🟡 Intermediate ⚙️ Type: OSINT Graph / Cybersecurity Investigation 💸 Free & Open Source ⭐ Trending on GitHub
What is Flowsint?
Flowsint is a modern, open-source OSINT (Open Source Intelligence) platform developed by the reconurge team. It is designed to help cybersecurity analysts, journalists, and ethical hackers visualize and explore complex relationships between digital entities using a highly interactive graph interface.
Unlike traditional, list-based reconnaissance tools that spit out unreadable walls of text, Flowsint visually connects the dots. You start with a single entity—such as a suspicious domain, IP address, email, or cryptocurrency wallet—and run automated transformations called “Enrichers.” These enrichers pivot off the original data to discover hidden connections, instantly expanding your graph to reveal hosting infrastructure, corporate ownership, or associated social media profiles.
Because it is deployed via Docker, the entire application, including its powerful Neo4j graph database, runs completely locally. This ensures that highly confidential investigations remain strictly private and never leak to third-party cloud servers or tool vendors.
Who is it for?
- Cybersecurity and Threat Analysts investigating phishing infrastructure, tracking APT (Advanced Persistent Threat) groups, or mapping out an organization’s external attack surface.
- OSINT Researchers and Investigative Journalists tracing corporate relationships, identifying the owners behind anonymous websites, and building comprehensive digital footprints.
- Law Enforcement and Fraud Teams tracking cryptocurrency transactions, wallet linkages, and digital scams.
- Corporate Intelligence Teams conducting internal threat intelligence, digital risk analysis, or competitive landscape mapping in a secure, on-premise environment.
What makes it special?
- Visual Graph Exploration — Powered by a Neo4j database and a highly optimized React Flow frontend, it handles thousands of interconnected nodes smoothly, allowing you to literally “see” the truth in your data.
- Autonomous Enrichers — Features dozens of built-in pivot tools ranging from native DNS/WHOIS lookups to advanced Python scripts (like Sherlock and Maigret) and integrations with external APIs like Shodan.
- n8n Workflow Automation — It seamlessly plugs into n8n, enabling you to build sophisticated automation pipelines. You can configure it to automatically scrape new threat data and ping your Slack channel when malicious indicators are added to your graph.
- Absolute Privacy Sovereignty — By running 100% on-premise, your investigation logs are never shared. You maintain complete control over your intelligence data without relying on a SaaS provider’s cloud security.
- Extensible Architecture — The platform is divided into autonomous modules (Core, Types, Enrichers, API, App). If a specific OSINT tool becomes obsolete, you can easily unplug it and write a new Python enricher without breaking the core graph.
Requirements before you start
Flowsint relies on a containerized infrastructure to orchestrate its databases and APIs, so you will need a capable environment:
- Docker & Docker Desktop — Essential for running the containerized PostgreSQL, Neo4j, Redis, Celery workers, and the web interface.
- Make (Optional but Recommended) — Used to execute the developer’s simple setup commands. It is native on macOS/Linux. Windows users can use WSL or Git Bash.
- Git — To clone the source code repository from GitHub.
- API Keys (Optional) — While many native network enrichers are free, integrating premium tools (e.g., Shodan) requires you to provide your own API keys in the environment file.
Step-by-step installation
Step 1 — Clone the Repository
Open your terminal (or Command Prompt/PowerShell) and pull the project files to your computer:
git clone https://github.com/reconurge/flowsint.git
cd flowsint
Step 2 — Run the Setup Command
If you are on Linux, macOS, or using WSL, use the provided Make command to automatically build the Docker images and start the services:
make prod
(Windows users without Make can simply execute: docker compose -f docker-compose.prod.yml up -d)
Wait a minute or two for the databases (Neo4j and PostgreSQL) to fully initialize.
Step 3 — Create Your Admin Account
Because Flowsint prioritizes security, it does not ship with default admin credentials. Open your web browser and navigate to:
http://localhost:5173/register
Create your account. Once registered, you will be directed to the main dashboard.
Step 4 — Start Your First Investigation
- Click Create a new investigation.
- Add a starting node to the canvas (e.g., a “Domain” node for a suspicious website).
- Right-click the node and select an Enricher (like “DNS Resolution” or “Subdomain Discovery”).
- Watch as the tool queries the data and visually expands the graph with connected IP addresses and subdomains!
Common errors and fixes
| Error | What it means | How to fix it |
|---|---|---|
Bind for 0.0.0.0:5173 failed: port is already allocated | Another application on your machine is already using the frontend port (5173) or the Neo4j database port. | Open the docker-compose.prod.yml file in a text editor. Change the port mapping on the left side of the colon (e.g., change "5173:80" to "8080:80") and run the setup command again. |
| Enrichers fail to return data or time out | The specific OSINT tool you selected requires internet access, is being blocked by a firewall, or requires a valid API key. | Ensure your Docker containers have outbound network access. For premium enrichers, copy the .env.example file to .env and insert your active API keys. |
| Cannot connect to the backend API / Graph doesn’t load | You likely tried to access the frontend before the FastAPI server and Neo4j database finished booting up inside Docker. | Wait 30 to 60 seconds after running make prod for all services to start, then refresh the browser page. |
Free vs Paid comparison
| Feature | Flowsint (Free Local Open Source) | Maltego (Commercial Standard) |
|---|---|---|
| Cost | $0 (Free Apache 2.0 License) | $1,000+ per year for pro/enterprise |
| Investigation Privacy | ✅ 100% Local and Confidential | ⚠️ Relies heavily on external transform servers |
| Data Integrations & Transforms | 🟡 Bring your own API keys / Free scripts | 🟢 Massive built-in commercial transform hub |
| Setup Required | ⚠️ Requires Docker configuration | 🟢 Standard Desktop Installer |
Bottom line: Flowsint is an incredible, modern alternative to expensive proprietary intelligence platforms. If you value absolute confidentiality and don’t mind setting up a Docker environment, it provides enterprise-grade graph visualization for free. However, giant commercial tools still hold an advantage in the sheer volume of pre-negotiated, click-to-buy commercial data streams available in their marketplaces.
Alternatives — 3 similar tools
1. Maltego
The unquestioned industry standard for graph-based link analysis and OSINT. It is used heavily by law enforcement and enterprise security teams. While it is extremely powerful and has a massive ecosystem of “Transforms,” commercial use requires expensive licensing, and data is often routed through external servers.
2. SpiderFoot
An excellent, highly automated open-source OSINT framework. While it does offer graph visualization, its primary strength lies in its dashboard, which aggregates data from over 100 different public data sources automatically. It is more focused on broad automated scanning rather than the surgical, node-by-node exploration Flowsint provides.
🔗 github.com/smicallef/spiderfoot
3. Recon-ng
A full-featured Web Reconnaissance framework written in Python. It is highly respected in the ethical hacking community but operates entirely via a command-line interface (similar to Metasploit). It lacks the beautiful visual graph interface of Flowsint but is incredibly lightweight and fast.
🔗 github.com/lanmaster53/recon-ng
🚀 Want more free AI tools like this?
We find, test, and write setup guides for the best free and open-source AI tools — so you don’t have to dig through GitHub yourself.Browse Free AI Tools at globalaiforce.com/shop →
📸 Follow us for daily AI tool tips and tutorials: instagram.com/globalaiforce