Strix Advanced Tools
EN
← All tools

Strix Archer

Passive OSINT for CTF challenges & authorized lab targets.
Linux OSINT Python
⚠️ Strix Archer performs OSINT collection and shows a one-time consent gate. Use it ONLY against CTF challenges / fictional characters or targets you own or are authorized to test. Profiling real people without consent can be illegal.

Strix Archer is a free, open-source OSINT tool for Linux — built for CTF challenges and authorized lab targets — that performs passive domain and identity recon (DNS/RDAP/crt.sh, username and email lookup, GitHub OSINT, breach checks) plus a safe HIBP k-anonymity password check.

Strix Archer pairs a dependency-free, standard-library-only OSINT engine with wrappers for popular tools — using Sherlock, maigret, holehe, theHarvester and SpiderFoot when installed, and falling back to its own implementation when not. It does domain recon (DNS-over-HTTPS, RDAP/WHOIS, crt.sh subdomains, HTTP + security-header fingerprint), identity recon (rate-limited username scan, GitHub OSINT, Gravatar, breach lookup), and a safe HIBP k-anonymity password check. A one-time consent gate keeps it to authorized lab use; everything is passive and read-only, with a .txt and dark HTML report.

Price
Free — open-source (MIT)
Platforms
Linux
Category
OSINT
Built with
Python
Open-source alternative to
Sherlock, maigret, SpiderFoot, theHarvester
Telemetry
None — fully offline
Updated

A look inside

Strix Archer — Passive OSINT for CTF challenges & authorized lab targets.. Screenshot of the osint tool running on Linux.

What it does

  • Built-in stdlib engine + auto-wraps Sherlock / maigret / holehe / theHarvester / SpiderFoot when present
  • Domain: DNS-over-HTTPS, RDAP/WHOIS, crt.sh subdomains, HTTP + missing-security-header check
  • Identity: rate-limited username scan, GitHub OSINT (commit-leaked emails), Gravatar, XposedOrNot breach lookup
  • Safe password breach check via HIBP k-anonymity — the password never leaves your machine
  • One-time consent gate, rate-limited by design; passive & read-only; .txt + dark HTML report

What Strix Archer deliberately does not do

  • It is passive and read-only — it never exploits or actively attacks a target.
  • It is for authorized use only — a one-time consent gate enforces acknowledgement.
  • The password breach check never sends your password (HIBP k-anonymity).

Installation

🐧 Linux (Ubuntu / Debian)

git clone https://github.com/strix-tool/strix-archer
cd strix-archer
python3 strix_archer.py -u demo-user --i-am-authorized

Frequently asked

Is this legal to use?

Only against CTF challenges / fictional characters or targets you own or are explicitly authorized to test. Profiling real people without consent can be harassment and may be illegal — a one-time consent gate enforces acknowledgement.

Do I need to install anything?

No — the built-in engine is pure Python standard library. Optional tools (Sherlock, holehe, …) are auto-wrapped if present, and `--setup` installs them into isolated pipx environments so your system Python is untouched.

Powered by open source

Strix Archer wraps these open-source tools and public services — it does not bundle or modify them. Thank you to every upstream project and service.

SherlockmaigretholeheSpiderFoottheHarvestercrt.shRDAPGitHub APIGravatarXposedOrNotHIBP
Full acknowledgements & links →