Welcome to OSINT.party the home of Garlic. Garlic is a experimental research project that keeps track of various bits of metadata about sites running on the Tor network.

Maltego Transforms:

We currently offer six Maltego transforms. Add our seed https://cetas.paterva.com/runner/showseed/uRFJlZUmQHRPrhDpd4sumrnV
        maltego.Domain -> [OSINT.PARTY] Get BTC addresses
            Returns BTC addresses found on the index page of the onion address.
        maltego.Domain -> [OSINT.PARTY] Get e-mail addresses
            Returns email addresses found on the index page of the onion address.
        maltego.BTCAddress -> [OSINT.PARTY] To onions with this address
            Returns onion addresses that reference this BTC address on their index page.
        maltego.EmailAddress -> [OSINT.PARTY] To onions with this address
            Returns onion addresses that reference this e-mail address on their index page.
        maltego.Domain -> [OSINT.PARTY] Get hostname / IP address
            Returns the IP address or hostname that could potentially identify this onion address.
        maltego.Domain -> [OSINT.PARTY] Get page title
            Returns the title for this onion.


We also offer a simple, but limited HTTPS API. The API is heavily cached, as a result data may be cached by a maximum of one hour. Please refer to the api_response_generated_at field in the response to determine how fresh a response is.
            GET /api/status
                Description: Returns information about our underlying database.

            GET /api/onion/{address}
                Description: Returns metadata about a specific onion address if the address is known in our database.

            POST /api/search
                Description: Returns onion addresses that exactly match your search query, available identifier types are: btc_address, email_address, address, host_key, server_version, http_header
                You can set the partial_match parameter to find partial matches instead of exact matches. Defaults to false.
                There are no URLs returned as we only crawl one page per onion, this will change in the future.

                Find onions that use the same SSH host key:
                    curl --location --request POST 'https://osint.party/api/search' \
                    --form 'identifier_type="host_key"' \
                    --form 'query="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYBxGm8N69GcsIFlrmzduUoqjwBopYJ0TAatMTSlBEn"'

                Find onions that use a similar e-mail provider:
                    curl --location --request POST 'https://osint.party/api/search' \
                    --form 'identifier_type="email_address"' \
                    --form 'partial_match="true"' \
                    --form 'query="secmail.pro"'

                Find onions running Apache 2.4.18:
                    curl --location --request POST 'https://osint.party/api/search' \
                    --form 'identifier_type="server_version"' \
                    --form 'partial_match="true"' \
                    --form 'query="Apache/2.4.18"'

                Find onions powered by Express:
                    curl --location --request POST 'https://osint.party/api/search' \
                    --form 'identifier_type="http_header"' \
                    --form 'query="X-Powered-By: Express"' \
                    --form 'partial_match="true"'


                    * Temporarily removed HTTP response headers from the /api/onion/{address} API endpoint. Headers will be back once a better de-duplication implementation has been written.
                    * Started indexing several new fields (HTTP response headers, HTML meta, HTML property & HTML link tags
                    * As a result of this API responses will grow in size. A new API is being designed to let you pick interesting fields.
                    * Added basic support for Maltego. You can find our transforms at https://cetas.paterva.com/runner/showseed/uRFJlZUmQHRPrhDpd4sumrnV
                    * Changed the API to explain to users that their lookup does not work if they send a GET request
                    * Added the server_version identifier to the address lookup response
To discuss ethics, request features or if you just want to talk to a human please reach out to us by sending a plain-text email to administrator _at_ this domain or contact us via https://twitter.com/chaosd0c