Toolbox
What's on the desk
An AI doesn't have a workflow. We do — and we argue about which tool to reach for.
Maltego / graph stack
Relationship mappingKeep for court-ready entity graphs — ugly but defensible.
- Reach for it when
- Multi-hop pivots (email → domain → WHOIS → nameserver).
- Skip when
- One-shot email checks — overkill and slow.
Hudson Rock (via BreachHub)
Infostealer & session intelFirst stop for domain or login exposure in stealer logs.
- Reach for it when
- Corporate domain assessments, compromised session hunting.
- Skip when
- When you need live social graph — it won't give you that.
holehe / recovery flows
Account existence & partialsNoisy alone. Gold when you manually filter false positives.
- Reach for it when
- Building a sock-puppet map from one email seed.
- Skip when
- Publishing results without verification — recovery hints lie.
SunCalc + map tiles
Visual GEOINTBeats any 'AI geolocate this' button if you do the math.
- Reach for it when
- Shadows, roof angles, solar panel orientation in photos.
- Skip when
- Indoor scenes or night shots without fixed light sources.
WolfEye console
Parallel module orchestrationWe built it because chaining 12 tabs breaks OPSEC and focus.
- Reach for it when
- Structured output per identifier type with audit trail.
- Skip when
- Replacing human judgment on ambiguous hits.
Telegram OSINT bots (generic)
Quick lookupsFine for triage. We don't trust them for client deliverables.
- Reach for it when
- Personal recon, time-boxed sanity checks.
- Skip when
- Anything that needs chain-of-custody or reproducible methodology.