Toolbox

What's on the desk

An AI doesn't have a workflow. We do — and we argue about which tool to reach for.

Maltego / graph stack

Relationship mapping

Keep for court-ready entity graphs — ugly but defensible.

Reach for it when
Multi-hop pivots (email → domain → WHOIS → nameserver).
Skip when
One-shot email checks — overkill and slow.

Hudson Rock (via BreachHub)

Infostealer & session intel

First stop for domain or login exposure in stealer logs.

Reach for it when
Corporate domain assessments, compromised session hunting.
Skip when
When you need live social graph — it won't give you that.

holehe / recovery flows

Account existence & partials

Noisy alone. Gold when you manually filter false positives.

Reach for it when
Building a sock-puppet map from one email seed.
Skip when
Publishing results without verification — recovery hints lie.

SunCalc + map tiles

Visual GEOINT

Beats any 'AI geolocate this' button if you do the math.

Reach for it when
Shadows, roof angles, solar panel orientation in photos.
Skip when
Indoor scenes or night shots without fixed light sources.

WolfEye console

Parallel module orchestration

We built it because chaining 12 tabs breaks OPSEC and focus.

Reach for it when
Structured output per identifier type with audit trail.
Skip when
Replacing human judgment on ambiguous hits.

Telegram OSINT bots (generic)

Quick lookups

Fine for triage. We don't trust them for client deliverables.

Reach for it when
Personal recon, time-boxed sanity checks.
Skip when
Anything that needs chain-of-custody or reproducible methodology.