PyPI - aiptx - Versions diffs - 2.0.7__py3-none-any.whl - Mend

aiptx 2.0.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

aipt_v2/__init__.py +110 -0
aipt_v2/__main__.py +24 -0
aipt_v2/agents/AIPTxAgent/__init__.py +10 -0
aipt_v2/agents/AIPTxAgent/aiptx_agent.py +211 -0
aipt_v2/agents/__init__.py +46 -0
aipt_v2/agents/base.py +520 -0
aipt_v2/agents/exploit_agent.py +688 -0
aipt_v2/agents/ptt.py +406 -0
aipt_v2/agents/state.py +168 -0
aipt_v2/app.py +957 -0
aipt_v2/browser/__init__.py +31 -0
aipt_v2/browser/automation.py +458 -0
aipt_v2/browser/crawler.py +453 -0
aipt_v2/cli.py +2933 -0
aipt_v2/compliance/__init__.py +71 -0
aipt_v2/compliance/compliance_report.py +449 -0
aipt_v2/compliance/framework_mapper.py +424 -0
aipt_v2/compliance/nist_mapping.py +345 -0
aipt_v2/compliance/owasp_mapping.py +330 -0
aipt_v2/compliance/pci_mapping.py +297 -0
aipt_v2/config.py +341 -0
aipt_v2/core/__init__.py +43 -0
aipt_v2/core/agent.py +630 -0
aipt_v2/core/llm.py +395 -0
aipt_v2/core/memory.py +305 -0
aipt_v2/core/ptt.py +329 -0
aipt_v2/database/__init__.py +14 -0
aipt_v2/database/models.py +232 -0
aipt_v2/database/repository.py +384 -0
aipt_v2/docker/__init__.py +23 -0
aipt_v2/docker/builder.py +260 -0
aipt_v2/docker/manager.py +222 -0
aipt_v2/docker/sandbox.py +371 -0
aipt_v2/evasion/__init__.py +58 -0
aipt_v2/evasion/request_obfuscator.py +272 -0
aipt_v2/evasion/tls_fingerprint.py +285 -0
aipt_v2/evasion/ua_rotator.py +301 -0
aipt_v2/evasion/waf_bypass.py +439 -0
aipt_v2/execution/__init__.py +23 -0
aipt_v2/execution/executor.py +302 -0
aipt_v2/execution/parser.py +544 -0
aipt_v2/execution/terminal.py +337 -0
aipt_v2/health.py +437 -0
aipt_v2/intelligence/__init__.py +194 -0
aipt_v2/intelligence/adaptation.py +474 -0
aipt_v2/intelligence/auth.py +520 -0
aipt_v2/intelligence/chaining.py +775 -0
aipt_v2/intelligence/correlation.py +536 -0
aipt_v2/intelligence/cve_aipt.py +334 -0
aipt_v2/intelligence/cve_info.py +1111 -0
aipt_v2/intelligence/knowledge_graph.py +590 -0
aipt_v2/intelligence/learning.py +626 -0
aipt_v2/intelligence/llm_analyzer.py +502 -0
aipt_v2/intelligence/llm_tool_selector.py +518 -0
aipt_v2/intelligence/payload_generator.py +562 -0
aipt_v2/intelligence/rag.py +239 -0
aipt_v2/intelligence/scope.py +442 -0
aipt_v2/intelligence/searchers/__init__.py +5 -0
aipt_v2/intelligence/searchers/exploitdb_searcher.py +523 -0
aipt_v2/intelligence/searchers/github_searcher.py +467 -0
aipt_v2/intelligence/searchers/google_searcher.py +281 -0
aipt_v2/intelligence/tools.json +443 -0
aipt_v2/intelligence/triage.py +670 -0
aipt_v2/interactive_shell.py +559 -0
aipt_v2/interface/__init__.py +5 -0
aipt_v2/interface/cli.py +230 -0
aipt_v2/interface/main.py +501 -0
aipt_v2/interface/tui.py +1276 -0
aipt_v2/interface/utils.py +583 -0
aipt_v2/llm/__init__.py +39 -0
aipt_v2/llm/config.py +26 -0
aipt_v2/llm/llm.py +514 -0
aipt_v2/llm/memory.py +214 -0
aipt_v2/llm/request_queue.py +89 -0
aipt_v2/llm/utils.py +89 -0
aipt_v2/local_tool_installer.py +1467 -0
aipt_v2/models/__init__.py +15 -0
aipt_v2/models/findings.py +295 -0
aipt_v2/models/phase_result.py +224 -0
aipt_v2/models/scan_config.py +207 -0
aipt_v2/monitoring/grafana/dashboards/aipt-dashboard.json +355 -0
aipt_v2/monitoring/grafana/dashboards/default.yml +17 -0
aipt_v2/monitoring/grafana/datasources/prometheus.yml +17 -0
aipt_v2/monitoring/prometheus.yml +60 -0
aipt_v2/orchestration/__init__.py +52 -0
aipt_v2/orchestration/pipeline.py +398 -0
aipt_v2/orchestration/progress.py +300 -0
aipt_v2/orchestration/scheduler.py +296 -0
aipt_v2/orchestrator.py +2427 -0
aipt_v2/payloads/__init__.py +27 -0
aipt_v2/payloads/cmdi.py +150 -0
aipt_v2/payloads/sqli.py +263 -0
aipt_v2/payloads/ssrf.py +204 -0
aipt_v2/payloads/templates.py +222 -0
aipt_v2/payloads/traversal.py +166 -0
aipt_v2/payloads/xss.py +204 -0
aipt_v2/prompts/__init__.py +60 -0
aipt_v2/proxy/__init__.py +29 -0
aipt_v2/proxy/history.py +352 -0
aipt_v2/proxy/interceptor.py +452 -0
aipt_v2/recon/__init__.py +44 -0
aipt_v2/recon/dns.py +241 -0
aipt_v2/recon/osint.py +367 -0
aipt_v2/recon/subdomain.py +372 -0
aipt_v2/recon/tech_detect.py +311 -0
aipt_v2/reports/__init__.py +17 -0
aipt_v2/reports/generator.py +313 -0
aipt_v2/reports/html_report.py +378 -0
aipt_v2/runtime/__init__.py +53 -0
aipt_v2/runtime/base.py +30 -0
aipt_v2/runtime/docker.py +401 -0
aipt_v2/runtime/local.py +346 -0
aipt_v2/runtime/tool_server.py +205 -0
aipt_v2/runtime/vps.py +830 -0
aipt_v2/scanners/__init__.py +28 -0
aipt_v2/scanners/base.py +273 -0
aipt_v2/scanners/nikto.py +244 -0
aipt_v2/scanners/nmap.py +402 -0
aipt_v2/scanners/nuclei.py +273 -0
aipt_v2/scanners/web.py +454 -0
aipt_v2/scripts/security_audit.py +366 -0
aipt_v2/setup_wizard.py +941 -0
aipt_v2/skills/__init__.py +80 -0
aipt_v2/skills/agents/__init__.py +14 -0
aipt_v2/skills/agents/api_tester.py +706 -0
aipt_v2/skills/agents/base.py +477 -0
aipt_v2/skills/agents/code_review.py +459 -0
aipt_v2/skills/agents/security_agent.py +336 -0
aipt_v2/skills/agents/web_pentest.py +818 -0
aipt_v2/skills/prompts/__init__.py +647 -0
aipt_v2/system_detector.py +539 -0
aipt_v2/telemetry/__init__.py +7 -0
aipt_v2/telemetry/tracer.py +347 -0
aipt_v2/terminal/__init__.py +28 -0
aipt_v2/terminal/executor.py +400 -0
aipt_v2/terminal/sandbox.py +350 -0
aipt_v2/tools/__init__.py +44 -0
aipt_v2/tools/active_directory/__init__.py +78 -0
aipt_v2/tools/active_directory/ad_config.py +238 -0
aipt_v2/tools/active_directory/bloodhound_wrapper.py +447 -0
aipt_v2/tools/active_directory/kerberos_attacks.py +430 -0
aipt_v2/tools/active_directory/ldap_enum.py +533 -0
aipt_v2/tools/active_directory/smb_attacks.py +505 -0
aipt_v2/tools/agents_graph/__init__.py +19 -0
aipt_v2/tools/agents_graph/agents_graph_actions.py +69 -0
aipt_v2/tools/api_security/__init__.py +76 -0
aipt_v2/tools/api_security/api_discovery.py +608 -0
aipt_v2/tools/api_security/graphql_scanner.py +622 -0
aipt_v2/tools/api_security/jwt_analyzer.py +577 -0
aipt_v2/tools/api_security/openapi_fuzzer.py +761 -0
aipt_v2/tools/browser/__init__.py +5 -0
aipt_v2/tools/browser/browser_actions.py +238 -0
aipt_v2/tools/browser/browser_instance.py +535 -0
aipt_v2/tools/browser/tab_manager.py +344 -0
aipt_v2/tools/cloud/__init__.py +70 -0
aipt_v2/tools/cloud/cloud_config.py +273 -0
aipt_v2/tools/cloud/cloud_scanner.py +639 -0
aipt_v2/tools/cloud/prowler_tool.py +571 -0
aipt_v2/tools/cloud/scoutsuite_tool.py +359 -0
aipt_v2/tools/executor.py +307 -0
aipt_v2/tools/parser.py +408 -0
aipt_v2/tools/proxy/__init__.py +5 -0
aipt_v2/tools/proxy/proxy_actions.py +103 -0
aipt_v2/tools/proxy/proxy_manager.py +789 -0
aipt_v2/tools/registry.py +196 -0
aipt_v2/tools/scanners/__init__.py +343 -0
aipt_v2/tools/scanners/acunetix_tool.py +712 -0
aipt_v2/tools/scanners/burp_tool.py +631 -0
aipt_v2/tools/scanners/config.py +156 -0
aipt_v2/tools/scanners/nessus_tool.py +588 -0
aipt_v2/tools/scanners/zap_tool.py +612 -0
aipt_v2/tools/terminal/__init__.py +5 -0
aipt_v2/tools/terminal/terminal_actions.py +37 -0
aipt_v2/tools/terminal/terminal_manager.py +153 -0
aipt_v2/tools/terminal/terminal_session.py +449 -0
aipt_v2/tools/tool_processing.py +108 -0
aipt_v2/utils/__init__.py +17 -0
aipt_v2/utils/logging.py +202 -0
aipt_v2/utils/model_manager.py +187 -0
aipt_v2/utils/searchers/__init__.py +269 -0
aipt_v2/verify_install.py +793 -0
aiptx-2.0.7.dist-info/METADATA +345 -0
aiptx-2.0.7.dist-info/RECORD +187 -0
aiptx-2.0.7.dist-info/WHEEL +5 -0
aiptx-2.0.7.dist-info/entry_points.txt +7 -0
aiptx-2.0.7.dist-info/licenses/LICENSE +21 -0
aiptx-2.0.7.dist-info/top_level.txt +1 -0

aipt_v2/recon/dns.py ADDED Viewed

@@ -0,0 +1,241 @@
+"""
+AIPT DNS Analyzer
+DNS enumeration and analysis.
+"""
+from __future__ import annotations
+import asyncio
+import logging
+import socket
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Optional
+logger = logging.getLogger(__name__)
+# dns.resolver import with fallback
+try:
+    import dns.resolver
+    import dns.zone
+    import dns.query
+    DNS_AVAILABLE = True
+except ImportError:
+    DNS_AVAILABLE = False
+    logger.warning("dnspython not installed. Install with: pip install dnspython")
+@dataclass
+class DNSRecord:
+    """DNS record"""
+    record_type: str  # A, AAAA, MX, NS, TXT, CNAME, etc.
+    name: str
+    value: str
+    ttl: int = 0
+    priority: int = 0  # For MX records
+    def to_dict(self) -> dict:
+        return {
+            "type": self.record_type,
+            "name": self.name,
+            "value": self.value,
+            "ttl": self.ttl,
+            "priority": self.priority,
+        }
+@dataclass
+class DNSResult:
+    """DNS analysis results"""
+    domain: str
+    records: list[DNSRecord] = field(default_factory=list)
+    nameservers: list[str] = field(default_factory=list)
+    mail_servers: list[str] = field(default_factory=list)
+    ip_addresses: list[str] = field(default_factory=list)
+    # Security analysis
+    has_spf: bool = False
+    has_dmarc: bool = False
+    has_dkim: bool = False
+    zone_transfer_possible: bool = False
+    # Additional info
+    registrar: str = ""
+    creation_date: str = ""
+    expiration_date: str = ""
+    analyzed_at: datetime = field(default_factory=datetime.utcnow)
+    def get_records_by_type(self, record_type: str) -> list[DNSRecord]:
+        """Get records of a specific type"""
+        return [r for r in self.records if r.record_type == record_type]
+    def to_dict(self) -> dict:
+        return {
+            "domain": self.domain,
+            "nameservers": self.nameservers,
+            "mail_servers": self.mail_servers,
+            "ip_addresses": self.ip_addresses,
+            "records_count": len(self.records),
+            "security": {
+                "has_spf": self.has_spf,
+                "has_dmarc": self.has_dmarc,
+                "has_dkim": self.has_dkim,
+                "zone_transfer_possible": self.zone_transfer_possible,
+            },
+        }
+class DNSAnalyzer:
+    """
+    DNS enumeration and analysis.
+    Features:
+    - Record enumeration (A, AAAA, MX, NS, TXT, CNAME, SOA)
+    - Security configuration check (SPF, DMARC, DKIM)
+    - Zone transfer attempt
+    - Mail server discovery
+    Example:
+        analyzer = DNSAnalyzer()
+        result = await analyzer.analyze("example.com")
+        print(f"Nameservers: {result.nameservers}")
+        print(f"Has SPF: {result.has_spf}")
+    """
+    # Record types to query
+    RECORD_TYPES = ["A", "AAAA", "MX", "NS", "TXT", "CNAME", "SOA"]
+    def __init__(self, timeout: float = 5.0, nameserver: str = "8.8.8.8"):
+        if not DNS_AVAILABLE:
+            raise ImportError("dnspython is required. Install with: pip install dnspython")
+        self.timeout = timeout
+        self.nameserver = nameserver
+        self._resolver = dns.resolver.Resolver()
+        self._resolver.nameservers = [nameserver]
+        self._resolver.timeout = timeout
+        self._resolver.lifetime = timeout
+    async def analyze(self, domain: str) -> DNSResult:
+        """
+        Analyze DNS configuration for a domain.
+        Args:
+            domain: Target domain
+        Returns:
+            DNSResult with discovered records
+        """
+        result = DNSResult(domain=domain)
+        # Query all record types
+        for record_type in self.RECORD_TYPES:
+            records = await self._query_records(domain, record_type)
+            result.records.extend(records)
+            # Extract specific info
+            if record_type == "A":
+                result.ip_addresses.extend([r.value for r in records])
+            elif record_type == "NS":
+                result.nameservers.extend([r.value for r in records])
+            elif record_type == "MX":
+                result.mail_servers.extend([r.value for r in records])
+        # Check security records
+        result.has_spf = await self._check_spf(domain)
+        result.has_dmarc = await self._check_dmarc(domain)
+        result.has_dkim = await self._check_dkim(domain)
+        # Attempt zone transfer
+        result.zone_transfer_possible = await self._try_zone_transfer(domain, result.nameservers)
+        return result
+    async def _query_records(self, domain: str, record_type: str) -> list[DNSRecord]:
+        """Query DNS records of a specific type"""
+        records = []
+        try:
+            # Run in thread pool for async
+            loop = asyncio.get_event_loop()
+            answers = await loop.run_in_executor(
+                None,
+                lambda: self._resolver.resolve(domain, record_type)
+            )
+            for rdata in answers:
+                record = DNSRecord(
+                    record_type=record_type,
+                    name=domain,
+                    value=str(rdata),
+                    ttl=answers.ttl,
+                )
+                # Extract MX priority
+                if record_type == "MX":
+                    record.priority = rdata.preference
+                    record.value = str(rdata.exchange)
+                records.append(record)
+        except dns.resolver.NXDOMAIN:
+            logger.debug(f"Domain {domain} does not exist")
+        except dns.resolver.NoAnswer:
+            logger.debug(f"No {record_type} records for {domain}")
+        except dns.resolver.NoNameservers:
+            logger.debug(f"No nameservers for {domain}")
+        except Exception as e:
+            logger.debug(f"DNS query error ({record_type}): {e}")
+        return records
+    async def _check_spf(self, domain: str) -> bool:
+        """Check if SPF record exists"""
+        records = await self._query_records(domain, "TXT")
+        return any("v=spf1" in r.value.lower() for r in records)
+    async def _check_dmarc(self, domain: str) -> bool:
+        """Check if DMARC record exists"""
+        records = await self._query_records(f"_dmarc.{domain}", "TXT")
+        return any("v=dmarc1" in r.value.lower() for r in records)
+    async def _check_dkim(self, domain: str, selectors: list[str] = None) -> bool:
+        """Check if DKIM record exists"""
+        selectors = selectors or ["default", "google", "selector1", "selector2", "s1", "s2"]
+        for selector in selectors:
+            records = await self._query_records(f"{selector}._domainkey.{domain}", "TXT")
+            if records:
+                return True
+        return False
+    async def _try_zone_transfer(self, domain: str, nameservers: list[str]) -> bool:
+        """Attempt zone transfer"""
+        for ns in nameservers[:3]:  # Try first 3 nameservers
+            try:
+                ns_ip = socket.gethostbyname(ns.rstrip("."))
+                # Run in thread pool
+                loop = asyncio.get_event_loop()
+                zone = await loop.run_in_executor(
+                    None,
+                    lambda: dns.zone.from_xfr(dns.query.xfr(ns_ip, domain, timeout=5))
+                )
+                if zone:
+                    logger.warning(f"Zone transfer successful from {ns}!")
+                    return True
+            except Exception:
+                continue
+        return False
+async def analyze_dns(domain: str) -> DNSResult:
+    """Quick DNS analysis"""
+    analyzer = DNSAnalyzer()
+    return await analyzer.analyze(domain)

aipt_v2/recon/osint.py ADDED Viewed

@@ -0,0 +1,367 @@
+"""
+AIPT OSINT Collector
+Open-source intelligence gathering from public sources.
+"""
+from __future__ import annotations
+import asyncio
+import logging
+import re
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Optional
+import httpx
+logger = logging.getLogger(__name__)
+@dataclass
+class OSINTResult:
+    """OSINT collection results"""
+    target: str
+    target_type: str  # domain, email, ip, username
+    # Discovered data
+    emails: list[str] = field(default_factory=list)
+    usernames: list[str] = field(default_factory=list)
+    social_profiles: list[dict] = field(default_factory=list)
+    breaches: list[dict] = field(default_factory=list)
+    related_domains: list[str] = field(default_factory=list)
+    ip_info: dict = field(default_factory=dict)
+    whois_data: dict = field(default_factory=dict)
+    # Metadata
+    sources_checked: list[str] = field(default_factory=list)
+    collected_at: datetime = field(default_factory=datetime.utcnow)
+    def to_dict(self) -> dict:
+        return {
+            "target": self.target,
+            "target_type": self.target_type,
+            "emails_found": len(self.emails),
+            "usernames_found": len(self.usernames),
+            "social_profiles": len(self.social_profiles),
+            "breaches": len(self.breaches),
+            "sources_checked": self.sources_checked,
+        }
+class OSINTCollector:
+    """
+    OSINT data collector from public sources.
+    Sources:
+    - Have I Been Pwned (breach data)
+    - Hunter.io (email discovery)
+    - Shodan (IP/host info)
+    - Social media presence checks
+    Example:
+        collector = OSINTCollector()
+        result = await collector.collect_domain("example.com")
+        print(f"Emails found: {result.emails}")
+        print(f"Breaches: {len(result.breaches)}")
+    """
+    # Social media platforms to check
+    SOCIAL_PLATFORMS = {
+        "twitter": "https://twitter.com/{username}",
+        "github": "https://github.com/{username}",
+        "linkedin": "https://linkedin.com/in/{username}",
+        "instagram": "https://instagram.com/{username}",
+        "facebook": "https://facebook.com/{username}",
+    }
+    def __init__(
+        self,
+        hibp_api_key: str = "",
+        hunter_api_key: str = "",
+        shodan_api_key: str = "",
+    ):
+        self.hibp_api_key = hibp_api_key
+        self.hunter_api_key = hunter_api_key
+        self.shodan_api_key = shodan_api_key
+    async def collect_domain(self, domain: str) -> OSINTResult:
+        """
+        Collect OSINT for a domain.
+        Args:
+            domain: Target domain
+        Returns:
+            OSINTResult with discovered data
+        """
+        result = OSINTResult(target=domain, target_type="domain")
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            tasks = [
+                self._discover_emails(client, domain, result),
+                self._check_related_domains(client, domain, result),
+                self._get_whois(client, domain, result),
+            ]
+            await asyncio.gather(*tasks, return_exceptions=True)
+        return result
+    async def collect_email(self, email: str) -> OSINTResult:
+        """
+        Collect OSINT for an email address.
+        Args:
+            email: Target email
+        Returns:
+            OSINTResult with discovered data
+        """
+        result = OSINTResult(target=email, target_type="email")
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            tasks = [
+                self._check_breaches(client, email, result),
+            ]
+            await asyncio.gather(*tasks, return_exceptions=True)
+        return result
+    async def collect_username(self, username: str) -> OSINTResult:
+        """
+        Collect OSINT for a username.
+        Args:
+            username: Target username
+        Returns:
+            OSINTResult with social profile checks
+        """
+        result = OSINTResult(target=username, target_type="username")
+        async with httpx.AsyncClient(timeout=10.0, follow_redirects=True) as client:
+            await self._check_social_profiles(client, username, result)
+        return result
+    async def collect_ip(self, ip: str) -> OSINTResult:
+        """
+        Collect OSINT for an IP address.
+        Args:
+            ip: Target IP address
+        Returns:
+            OSINTResult with IP intelligence
+        """
+        result = OSINTResult(target=ip, target_type="ip")
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            await self._get_ip_info(client, ip, result)
+        return result
+    async def _discover_emails(
+        self,
+        client: httpx.AsyncClient,
+        domain: str,
+        result: OSINTResult,
+    ) -> None:
+        """Discover emails associated with domain"""
+        result.sources_checked.append("email_discovery")
+        # Hunter.io if API key available
+        if self.hunter_api_key:
+            try:
+                response = await client.get(
+                    "https://api.hunter.io/v2/domain-search",
+                    params={
+                        "domain": domain,
+                        "api_key": self.hunter_api_key,
+                    },
+                )
+                if response.status_code == 200:
+                    data = response.json()
+                    for email in data.get("data", {}).get("emails", []):
+                        if email.get("value"):
+                            result.emails.append(email["value"])
+            except Exception as e:
+                logger.debug(f"Hunter.io error: {e}")
+        # Fallback: search common patterns
+        common_prefixes = [
+            "info", "contact", "admin", "support", "sales", "hello",
+            "mail", "webmaster", "postmaster", "abuse",
+        ]
+        for prefix in common_prefixes:
+            result.emails.append(f"{prefix}@{domain}")
+    async def _check_breaches(
+        self,
+        client: httpx.AsyncClient,
+        email: str,
+        result: OSINTResult,
+    ) -> None:
+        """Check for breaches using HIBP"""
+        result.sources_checked.append("hibp")
+        if not self.hibp_api_key:
+            logger.debug("No HIBP API key, skipping breach check")
+            return
+        try:
+            response = await client.get(
+                f"https://haveibeenpwned.com/api/v3/breachedaccount/{email}",
+                headers={
+                    "hibp-api-key": self.hibp_api_key,
+                    "User-Agent": "AIPT-Scanner",
+                },
+            )
+            if response.status_code == 200:
+                for breach in response.json():
+                    result.breaches.append({
+                        "name": breach.get("Name"),
+                        "date": breach.get("BreachDate"),
+                        "domain": breach.get("Domain"),
+                        "data_classes": breach.get("DataClasses", []),
+                    })
+        except Exception as e:
+            logger.debug(f"HIBP error: {e}")
+    async def _check_social_profiles(
+        self,
+        client: httpx.AsyncClient,
+        username: str,
+        result: OSINTResult,
+    ) -> None:
+        """Check social media presence"""
+        result.sources_checked.append("social_media")
+        async def check_platform(platform: str, url_template: str) -> Optional[dict]:
+            url = url_template.format(username=username)
+            try:
+                response = await client.get(url)
+                if response.status_code == 200:
+                    return {
+                        "platform": platform,
+                        "url": url,
+                        "exists": True,
+                    }
+            except Exception:
+                pass
+            return None
+        tasks = [
+            check_platform(platform, url)
+            for platform, url in self.SOCIAL_PLATFORMS.items()
+        ]
+        results = await asyncio.gather(*tasks)
+        for profile in results:
+            if profile:
+                result.social_profiles.append(profile)
+    async def _check_related_domains(
+        self,
+        client: httpx.AsyncClient,
+        domain: str,
+        result: OSINTResult,
+    ) -> None:
+        """Find related domains"""
+        result.sources_checked.append("related_domains")
+        # Check common TLDs
+        base = domain.rsplit(".", 1)[0]
+        tlds = [".com", ".net", ".org", ".io", ".co", ".app", ".dev"]
+        for tld in tlds:
+            test_domain = base + tld
+            if test_domain != domain:
+                try:
+                    import socket
+                    socket.gethostbyname(test_domain)
+                    result.related_domains.append(test_domain)
+                except socket.gaierror:
+                    pass
+    async def _get_ip_info(
+        self,
+        client: httpx.AsyncClient,
+        ip: str,
+        result: OSINTResult,
+    ) -> None:
+        """Get IP intelligence"""
+        result.sources_checked.append("ip_info")
+        # ipinfo.io (no API key needed for basic info)
+        try:
+            response = await client.get(f"https://ipinfo.io/{ip}/json")
+            if response.status_code == 200:
+                result.ip_info = response.json()
+        except Exception as e:
+            logger.debug(f"ipinfo error: {e}")
+        # Shodan if API key available
+        if self.shodan_api_key:
+            try:
+                response = await client.get(
+                    f"https://api.shodan.io/shodan/host/{ip}",
+                    params={"key": self.shodan_api_key},
+                )
+                if response.status_code == 200:
+                    shodan_data = response.json()
+                    result.ip_info["shodan"] = {
+                        "ports": shodan_data.get("ports", []),
+                        "os": shodan_data.get("os"),
+                        "hostnames": shodan_data.get("hostnames", []),
+                    }
+            except Exception as e:
+                logger.debug(f"Shodan error: {e}")
+    async def _get_whois(
+        self,
+        client: httpx.AsyncClient,
+        domain: str,
+        result: OSINTResult,
+    ) -> None:
+        """Get WHOIS information"""
+        result.sources_checked.append("whois")
+        try:
+            import whois
+            w = whois.whois(domain)
+            result.whois_data = {
+                "registrar": w.registrar,
+                "creation_date": str(w.creation_date) if w.creation_date else None,
+                "expiration_date": str(w.expiration_date) if w.expiration_date else None,
+                "name_servers": w.name_servers if w.name_servers else [],
+            }
+        except ImportError:
+            logger.debug("python-whois not installed")
+        except Exception as e:
+            logger.debug(f"WHOIS error: {e}")
+# Convenience functions
+async def osint_domain(domain: str) -> OSINTResult:
+    """Quick OSINT for domain"""
+    collector = OSINTCollector()
+    return await collector.collect_domain(domain)
+async def osint_email(email: str, hibp_key: str = "") -> OSINTResult:
+    """Quick OSINT for email"""
+    collector = OSINTCollector(hibp_api_key=hibp_key)
+    return await collector.collect_email(email)
+async def osint_username(username: str) -> OSINTResult:
+    """Quick social media presence check"""
+    collector = OSINTCollector()
+    return await collector.collect_username(username)