init

.github/CONTRIBUTING.md

@@ -0,0 +1,46 @@
+# Contributing
+
+Contributions are welcome: new tool integrations especially.
+
+1. Fork the repository
+2. Create a feature branch: `git checkout -b feat/my-tool`
+3. Implement your tool
+4. Open a pull request
+
+Please ensure your tool handles context cancellation, respects rate limits, and declares the correct input types. Document any required API key or external binary dependency.
+
+## Development
+
+### Prerequisites
+
+- [Go 1.25+](https://go.dev/dl/)
+- [Bun](https://bun.sh)
+- [Just](https://github.com/casey/just)
+
+Or you can use the Nix Shell by typing `nix develop`
+
+### Run locally
+
+```bash
+git clone https://github.com/anotherhadi/iknowyou.git
+cd iknowyou
+
+just dev
+```
+
+Open [http://localhost:4321](http://localhost:4321).
+
+The backend listens on `:8080` by default. Configure via environment variables:
+
+| Variable     | Default       | Description                  |
+| ------------ | ------------- | ---------------------------- |
+| `IKY_PORT`   | `8080`        | HTTP port                    |
+| `IKY_CONFIG` | `config.yaml` | Path to the YAML config file |
+
+## Adding a Tool
+
+1. Create `back/internal/tools/mytool/mytool.go` implementing `tools.ToolRunner`
+2. Optionally implement `tools.Configurable` + `tools.ConfigDescriber` for config UI support
+3. Optionally implement `tools.AvailabilityChecker` if the tool requires an external binary
+4. Register in `back/cmd/server/main.go` and `back/cmd/gendocs/main.go`
+5. Run `just docs` to update the docs

.github/FUNDING.yml

@@ -0,0 +1 @@
+ko_fi: anotherhadi

.github/docs/how-it-works.md

@@ -0,0 +1,36 @@
+# How it Works
+
+```
+Browser → POST /api/searches (target, type, profile)
+             ↓
+         Backend filters tools by:
+           · input type compatibility
+           · profile enabled/disabled rules
+           · required config fields (skips if missing)
+             ↓
+         All eligible tools run in parallel goroutines
+             ↓
+         Browser polls GET /api/searches/{id}
+         Results render progressively as tools complete
+```
+
+Each tool is a Go struct implementing a small interface: it declares what input types it accepts, what config it needs, and how to run. The engine handles the rest.
+
+## Architecture
+
+```
+iknowyou/
+├── back/                   # Go backend
+│   ├── cmd/
+│   │   ├── server/         # Main HTTP server
+│   │   └── gendocs/        # Doc generator
+│   ├── config/             # YAML config models & builtin profiles
+│   └── internal/
+│       ├── api/            # Chi router + handlers
+│       ├── search/         # Parallel search orchestration
+│       └── tools/          # Tool interface + implementations
+└── front/                  # Astro + Svelte frontend
+    └── src/
+        ├── pages/          # / · /tools · /profiles · /search/[id] · /cheatsheets · /help
+        └── components/     # Svelte interactive components
+```

.github/docs/tools.md

@@ -0,0 +1,18 @@
+# Tools
+
+_12 tools registered._
+
+| Tool | Input types | Description | Link |
+|------|-------------|-------------|------|
+| [`user-scanner`](tools/user-scanner.md) | `email`, `username` | 🕵️‍♂️ (2-in-1) Email & Username OSINT suite. Analyzes 195+ scan vectors (95+ email / 100+ username) for security research, investigations, and digital footprinting. | [Link](https://github.com/kaifcodec/user-scanner) |
+| [`github-recon`](tools/github-recon.md) | `username`, `email` | GitHub OSINT reconnaissance tool. Gathers profile info, social links, organisations, SSH/GPG keys, commits, and more from a GitHub username or email. | [Link](https://github.com/anotherhadi/nur-osint) |
+| [`whois`](tools/whois.md) | `domain`, `ip` | WHOIS lookup for domain registration and IP ownership information. | [Link](https://en.wikipedia.org/wiki/WHOIS) |
+| [`dig`](tools/dig.md) | `domain`, `ip` | DNS lookup querying A, AAAA, MX, NS, TXT, and SOA records for a domain, or reverse DNS (PTR) for an IP. | [Link](https://linux.die.net/man/1/dig) |
+| [`ipinfo`](tools/ipinfo.md) | `ip` | IP geolocation via ipinfo.io — returns city, region, country, coordinates, ASN/org, timezone, and hostname. | [Link](https://ipinfo.io) |
+| [`gravatar-recon`](tools/gravatar-recon.md) | `email` | Gravatar OSINT tool. Extracts public profile data from a Gravatar account: name, bio, location, employment, social accounts, phone, and more. | [Link](https://github.com/anotherhadi/gravatar-recon) |
+| [`whoisfreaks`](tools/whoisfreaks.md) | `email`, `name`, `domain` | Reverse WHOIS lookup via WhoisFreaks — find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records. | [Link](https://whoisfreaks.com) |
+| [`maigret`](tools/maigret.md) | `username` | Username OSINT across 3000+ sites. Searches social networks, forums, and online platforms for an account matching the target username. | [Link](https://github.com/soxoj/maigret) |
+| [`leakcheck`](tools/leakcheck.md) | `email`, `username`, `phone` | Data breach lookup via LeakCheck.io — searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches. | [Link](https://leakcheck.io) |
+| [`crt.sh`](tools/crt.sh.md) | `domain` | SSL/TLS certificate transparency log search via crt.sh — enumerates subdomains and certificates issued for a domain. | [Link](https://crt.sh) |
+| [`breachdirectory`](tools/breachdirectory.md) | `email`, `username` | Data breach search via BreachDirectory — checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes. | [Link](https://breachdirectory.org) |
+| [`wappalyzer`](tools/wappalyzer.md) | `domain` | Web technology fingerprinting via wappalyzergo — detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain. | [Link](https://github.com/projectdiscovery/wappalyzergo) |

.github/docs/tools/breachdirectory.md

@@ -0,0 +1,22 @@
+# `breachdirectory`
+
+Data breach search via BreachDirectory — checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes.
+
+**Source / documentation:** [https://breachdirectory.org](https://breachdirectory.org)
+
+## Input types
+
+- `email`
+- `username`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `api_key` | `string` | **yes** | - | RapidAPI key for BreachDirectory (required — get one at rapidapi.com/rohan-patra/api/breachdirectory) |
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/crt.sh.md

@@ -0,0 +1,17 @@
+# `crt.sh`
+
+SSL/TLS certificate transparency log search via crt.sh — enumerates subdomains and certificates issued for a domain.
+
+**Source / documentation:** [https://crt.sh](https://crt.sh)
+
+## Input types
+
+- `domain`
+
+## Configuration
+
+This tool requires no configuration.
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/dig.md

@@ -0,0 +1,24 @@
+# `dig`
+
+DNS lookup querying A, AAAA, MX, NS, TXT, and SOA records for a domain, or reverse DNS (PTR) for an IP.
+
+**Source / documentation:** [https://linux.die.net/man/1/dig](https://linux.die.net/man/1/dig)
+
+## Input types
+
+- `domain`
+- `ip`
+
+## External dependencies
+
+The following binaries must be installed and available in `$PATH`:
+
+- `dig`
+
+## Configuration
+
+This tool requires no configuration.
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/github-recon.md

@@ -0,0 +1,30 @@
+# `github-recon`
+
+GitHub OSINT reconnaissance tool. Gathers profile info, social links, organisations, SSH/GPG keys, commits, and more from a GitHub username or email.
+
+**Source / documentation:** [https://github.com/anotherhadi/nur-osint](https://github.com/anotherhadi/nur-osint)
+
+## Input types
+
+- `username`
+- `email`
+
+## External dependencies
+
+The following binaries must be installed and available in `$PATH`:
+
+- `github-recon`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `token` | `string` | - | - | GitHub personal access token (enables higher rate limits and more data) |
+| `deepscan` | `bool` | - | `false` | Enable deep scan (slower - scans all repositories for authors/emails) |
+| `spoof_email` | `bool` | - | `false` | Include email spoofing check (email mode only, requires token) |
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/gravatar-recon.md

@@ -0,0 +1,23 @@
+# `gravatar-recon`
+
+Gravatar OSINT tool. Extracts public profile data from a Gravatar account: name, bio, location, employment, social accounts, phone, and more.
+
+**Source / documentation:** [https://github.com/anotherhadi/gravatar-recon](https://github.com/anotherhadi/gravatar-recon)
+
+## Input types
+
+- `email`
+
+## External dependencies
+
+The following binaries must be installed and available in `$PATH`:
+
+- `gravatar-recon`
+
+## Configuration
+
+This tool requires no configuration.
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/ipinfo.md

@@ -0,0 +1,21 @@
+# `ipinfo`
+
+IP geolocation via ipinfo.io — returns city, region, country, coordinates, ASN/org, timezone, and hostname.
+
+**Source / documentation:** [https://ipinfo.io](https://ipinfo.io)
+
+## Input types
+
+- `ip`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `token` | `string` | - | - | ipinfo.io API token (optional — free tier allows 50k req/month without one) |
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/leakcheck.md

@@ -0,0 +1,23 @@
+# `leakcheck`
+
+Data breach lookup via LeakCheck.io — searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches.
+
+**Source / documentation:** [https://leakcheck.io](https://leakcheck.io)
+
+## Input types
+
+- `email`
+- `username`
+- `phone`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `api_key` | `string` | **yes** | - | LeakCheck API key (required — get one at leakcheck.io) |
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/maigret.md

@@ -0,0 +1,27 @@
+# `maigret`
+
+Username OSINT across 3000+ sites. Searches social networks, forums, and online platforms for an account matching the target username.
+
+**Source / documentation:** [https://github.com/soxoj/maigret](https://github.com/soxoj/maigret)
+
+## Input types
+
+- `username`
+
+## External dependencies
+
+The following binaries must be installed and available in `$PATH`:
+
+- `maigret`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `all_sites` | `bool` | - | `false` | Scan all sites in the database instead of just the top 500 (slower) |
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/user-scanner.md

@@ -0,0 +1,29 @@
+# `user-scanner`
+
+🕵️‍♂️ (2-in-1) Email & Username OSINT suite. Analyzes 195+ scan vectors (95+ email / 100+ username) for security research, investigations, and digital footprinting.
+
+**Source / documentation:** [https://github.com/kaifcodec/user-scanner](https://github.com/kaifcodec/user-scanner)
+
+## Input types
+
+- `email`
+- `username`
+
+## External dependencies
+
+The following binaries must be installed and available in `$PATH`:
+
+- `user-scanner`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `allow_loud` | `bool` | - | `false` | Enable scanning sites that may send emails/notifications (password resets, etc.) |
+| `only_found` | `bool` | - | `true` | Only show sites where the username/email was found |
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/wappalyzer.md

@@ -0,0 +1,17 @@
+# `wappalyzer`
+
+Web technology fingerprinting via wappalyzergo — detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain.
+
+**Source / documentation:** [https://github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo)
+
+## Input types
+
+- `domain`
+
+## Configuration
+
+This tool requires no configuration.
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/whois.md

@@ -0,0 +1,24 @@
+# `whois`
+
+WHOIS lookup for domain registration and IP ownership information.
+
+**Source / documentation:** [https://en.wikipedia.org/wiki/WHOIS](https://en.wikipedia.org/wiki/WHOIS)
+
+## Input types
+
+- `domain`
+- `ip`
+
+## External dependencies
+
+The following binaries must be installed and available in `$PATH`:
+
+- `whois`
+
+## Configuration
+
+This tool requires no configuration.
+
+---
+
+[← Back to tools index](../tools.md)

.github/docs/tools/whoisfreaks.md

@@ -0,0 +1,23 @@
+# `whoisfreaks`
+
+Reverse WHOIS lookup via WhoisFreaks — find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records.
+
+**Source / documentation:** [https://whoisfreaks.com](https://whoisfreaks.com)
+
+## Input types
+
+- `email`
+- `name`
+- `domain`
+
+## Configuration
+
+Configure globally via the Tools page or override per profile.
+
+| Field | Type | Required | Default | Description |
+|-------|------|:--------:|---------|-------------|
+| `api_key` | `string` | **yes** | - | WhoisFreaks API key (required — free account at whoisfreaks.com) |
+
+---
+
+[← Back to tools index](../tools.md)