OSINT Tools
OSINT Tools is a suite of open-source intelligence utilities built directly into Hawkra. Rather than switching between external services during reconnaissance, you can run domain lookups, data breach searches, IP geolocation, and infrastructure scans from a single interface. The tools are organized across three tabs -- Domain Information, User Information, and Host Information -- each focused on a different category of intelligence gathering.
Data Breach Search, GeoIP Lookup, and Shodan Search require a Premium or Self-Hosted subscription. WHOIS and DNS lookups are available to all users.
How It Works
OSINT Tools is accessible from the top navigation bar and operates at the account level, independent of any workspace. Premium-only tools (Data Breach Search, GeoIP, Shodan) are gated behind a lock overlay for non-premium users.
Domain Information
The Domain Information tab is available to all authenticated users and contains two tools for investigating domain names.
WHOIS Lookup
WHOIS Lookup retrieves registration information for a domain name. Enter a domain (e.g., example.com) and Hawkra returns the parsed registration details along with the raw WHOIS text.
Returns parsed registration details (registrar, created/expiry dates, name servers) along with the raw WHOIS text for manual analysis.
DNS Lookup
DNS Lookup resolves DNS records for a domain. Select a record type from the dropdown and enter a domain to query.
Supported record types:
- A -- IPv4 address records
- AAAA -- IPv6 address records
- MX -- Mail exchange records (includes priority values)
- TXT -- Text records (SPF, DKIM, DMARC, verification tokens)
- NS -- Name server records
- CNAME -- Canonical name (alias) records
Results are displayed in a table with record values, priority (for MX), and TTL.
User Information
The User Information tab contains tools for investigating email address exposure in data breaches. This tab requires a Premium or Self-Hosted subscription.
Data Breach Search
Data Breach Search uses the HaveIBeenPwned API to check whether an email address has appeared in known data breaches or public pastes. Enter an email address and Hawkra searches for both breach records and paste records sequentially.
Breach Results
Returns a sortable table of breaches (name, domain, date, compromised account count, verification status). Each row expands to show a description, exposed data types, and metadata. Sorted by date, most recent first.
Paste Results
Returns paste entries (title, source, date, email count) in a separate collapsible section below breaches.
Breach searches are rate-limited by the HaveIBeenPwned API. The paste search runs automatically after the breach search completes, with a brief delay to respect rate limits.
Host Information
The Host Information tab contains tools for investigating IP addresses and network infrastructure. Both tools require a Premium or Self-Hosted subscription.
GeoIP Lookup
GeoIP Lookup determines the geographic location and network information for an IP address. Enter an IP address (e.g., 8.8.8.8) to retrieve location data.
Returns country, city, ISP, timezone, and GPS coordinates for the given IP address.
Shodan Search
Shodan Search queries the Shodan database for information about internet-connected devices. Enter an IP address or domain name to retrieve infrastructure details.
Returns organization, ISP, hostnames, detected CVEs, and open ports (with protocol and service name) for the given target.
Combine Shodan Search with the Threat Dashboard to cross-reference CVEs found on your targets with active exploitation data and EPSS scores.
Key Actions
| Action | How |
|---|---|
| Look up domain registration | Go to Domain Information tab, enter a domain in the WHOIS tool, click Lookup WHOIS |
| Query DNS records | Go to Domain Information tab, select a record type, enter a domain, click Query DNS |
| Search for data breaches | Go to User Information tab, enter an email address, click Search |
| Expand breach details | Click on a breach row to reveal description, exposed data types, and metadata |
| Look up IP geolocation | Go to Host Information tab, enter an IP address in the GeoIP tool, click Lookup Location |
| Search Shodan | Go to Host Information tab, enter an IP or domain in the Shodan tool, click Search Shodan |