FIXTT is a modular, terminal-based Open Source Intelligence framework designed for security researchers, red teamers, and CTF players. It aggregates intelligence from 20+ data sources into a single unified CLI — phones, emails, IPs, domains, images, dark web, and more.
Actively maintained and security-hardened by krypthane — Red Team Operator from Mexico 🇲🇽.
| Installation | ProtonMail OSINT |
|---|---|
 |
 |
╔══════════════════════════════════════════════════════╗
║ FIXTT v2.3 ║
╠═══════════════════════╦══════════════════════════════╣
║ [01] IP Address Info ║ [11] Metadata Extraction ║
║ [02] Email Info ║ [12] Twitter Status Check ║
║ [03] Image Location ║ [13] Subdomain Enum ║
║ [04] Host Search ║ [14] Google Dork Hacking ║
║ [05] Port Scanner ║ [15] SMTP Analysis ║
║ [06] Exploit CVE ║ [16] InfoStealer Check ║
║ [07] Exploit OSVD ║ [17] Dark Web Search ║
║ [08] DNS Lookup ║ [99] Auto-Update ║
║ [09] DNS Reverse ║ [101] What's New? ║
║ [10] Email Finder ║ [100] About ║
╚═══════════════════════╩══════════════════════════════╝
Audit and patches applied by krypthane
| # | Issue | Severity | Fix |
|---|---|---|---|
| 1 | Stripe API key hardcoded in source | 🔴 HIGH | Moved to STRIPE_API_KEY env var |
| 2 | shell=True in run_command() |
🟡 MED | shlex.split() + shell=False + timeout |
| 3 | shell=True in Tor service check |
🟡 MED | Split into safe separate calls |
| 4 | git reset --hard without confirmation |
🟡 MED | Explicit yes prompt required |
🐧 Linux — Kali / Parrot / Ubuntu
git clone https://github.com/wavegxz-design/FIXTT
cd FIXTT
chmod +x setup.sh
sudo bash setup.sh📱 Termux — Android
git clone https://github.com/wavegxz-design/FIXTT
cd FIXTT
bash setup.sh🍎 macOS
git clone https://github.com/wavegxz-design/FIXTT
cd FIXTT
bash setup.shSet your API keys as environment variables — never hardcode secrets:
# Add to ~/.bashrc or ~/.zshrc
export STRIPE_API_KEY="sk_test_..." # Optional — payment support
export OPENCAGE_API_KEY="your_key" # Optional — IP geolocation
export GOOGLE_CSE_API_KEY="your_key" # Optional — reverse image search
export GOOGLE_CSE_ENGINE_ID="your_id" # Optional — reverse image searchxosint
# or
python3 xosintContributions are welcome. Please follow the security guidelines below.
# 1. Fork the repo
git fork https://github.com/wavegxz-design/FIXTT
# 2. Create your feature branch
git checkout -b feat/module-name
# 3. Commit with clear message
git commit -m "feat: add [module-name] — brief description"
# 4. Open a Pull Request
git push origin feat/module-nameSecurity checklist before submitting PR:
- No hardcoded API keys, tokens or passwords
- No
shell=Truewith user-controlled input - No calls to undisclosed external servers
- Tested on Linux and Termux
- Module added to README module map
⚠️ PRs with backdoors, obfuscated code, or malicious logic will be rejected and reported.
This tool is for AUTHORIZED security research and educational purposes ONLY.
✅ Authorized penetration testing
✅ CTF competitions
✅ Personal security research
✅ Bug bounty programs (within scope)
❌ Unauthorized access to systems or accounts
❌ Stalking, harassment or privacy violations
❌ Any illegal activity under local or international law
The author assumes NO responsibility for misuse of this tool.
 |
krypthane — Red Team Operator & Open Source Developer 📍 Mexico 🇲🇽 · UTC-6 "Know the attack to build the defense." |
If FIXTT helped you in a CTF, bug bounty, or research — drop a ⭐
It helps the project reach more security researchers.