v2.1 — 12 modules · 28B+ records indexed

The all-in-one
OSINT operator suite.

Run email, phone, username, IP, breach, and social investigations from a single black-and-white command center. Built for analysts. Trusted by professionals.

xpfps@operator: ~/recon
$ xpfps lookup --email john.doe@gmail.com
├─ [✓] 4 breaches identified (LinkedIn, Adobe, Dropbox, MyFitnessPal)
├─ [✓] 3 social accounts linked (Twitter, GitHub, Reddit)
├─ [✓] 1 phone number associated
└─ [✓] Risk score: 7.4 / 10
$

Modules

12 surgical lookups.
One unified workflow.

Email Lookup

Breaches & socials

Username

400+ platforms

Phone

Carrier & location

IP Address

Geo & threat intel

Domain Recon

DNS & subdomains

Breach Search

28B+ records

Social Aggregator

Cross-reference

Discord OSINT

Mutuals & history

Zero logs

Queries are ephemeral. We don't retain investigative targets or results past your session.

28B+ records

Aggregated from public breaches, leaks, and open-source feeds. Updated weekly.

API-first

Every module exposed via REST. Automate recon pipelines with simple HTTPS calls.

Pricing

Pay for what you investigate.

Free

$0/mo

10 credits/mo

  • 3 modules
  • Basic lookups
  • Community support

Pro

$10/mo

500 credits/mo

  • All modules
  • API access
  • Priority support
  • History export

Enterprise

$25/mo

5,000 credits/mo

  • Unlimited modules
  • Dedicated API
  • 24/7 support
  • Custom integrations