](/dashboard/email-osint) - Deep search for email address footprint and associated accounts. - [Username Search](/dashboard/username-osint) - Check username availability and profiles across hundreds of platforms. - [Twitter OSINT](/dashboard/twitter-osint) - Analyze Twitter profiles and activity. - [Phone Lookup](/dashboard/phone-osint) - Retrieve carrier, location, and owner information for phone numbers. - [Github OSINT](/dashboard/github-osint) - Analyze GitHub user activity, repositories, and email leaks. - [US NPD Search](/dashboard/us-npd) - Search US National Public Data records (SSN, Address, etc.). - [IP Lookup](/dashboard/ip-lookup) - Retrieve geolocation, ISP, and threat intelligence for IP addresses. - [DNS Resolver](/dashboard/dns-resolver) - Perform advanced DNS queries and record retrieval. - [Datahound](/dashboard/datahound) - Specialized data retrieval tool. - [VIN Lookup](/dashboard/vin-lookup) - Vehicle Identification Number vehicle history and specs. ### Gaming & Social Intelligence - [Discord Lookup](/dashboard/discord) - Retrieve user and guild information from Discord IDs. - [Discord Monitor](/dashboard/discord-monitor) - Monitor Discord servers and users. - [Discord to Roblox](/dashboard/discord-to-roblox) - Link Discord users to Roblox accounts. - [Roblox Lookup](/dashboard/roblox-lookup) - Retrieve Roblox user profiles and game data. - [Minecraft Lookup](/dashboard/minecraft-lookup) - Query Minecraft player history, skins, and UUIDs. ### Breach & Leak Intelligence - [Stealer Logs Search](/dashboard/database-search) - Search through indexed stealer logs and breach databases. - [Email Breach](/dashboard/email-breach) - Verify if an email address has appeared in known data breaches. - [Username Breach](/dashboard/username-breach) - Check for compromised accounts associated with a username. - [Phone Breach](/dashboard/phone-breach) - Search for data breaches linked to phone numbers. - [IntelX File Retriever](/dashboard/intelx-file-retriever) - Search and retrieve files from Intelligence X. - [IntelX Identity Portal](/dashboard/intelx-identity-portal) - Advanced identity resolution via IntelX. - [Subdomain Finder](/dashboard/subdomain-finder) - Enumerate subdomains to map an organization's digital footprint. ## API Endpoints > For a complete and detailed API reference, including request/response examples and authentication guides, please visit our [Official Documentation](https://docs.osintcat.net/). ### Core Resources - `GET /api/stats` - Platform statistics. - `GET /api/online_count` - Current online users. - `GET /api/user` - Current user profile information. ### Intelligence Data - `POST /api/breach` - Query breach databases. - `GET /api/email-osint` - Perform Email OSINT search. - `GET /api/phone-osint` - Perform Phone OSINT search. - `GET /api/username-osint` - Perform Username search. - `GET /api/ip` - IP address lookup. - `GET /api/dns-resolver` - DNS resolution. - `GET /api/domain` - Domain information. - `GET /api/vin` - VIN lookup. - `GET /api/npd` - US NPD search. ### Platform Specific - `GET /api/discord` - Discord user lookup. - `GET /api/roblox` - Roblox user lookup. - `GET /api/minecraft-lookup` - Minecraft user lookup. - `GET /api/github-userinfo` - GitHub user info. - `GET /api/github-osint` - GitHub OSINT search. - `GET /api/discord-to-roblox` - Discord <-> Roblox resolution. - `GET /api/reddit` - Reddit user lookup. ### Account & Billing - `GET /api/billing/subscription` - Get current subscription details. - `GET /api/billing/history` - Get billing history. - `POST /api/billing/cancel-subscription` - Cancel current subscription. - `POST /api/billing/switch-plan` - Change subscription plan. - `POST /api/account/update-profile` - Update user profile. - `POST /2fa/verify` - Verify 2FA code. ## Legal & Compliance - [Terms of Service](/tos) - Legal terms and conditions. - [Privacy Policy](/privacy) - Data handling and privacy practices. - [EULA](/eula) - End User License Agreement. - [Data Removal](/removal) - Information on data removal. - [Submit Removal Request](/removal-request) - Form to request data removal. - [Security.txt](/security.txt) - Security contact information. - [Robots.txt](/robots.txt) - Crawler directives. ## Use Cases & Workflows ### Common Investigation Patterns 1. **Email Investigation Workflow** - Start with [Email OSINT](/dashboard/email-osint) to get breach data and associated accounts - Use [Email Breach](/dashboard/email-breach) to check specific breach databases - Cross-reference with [Username Search](/dashboard/username-osint) for discovered usernames - Check [Stealer Logs](/dashboard/database-search) for credentials 2. **Domain Reconnaissance** - Use [Subdomain Finder](/dashboard/subdomain-finder) to enumerate attack surface - Query [DNS Resolver](/dashboard/dns-resolver) for DNS records - Check [IP Lookup](/dashboard/ip-lookup) for hosting infrastructure - Search for exposed credentials via breach tools 3. **Social Media Investigation** - [Twitter OSINT](/dashboard/twitter-osint) for Twitter profile analysis - [Github OSINT](/dashboard/github-osint) for code repository activity and leaked emails - [Discord Lookup](/dashboard/discord) for Discord user information - [Roblox Lookup](/dashboard/roblox-lookup) for gaming platform connections 4. **Gaming Platform Attribution** - Start with [Discord Lookup](/dashboard/discord) using Discord ID - Use [Discord to Roblox](/dashboard/discord-to-roblox) to find linked Roblox accounts - Check [Roblox Lookup](/dashboard/roblox-lookup) for profile details - Cross-reference [Minecraft Lookup](/dashboard/minecraft-lookup) for Minecraft accounts ## API Integration Guide ### Authentication All API requests require two headers: ``` x-api-key: oc_your_api_key_here X-Purpose: Your use case (e.g., "Security Research", "Threat Intelligence") ``` API keys are managed in [Account Settings](/dashboard/account). ### Rate Limiting - **Free Tier**: 10 requests/day (no API access) - **Starter**: 50 requests/day (no API access) - **Researcher**: 3 requests/second, 300/day limit - **Investigator**: 3 requests/second, 750/day limit - **Enterprise**: 3 requests/second, unlimited daily quota Custom rate limits available upon request for all API tiers. ### Response Format All API endpoints return JSON with consistent structure: ```json { "status": "success" | "error", "data": { ... }, "message": "Optional message", "timestamp": "ISO 8601 timestamp" } ``` ### Error Handling - `400` - Bad Request (invalid parameters) - `401` - Unauthorized (invalid API key) - `403` - Forbidden (rate limit exceeded or insufficient permissions) - `404` - Not Found (resource doesn't exist) - `429` - Too Many Requests (rate limited) - `500` - Internal Server Error ## Data Sources & Coverage ### Breach Intelligence OsintCat aggregates data from 1,500+ sources including: - Public breach databases and dumps - Stealer log collections (Redline, Vidar, Raccoon, etc.) - IntelX historical archive (Investigator+ tiers) - Paste sites and leak forums - Dark web markets and forums ### OSINT Capabilities - **Email**: Breach history, associated accounts, social media profiles, data leak presence - **Username**: Platform availability across 300+ sites, breach exposure, social media presence - **Phone**: Carrier information, geolocation, owner data, breach databases - **IP Address**: Geolocation, ISP/ASN, threat intelligence, proxy/VPN detection - **Domain/DNS**: Subdomain enumeration, DNS records (A, AAAA, MX, TXT, etc.), WHOIS data - **GitHub**: User activity, repository analysis, commit email extraction, code statistics - **Discord**: User profiles, server information, account creation dates, avatar history - **Gaming**: Roblox profiles/stats, Minecraft UUID/name history, cross-platform attribution ## Feature Availability by Tier ### Data Retention - **Free**: 7 days of search history - **Starter**: 30 days - **Researcher**: 90 days - **Investigator**: 1 year - **Enterprise**: Unlimited/custom ### Export Capabilities - **Free/Starter**: CSV only - **Researcher**: CSV + JSON - **Investigator/Enterprise**: All formats including bulk exports ### IntelX Access - **Free/Starter/Researcher**: IntelX Dashboard view only - **Investigator**: Advanced IntelX queries included - **Enterprise**: Full IntelX File Retriever access ### IP Whitelisting (API Security) - **Free/Starter**: None - **Researcher**: 1 IP - **Investigator**: 3 IPs - **Enterprise**: 10 IPs ## Security & Privacy ### Data Handling - Zero logging policy: Search queries are not logged or shared with third parties - GDPR compliant data processing - All API traffic encrypted via TLS 1.3 - Optional 2FA and Passkey authentication - IP whitelisting for API access control ### Compliance - GDPR compliant - Data processing in secure EU data centers - [Data Removal](/removal) process available - [Privacy Policy](/privacy) and [Terms of Service](/tos) clearly documented ### Security Contact For security vulnerabilities, see [Security.txt](/security.txt) for responsible disclosure. ## Advanced Features ### Webhook Notifications (Researcher+) Configure webhooks in [Account Settings](/dashboard/account) to receive real-time notifications for: - Search completion (async operations) - Quota alerts - New breach data matching monitored entities - Account activity alerts ### Bulk Operations (Investigator+) - Upload CSV files with multiple targets - Automated batch processing - Consolidated results export - Progress tracking in dashboard ### Custom Integrations (Enterprise) - SSO/SAML authentication - Custom data retention policies - White-label API access - Dedicated account manager - Custom SLA agreements - Early access to beta features ## Support & Resources ### Getting Help - **Documentation**: [docs.osintcat.net](https://docs.osintcat.net/) - Comprehensive guides and API reference - **Support Portal**: [Contact Support](/support) - Ticket submission and FAQ - **Discord**: Community support for Free/Starter users - **Email**: Direct support for all tiers - **Priority Support**: Researcher/Investigator tiers - **24/7 Support**: Enterprise tier only ### Response Times - Free/Starter: 24-48 hours - Researcher/Investigator: 12-24 hours (priority) - Enterprise: <4 hours (24/7 priority) ## Quickstart Examples ### Python SDK Pattern ```python import requests BASE_URL = "https://osintcat.net/api" API_KEY = "oc_your_api_key_here" headers = { "x-api-key": API_KEY, "X-Purpose": "Security Research" } # Email OSINT response = requests.get( f"{BASE_URL}/email-osint", headers=headers, params={"email": "target@example.com"} ) print(response.json()) ``` ### Common API Patterns - Email investigation: `GET /api/email-osint?email=target@example.com` - Username search: `GET /api/username-osint?username=target_user` - IP lookup: `GET /api/ip?ip=1.2.3.4` - DNS resolution: `GET /api/dns-resolver?domain=example.com&type=A` - Discord user: `GET /api/discord?id=123456789012345678` ## Limitations & Best Practices ### Data Freshness - Breach data updated regularly as new dumps are discovered - Social media data cached for performance (typically <24h old) - DNS/IP data refreshed in real-time - Historical data available via IntelX (Investigator+ only) ### Best Practices 1. **Use specific queries**: More specific = better results 2. **Check multiple sources**: Cross-reference different OSINT modules 3. **Respect rate limits**: Implement exponential backoff for 429 errors 4. **Cache results**: Store responses client-side to avoid redundant lookups 5. **Monitor quota**: Check usage in [Billing & Plans](/dashboard/pricing) 6. **Validate inputs**: Ensure proper email/phone/IP format before querying ### Legal & Ethical Use OsintCat is designed for legitimate security research, threat intelligence, and investigative purposes. Users must: - Comply with local laws and regulations - Respect target privacy and data protection laws - Use only for authorized investigations - See [Terms of Service](/tos) and [EULA](/eula) for full guidelines ## Troubleshooting ### Common Issues - **401 Unauthorized**: Check API key is correct and properly formatted in `x-api-key` header - **403 Forbidden**: Verify tier has API access; Free/Starter don't include API - **429 Rate Limited**: Exceeded daily quota or requests/second limit - **No results found**: Target may not exist in indexed databases - **Timeout errors**: Try smaller batch sizes or contact support ### API Key Management - Generate keys in [Account Settings](/dashboard/account) - Keys format: `oc_` prefix followed by alphanumeric string - Rotate keys regularly for security - Use IP whitelisting for additional protection (Researcher+ tiers) ## Changelog & Updates ### Recent Platform Updates - Check [Dashboard Home](/dashboard/home) for feature announcements - API versioning: Current version is v1 (stable) - Breaking changes communicated via email 30 days in advance - Beta features available to Enterprise customers first ### Planned Features - Custom rate limit adjustments for API tiers - Additional export formats - Enhanced analytics and reporting - Mobile application (iOS/Android) - Regional API endpoints for reduced latency