Noureddine RAMDI / H4X-Tools: a modular Python CLI for OSINT and dual-source credential leak search

Created Sat, 23 May 2026 20:41:14 +0000 Modified Sat, 23 May 2026 20:41:27 +0000
956 Words
github-stars python osint cli reconnaissance credential-intelligence security

vil/H4X-Tools

H4X-Tools is a terminal-based Python toolkit that packs a comprehensive suite of 16 modular utilities aimed at OSINT, reconnaissance, and scraping tasks. Designed for both Linux and Windows, it covers the full spectrum of investigative workflows — from social media intelligence and dark-web-style dork generation to infrastructure enumeration and credential intelligence. What sets it apart is its dual-source breach search that combines Hudson Rock stealer logs and the massive ProxyNova COMB dataset, offering more actionable insights than typical breach checkers.

What H4X-Tools does and how it’s built

At its core, H4X-Tools is a Python 3.10+ CLI program structured around a modular toolkit philosophy. It integrates 16 distinct utilities under a single command-line interface, each focusing on a specific aspect of OSINT or reconnaissance:

  • Social media intelligence: Instagram scraping powered by ensta/toutatis modules.
  • Dark web-style dork generation: Seven search modes, each using over a dozen dork templates for various reconnaissance scenarios.
  • Infrastructure enumeration: Tools include a port scanner, WHOIS lookups, IP geolocation, and directory brute forcing.
  • Credential intelligence: The standout feature combining leaked credential data from two massive sources.
  • Local system reconnaissance: Utilities for Wi-Fi scanning and vault management, Bluetooth device discovery, and local user enumeration.

All data-producing tools can export results in TXT, CSV, or JSON formats, stored neatly in a scraped_data/ directory. This makes post-processing or integration into other workflows straightforward.

The toolkit supports both Linux and Windows by using platform-appropriate backends: for example, nmcli on Linux vs. netsh on Windows for network operations, and bluetoothctl for Bluetooth scanning. This cross-platform support is baked into the codebase, allowing the same CLI to function well across environments.

Under the hood, the codebase is Pythonic but not trivial — it balances modularity with direct system calls and network operations. The setup scripts use PyInstaller to optionally build standalone executables, reducing dependency friction in deployment.

The dual-source leak search and modular design as core technical strengths

The most technically interesting aspect of H4X-Tools is its credential leak search utility. It aggregates two major data sources:

  1. Hudson Rock Cavalier stealer logs: These logs contain detailed breach intelligence, not just the fact that an account was compromised, but also contextual info like the stealer family, infected machine details, and timestamps.

  2. ProxyNova COMB dataset: A massive compilation of 3.2 billion+ leaked credential lines aggregated from hundreds of sources.

This dual-source approach surfaces more actionable intelligence than conventional breach checkers that typically only indicate if an account appears in leaked data. By tying breach records to specific stealer families and infection vectors, H4X-Tools empowers investigators to understand the breach’s nature and potentially its origin.

The toolkit’s modularity is another strength. Each utility is self-contained but shares conventions for input and output, making it easy to script or chain tools together. The code quality is pragmatic — readable Python with clear separation of concerns. While not a full framework, the design enables straightforward extension or customization.

Tradeoffs exist in the toolkit’s scope and dependencies. It relies on external modules like ensta and toutatis for Instagram scraping, and uses system tools like nmcli or netsh, so users must have the corresponding environments set up properly. The dual-source leak search relies on large datasets, which could impact performance or storage depending on usage.

Quick start with H4X-Tools

The project ships with setup scripts for both Linux and Windows that install dependencies and optionally build a standalone executable using PyInstaller. The README provides these exact commands:

Linux

git clone https://github.com/vil/h4x-tools.git
cd h4x-tools
sh setup.sh

Windows

git clone https://github.com/vil/h4x-tools.git
cd h4x-tools
setup.bat

You can run the toolkit directly with:

python h4xtools.py

Or install dependencies manually:

pip install -r requirements.txt

For debugging output, launch with the --debug flag:

python h4xtools.py --debug

These commands provide a straightforward path to getting the toolkit up and running. The setup scripts handle the heavy lifting of installing dependencies, which is especially helpful given the range of external modules and system tools involved.

Verdict

H4X-Tools is a practical, modular Python CLI toolkit for OSINT and reconnaissance practitioners who want an all-in-one toolset covering social media scraping, infrastructure enumeration, and credential intelligence. Its most compelling feature is the dual-source credential leak search that goes beyond simple breach checks by tying leaked credentials to stealer logs and infection context.

The toolkit is well-suited for security researchers, threat intelligence analysts, and penetration testers who operate across Linux and Windows environments. The modular design and export options facilitate integration into custom workflows.

Limitations include dependency on external scraping modules and system tools, which may require setup effort. Performance may vary depending on dataset sizes and network conditions. It’s not a turnkey commercial product but a solid open-source toolkit with a transparent codebase and practical features.

For anyone needing a hands-on OSINT CLI toolkit with a strong focus on credential intelligence, H4X-Tools is worth exploring.

→ GitHub Repo: vil/H4X-Tools ⭐ 751 · Python