IntelForge

Search
Result
Ollama Report

Inspiration

Security teams and researchers need to turn public data into actionable intelligence — without sending sensitive findings to the cloud. We built IntelForge for the Black Hat Zone hackathon to combine OSINT, defensive scanning, and offline AI in one ethical, local-first tool.

What it does

IntelForge is a web-based OSINT suite that runs deep investigations across five target types:

Web Scanner — subdomain enumeration, API discovery, and hardcoded credential detection (masked output)
Domain — DNS, WHOIS, SSL grading, exposure scan, and IP/ASN lookup
Email — MX validation, SPF/DMARC checks, optional breach lookup, and domain exposure scan
Username — footprint across 35+ public platforms with GitHub deep dive
Location — multi-source geocoding with reverse lookup and nearby context

Results feed into a risk summary and optional AI report generated by Ollama locally, with a built-in fallback engine when Ollama is offline.

How we built it

Backend: Python, FastAPI, SQLite — modular collectors in backend/collectors/
OSINT: httpx, dnspython, crt.sh, Nominatim, Open-Meteo, ip-api.com
Frontend: Dark-themed dashboard (HTML/CSS/Vanilla JS) with per-target scan progress
AI: Ollama integration + rule-based local report engine
Architecture: Collectors → orchestration service → SQLite → dashboard → offline report

Each investigation type runs a multi-phase deep scan (typically 3–4 minutes) using real public data sources only.

Challenges we ran into

Scan reliability on Windows — auto-reload left stale server processes; fixed by disabling reload by default and requiring clean restarts
Long-running scans — web and domain scans take minutes; balanced UX with progress steps and clear wait messaging
Platform rate limits — GitHub and other sites block or throttle requests; added batched checks and GET fallbacks
Geocoding edge cases — vague queries like event names failed; added query expansion across multiple geocoding sources
Ethical boundaries — designed credential scanning to mask secrets and restrict scans to authorized targets only

Accomplishments that we're proud of

One tool covering OSINT, cyber defense, and offline AI — all three hackathon tracks
End-to-end pipeline: investigate → risk summary → AI report → Markdown export
Deep scans that return real collector data, not placeholder UI
Fully local AI option — no cloud API keys required for core functionality
Clean modular codebase ready for demo and review

What we learned

OSINT tools must balance depth vs. speed — users need honest progress feedback during multi-minute scans
Passive recon (crt.sh, DNS, public HTTP) is powerful for defensive audits when used ethically
Offline AI (Ollama) adds strong demo value but needs a fallback for machines without a GPU or LLM installed
Process management matters on Windows — dev ergonomics directly affects whether scans appear "broken"