BlackTrace provides a collection of OSINT tools in a single Python-based command-line interface. Developed by fawadqureshi007, the project sits on GitHub at fawadqureshi007/Black with 51 stars. It targets reconnaissance tasks such as extracting GPS data from image EXIF, checking emails for breaches, performing domain and IP lookups, analyzing file metadata, and running reverse image searches. The toolkit pulls together these functions for users conducting cybersecurity research or digital investigations, emphasizing ethical use under the tagline "Think like an attacker."
The framework automates intelligence gathering across multiple sources, from WHOIS queries to threat feeds, without requiring separate scripts for each task. It runs on Linux distributions like Kali or Ubuntu, assuming Python 3.7 or higher and an internet connection. Users interact via a menu-driven CLI after setup, selecting modules for specific recon needs.
Core features
BlackTrace bundles 14 modules into one executable. Key capabilities include:
- Image geolocation: Pulls GPS coordinates from EXIF data in photos.
- Email checks: Scans for breaches via HaveIBeenPwned and verifies validity.
- Domain intel: Runs WHOIS, DNS enumeration, and subdomain discovery.
- Reverse image search: Queries multiple engines for visual matches.
- Network recon: Performs port scanning and IP geolocation with abuse data.
Additional tools cover username searches across platforms, Google dorking, Wayback Machine snapshots, website scraping with NLP entity extraction, phone number lookups, and integrations for Reddit, GitHub, and GEOINT satellite analysis. File metadata extraction works on various formats, while threat intelligence pulls from feeds.
Getting it running
Installation follows standard Git practices. Start with the quick setup for most users:
git clone https://github.com/fawadqureshi007/Black.git
cd Black
chmod +x install.sh
./install.sh
This handles dependencies automatically. For manual control, update packages first:
sudo apt update
python3 -m venv blacktrace_env
source blacktrace_env/bin/activate
pip install -r requirements.txt
python3 -m spacy download en_core_web_sm
The requirements.txt lists essentials: requests, beautifulsoup4, waybackpy, spacy, phonenumbers, exifread, tldextract, python-whois, dnspython, and lxml.
To launch, use the standard command:
python3 blacktrace.py
Or bypass virtualenv activation:
./blacktrace_env/bin/python blacktrace.py
A one-click option exists via ./run.sh. The interface presents a numbered menu matching the modules table in the README, such as option 1 for Image GeoLocation or 9 for Port Scanner.
Some modules need API keys for full access, set as environment variables:
export HIBP_API_KEY="your_key"
export ABUSEIPDB_KEY="your_key"
export GITHUB_TOKEN="your_token"
Sources include HaveIBeenPwned, Hunter.io, and AbuseIPDB. Without keys, those features skip or use free tiers.
Modules in detail
The tool organizes functions into this table from the README:
| # | Module | Description |
|---|---|---|
| 1 | Image GeoLocation | Extract GPS metadata |
| 2 | Social Recon | Username search |
| 3 | Email Breach Scan | Data leak detection |
| 4 | Email Verification | Email validation |
| 5 | Domain Intelligence | WHOIS + DNS lookup |
| 6 | Metadata Extraction | File intelligence |
| 7 | Google Dorking | Advanced search automation |
| 8 | Instagram Recon | Profile analysis |
| 9 | Port Scanner | Network reconnaissance |
| 10 | GitHub Recon | Developer profiling |
| 11 | Website Scraper | Metadata extraction |
| 12 | Phone Intelligence | Carrier & region lookup |
| 13 | Reverse Image | Image OSINT |
| 14 | GEOINT Ops | Satellite mapping |
Each runs independently, prompting for inputs like image paths, emails, or domains. Output displays in the terminal, often with coordinates, leak details, or scan results.
Who this is for
Security researchers, penetration testers, and investigators benefit most. It suits scenarios like profiling targets during red team exercises, verifying leaked credentials, or mapping attack surfaces via DNS and ports. Ethical hackers on Kali Linux can chain modules for full recon workflows, such as geolocating images from social media then scraping linked sites.
Digital forensics teams might use metadata and breach checks for incident response. The CLI focus appeals to terminal users avoiding GUI overhead. Developers profiling GitHub repos or hunting phone intel find dedicated options handy.
How it compares
BlackTrace aggregates tools similar to theHarvester for emails and domains or ExifTool for metadata, but in one package. Unlike Recon-ng, which requires module extensions, it ships with 14 ready functions. It's lighter than full suites like Maltego, running from a virtualenv without databases.
Single-purpose alternatives include Shodan for ports (free tier limited) or TinEye for images. BlackTrace stands out for multi-engine reverse search and Spacy-powered scraping, but lacks theHarvester's deep email permutation. At 51 stars, it's smaller than mature projects, so expect occasional bugs in niche modules.
Users needing Docker support will add it manually, as none ships. For Windows, compatibility drops without WSL.
BlackTrace delivers focused OSINT without extras, best for Linux CLI users okay with API setup. Those wanting polished GUIs or heavy automation might look elsewhere. Source code and updates live at https://github.com/fawadqureshi007/Black; developer contact via Instagram.
Comments