v2.1 — 12 modules · 28B+ records indexed

The all-in-one
OSINT operator suite.

Run email, phone, username, IP, breach, and social investigations from a single black-and-white command center. Built for analysts. Trusted by professionals.

xpfps@operator: ~/recon

$ xpfps lookup --email john.doe@gmail.com

├─ [✓] 4 breaches identified (LinkedIn, Adobe, Dropbox, MyFitnessPal)

├─ [✓] 3 social accounts linked (Twitter, GitHub, Reddit)

├─ [✓] 1 phone number associated

└─ [✓] Risk score: 7.4 / 10

Modules

12 surgical lookups.
One unified workflow.

View all

Email Lookup

Breaches & socials

Username

400+ platforms

Phone

Carrier & location

IP Address

Geo & threat intel

Domain Recon

DNS & subdomains

Breach Search

28B+ records

Social Aggregator

Cross-reference

Discord OSINT

Mutuals & history

Zero logs

Queries are ephemeral. We don't retain investigative targets or results past your session.

28B+ records

Aggregated from public breaches, leaks, and open-source feeds. Updated weekly.

API-first

Every module exposed via REST. Automate recon pipelines with simple HTTPS calls.

Pricing

Pay for what you investigate.

Free

$0/mo

10 credits/mo

3 modules
Basic lookups
Community support

Pro

$10/mo

500 credits/mo

All modules
API access
Priority support
History export

Enterprise

$25/mo

5,000 credits/mo

Unlimited modules
Dedicated API
24/7 support
Custom integrations

The all-in-oneOSINT operator suite.

12 surgical lookups.One unified workflow.

Email Lookup

Username

Phone

IP Address

Domain Recon

Breach Search

Social Aggregator

Discord OSINT

Zero logs

28B+ records

API-first

Pay for what you investigate.

Free

Pro

Enterprise

The all-in-one
OSINT operator suite.

12 surgical lookups.
One unified workflow.