neatlabs-ai

neatlabs-ai / crucible-sigint

Public

Passive OSINT engine: one seed domain → full infrastructure cluster. Automates Ryan McDonald's scam-kit fingerprinting methodology. crt.sh · urlscan · DNS · RDAP · JS wallet drain detection. Python/FastAPI · free · no API keys.

13
2
85% credibility
Found May 28, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
HTML
AI Summary

CRUCIBLE SIGINT is a passive investigation tool that takes a single suspicious domain name and automatically maps its entire infrastructure cluster by analyzing public certificate records, DNS data, hosting information, and web page code to help security researchers and investigators identify scam operations and fraud networks.

How It Works

1
🔍 Discovering the Investigation Tool

A security researcher or fraud investigator learns about this tool through a blog post, LinkedIn article, or security community discussion.

2
📦 Setting Up the Tool

You download the tool and install three simple programs on your computer to get started.

3
🌐 Entering a Domain to Investigate

You type in a suspicious domain name you want to investigate, like one reported by a victim or found during research.

4
Watching the Investigation Unfold

The tool automatically searches through public certificate records, DNS records, and hosting information to build a complete picture of the domain's infrastructure.

5
📊 Reviewing All Findings

You review the threat score, see all related domains, check for suspicious patterns like internal admin portals, and examine any crypto wallet drain code found.

6
Choose What to Do Next
📄
Export and Share Report

Save your findings as a report to share with your team, submit to authorities, or import into your security systems.

🛡️
Protect Your Brand

Point the tool at your organization's domain to find all lookalike domains being used for phishing or brand abuse.

🎯 Complete Investigation Complete

You have a complete report showing the full infrastructure of a scam operation, ready to help stop fraud and protect victims.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is crucible-sigint?

Crucible-sigint is a passive OSINT engine that takes a single seed domain and maps out its entire infrastructure cluster in under 90 seconds. It runs a 7-stage pipeline using free APIs (certificate transparency logs, DNS-over-HTTPS, IP enrichment, RDAP, urlscan, and live JS analysis) to surface related domains, hosting patterns, and wallet drain mechanisms. Built with Python and FastAPI, it outputs a 12-signal weighted threat score and supports multiple export formats including SIEM-ready CSV with defanged IOCs.

Why is it gaining traction?

The hook is the automation of Ryan McDonald's documented $150M pig-butchering investigation into a repeatable tool. The 12-signal weighted scoring surfaces scam-kit patterns (Chinese admin portals, Chinese cloud hosting, registrar risk) that would take hours to find manually. The JS wallet drain detection catches the MAX_UINT approve pattern that indicates persistent cryptocurrency theft. No API keys, no accounts, runs entirely on free tier services.

Who should use this?

Threat intelligence analysts investigating cryptocurrency fraud operations. Brand protection teams hunting lookalike domains via certificate transparency. Law enforcement handling fraud referrals who need structured IOC exports. Security researchers tracking criminal infrastructure clusters who want passive reconnaissance without active scanning.

Verdict

With a credibility score of 0.85% and only 13 stars, this is an early-stage project that needs community validation before relying on it for critical investigations. The methodology is well-documented, the feature set is solid, and the demo seeds against confirmed criminal infrastructure are compelling. However, the low maturity signals mean it should supplement, not replace, established OSINT workflows. Worth watching.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.