Skip to main content

Welcome to Iris

Iris is an open-source intelligence (OSINT) tool that simplifies reconnaissance by aggregating multiple free APIs into a single, intuitive interface. No fancy features, no bloat—just straightforward data gathering for security researchers, investigators, and curious minds.

Username Search

Check if a username exists across 500+ platforms using WhatsMyName, Sherlock, and Maigret databases.

Image Analysis

Reverse image search across Google Lens, Yandex, and Bing with automatic metadata extraction.

Email Verification

Check email reputation, breach history, and validity using IPQualityScore API.

Domain Analysis

DNS records, WHOIS, SSL certificates, security headers, and technology detection.

Company Search

Lookup companies in UK Companies House, SEC EDGAR (US), and GLEIF global LEI database.

Privacy First

No accounts, no tracking, no analytics. Self-host for complete control over your data.

Why Iris?

OSINT investigations often require jumping between dozens of websites and services. Iris eliminates that friction by:
  • Aggregating Data Sources - Access multiple APIs through a single interface
  • Real-Time Streaming - See results as they arrive with server-sent events
  • No Authentication - Run locally without creating accounts on third-party services
  • Privacy Focused - No tracking, no analytics, no data retention
  • Self-Hostable - Full control over your infrastructure and data

How It Works

Iris is built on Next.js 15 with React 19 and TypeScript. Each feature module runs independently: 
// Example: Username search API endpoint
// source: app/api/username/search/route.ts:8-32
export async function POST(request: NextRequest) {
    const body = await request.json();
    const { username, sources } = body;

    if (!username || typeof username !== 'string' || username.length < 1) {
        return new Response(
            JSON.stringify({ error: 'Invalid username' }),
            { status: 400, headers: { 'Content-Type': 'application/json' } }
        );
    }

    const validSourceIds = OSINT_SOURCES.map(s => s.id);
    const requestedSources: OsintSource[] = Array.isArray(sources)
        ? sources.filter((s: string) => validSourceIds.includes(s as OsintSource)) as OsintSource[]
        : validSourceIds;

    if (requestedSources.length === 0) {
        return new Response(
            JSON.stringify({ error: 'No valid sources selected' }),
            { status: 400, headers: { 'Content-Type': 'application/json' } }
        );
    }

    const cleanUsername = username.trim().toLowerCase();
    // ... streaming implementation
}
All API endpoints use streaming responses for real-time progress updates, allowing you to see results as they’re discovered rather than waiting for batch completion.

Core Features

Username Enumeration

Search across 500+ platforms using three major OSINT databases:
  • WhatsMyName - Community-maintained username enumeration
  • Sherlock - Social media hunting across popular platforms
  • Maigret - Comprehensive username search engine

Image Intelligence

Upload images for reverse search and metadata extraction:
  • Automatic EXIF data parsing (GPS, camera info, timestamps)
  • Simultaneous queries to Google Lens, Yandex, and Bing
  • Temporary image hosting via ImgBB (auto-deletes after 10 minutes)

Email Analysis

Verify email addresses and check reputation:
  • Format validation and syntax checking
  • Disposable email detection
  • Known breach database lookups
  • Spam/fraud risk scoring

Domain Reconnaissance

Comprehensive domain analysis without API keys:
  • DNS resolution (A, AAAA, MX, TXT, NS, CNAME, SOA records)
  • WHOIS lookup with registrar information
  • SSL certificate validation and expiration
  • Security header analysis (CSP, HSTS, X-Frame-Options)
  • Technology stack detection
  • Optional subdomain enumeration

Company Research

Search company databases across multiple jurisdictions:
  • UK Companies House - Official UK company registry
  • SEC EDGAR - US Securities and Exchange Commission filings
  • GLEIF - Global Legal Entity Identifier database

Tech Stack

Next.js 15

App Router with server-sent events

React 19

Modern UI with streaming responses

TypeScript

Type-safe API contracts

Tailwind CSS

Utility-first styling

Framer Motion

Smooth animations

Radix UI

Accessible components

What Iris Doesn’t Do

Iris is a data aggregation tool, not a hacking framework. It only queries public APIs and services. It does not:
  • Exploit vulnerabilities or bypass authentication
  • Store or log search queries
  • Track user behavior or analytics
  • Require user accounts or authentication

Quick Start

Get Iris running in under 5 minutes:
1

Clone the repository

git clone https://github.com/chinmay505/iris.git
cd iris
2

Install dependencies

npm install
3

Configure environment

cp .env.example .env
# Edit .env with your API keys (optional)
4

Start the server

npm run dev
Open http://localhost:3000
Many features work without API keys! Domain analysis, SEC EDGAR, GLEIF LEI lookup, and username search all use public APIs.

Next Steps

Quick Start Guide

Get Iris installed and running in minutes

Configuration

Configure API keys and environment variables

API Reference

Explore the REST API endpoints

Self-Hosting

Deploy Iris on your own infrastructure

Build docs developers (and LLMs) love

Get started for freeTalk to us