logo # I Know You **Self-hosted OSINT aggregation platform** Run dozens of open-source intelligence tools against a single target in parallel; all from one clean web interface. [![Go](https://img.shields.io/badge/Go-1.25+-00ADD8?style=flat&logo=go)](https://go.dev) [![Astro](https://img.shields.io/badge/Astro-Svelte-FF5D01?style=flat&logo=astro)](https://astro.build) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) [![Self-hosted](https://img.shields.io/badge/deployment-self--hosted-blueviolet)](https://github.com/anotherhadi/iknowyou)
--- ## What is it? IKY (iknowyou) is a **self-hosted OSINT (Open-Source Intelligence) platform** that centralises reconnaissance tools into a single reactive web interface. Instead of juggling terminals, browser tabs, and disconnected CLI tools, you type a target once and get results streaming in real time. Designed for security researchers, penetration testers, and OSINT investigators who need speed and visibility without compromising on control. **Supported target types:** `email`, `username`, `domain`, `IP`, `phone`, ... ## Features - **Parallel execution**: all tools run simultaneously; results stream in as they arrive - **Profile system**: create named profiles to enable/disable specific tools or override their config per investigation type (quick recon vs. thorough sweep) - **Per-tool configuration**: set API keys, rate limits, and options globally or per profile - **Tool availability checks**: tools that depend on an external binary report their status; the interface shows which tools are ready, which need config, and which are unavailable - **Search history**: completed searches are kept in memory; results can be reviewed without re-running - **Extensible architecture**: adding a new tool is a single Go file implementing one interface, registered in one line - **Production-ready**: The configuration is YAML-based and read-only mode is supported (for Nix-managed deployments). A NixOS module is available. ## Profiles Profiles let you tailor which tools run and how, without touching the global config. | Profile | Type | Description | | ---------- | -------- | ---------------------------------------------------------------------------- | | `default` | Built-in | All tools active, default settings | | `hard` | Built-in | All tools active, including those that may leave traces at the target | | _(custom)_ | User | Your own combination of enabled/disabled tools and per-tool config overrides | Create and manage custom profiles from the **Profiles** page. ## Useful Links - [See the list of tools](.github/docs/tools.md) - [Learn how it works](.github/docs/how-it-works.md) - [Learn how to contribute](.github/CONTRIBUTING.md) ## Deployment
Deploy on NixOS 1. In the `flake.nix` file, add `iknowyou` in the `inputs` section and import the `iknowyou.nixosModules.default` module: ```nix { inputs = { iknowyou.url = "github:anotherhadi/iknowyou"; }; outputs = { # ... modules = [ inputs.iknowyou.nixosModules.default ]; # ... } } ``` 2. Enable the service: ```nix services.iknowyou = { enable = true; port = 8080; openFirewall = true; }; ``` All tool dependencies are included automatically.
## Configuring
Via the web interface No files needed. API keys, tool settings, and profiles can all be managed from the **Settings** page. Changes are written back to the config file automatically. This only works if the config file is writable. On NixOS with a read-only store path, use one of the methods below instead.
Via a YAML file Create `/etc/iky/config.yaml` (or any path, then point `IKY_CONFIG` to it): ```yaml tools: github-recon: token: ghp_yourtoken whoisfreaks: api_key: yourkey ipinfo: token: yourtoken breachdirectory: api_key: yourkey profiles: quick: enabled: - whois - dig - crt.sh disabled: [] ``` Only include the tools you want to configure — everything else falls back to defaults.
Via Nix + sops-nix (NixOS) API keys should never go in the Nix store (world-readable). Use [sops-nix](https://github.com/Mic92/sops-nix) to store the config file as an encrypted secret and have it decrypted at boot with the right permissions. 1. Add your IKY config to your sops-encrypted secrets file (e.g. `secrets/iky.yaml`): ```yaml iky-config: | tools: github-recon: token: ghp_yourtoken whoisfreaks: api_key: yourkey ipinfo: token: yourtoken profiles: quick: enabled: - whois - dig - crt.sh disabled: [] ``` 2. Declare the secret and point the service to it: ```nix sops.secrets."iky-config" = { owner = "iknowyou"; mode = "0400"; restartUnits = [ "iknowyou.service" ]; }; services.iknowyou = { enable = true; configFile = config.sops.secrets."iky-config".path; }; ``` The module creates the `iknowyou` group automatically and adds it as a supplementary group to the service, so the `DynamicUser` can read the secret without needing a static user.
## ⚠️ Legal Disclaimer **IKY is intended for legal, authorized use only.** This software is designed for: - Security research on systems you own or have **explicit written permission** to test - Penetration testing engagements conducted under a signed scope of work - OSINT investigations carried out in compliance with applicable laws and regulations - Educational purposes in controlled, isolated environments **Using IKY against targets without prior authorization may be illegal** under computer fraud and privacy laws. The author(s) of IKY accept **no responsibility** for any misuse, damage, legal consequences, or harm caused by this software. By using IKY you agree that you are solely responsible for ensuring your use is lawful and ethical. ---
github | gitlab (mirror) | gitea (mirror)