FluxOSINT is a modular, web-based OSINT (Open-Source Intelligence) platform designed to collect, analyze, and visualize publicly available data from multiple sources in a structured and ethical way.
Now I added a privacy-safe password checker to FluxOSINT. Instead of sending passwords to the server, I used browser-side hashing and k-anonymity to only query small hash prefixes against a public breach database.
The coolest part was realizing the backend never touches the real password at any point so all the sensitive work stays in the browser. It made the feature feel way more “real-world” than just calling an API.
Next up, I’m adding Reports v1 so FluxOSINT can generate clean PDF intel summaries instead of just showing raw JSON.
Log in to leave a comment
Now I added FluxOSINT’s first real “security” feature. Instead of relying on paid breach APIs, I built an email intelligence module that looks at public reputation signals like MX records, disposable email providers, domain age, Gravatar presence, and whether the email shows up on public paste sites.
The hardest part was making all these checks work inside one plugin and still return a simple risk score that makes sense. Once it came together, the scans finally felt like real OSINT instead of just a tech demo.
Next up, I’m building LeakGuard, a privacy-safe password checker that tells users if their password has appeared in known leaks without ever sending the actual password to the server.
Log in to leave a comment
Now I turned FluxOSINT from a database into an actual system. I built a module engine that automatically runs OSINT tools when a target is added instead of just saving it.
My first real module checks if a username exists on a few major platforms and returns results instantly in the API. Watching it scan and respond in real-time was honestly the “okay this is real now” moment.
Next up, I’m building Email Intel + Breach Check, so FluxOSINT starts doing actual security analysis instead of just presence checks.
Log in to leave a comment
Today I got FluxOSINT’s core working. I built an API that lets me add investigation targets (usernames, emails, domains) and store them in a real database instead of just printing stuff to the terminal. This is basically the backbone everything else will plug into.
I hit a few dumb but important bugs, mainly running Python from the wrong folder and breaking my imports. Once I fixed the project structure and initialized SQLite properly, the API came online and started saving targets like it should.
Next up, I’m building the module engine so FluxOSINT can actually do something with these targets instead of just storing them.
Log in to leave a comment