maigret
Maigret is an OSINT/OSINT-framework style Python CLI (and optional web UI / Telegram bot / Docker image) that collects public “dossiers” by username. It searches across thousands of supported sites, parses profile pages to extract available information and links, supports recursive discovery of new usernames/IDs, can detect censorship/captchas, and retries requests. It can also check Tor/I2P-related targets and domains via DNS resolving.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is mostly about how it performs unauthenticated web requests and processes scraped content. README indicates no API keys are required for local use. The tool uses networking/scraping dependencies (including SOCKS/Tor-related packages), which increases operational risk (e.g., reaching hostile endpoints and parsing untrusted HTML). Specific guidance on TLS requirements, safe HTML handling, logging of sensitive data, or mitigation of SSRF-like risks is not provided in the supplied content. Dependency hygiene is unknown from the snapshot; versions appear reasonably modern but CVE status is not verifiable here.
⚡ Reliability
Best When
You need to run local or containerized username-based OSINT searches with human review of results, or you need an offline investigation tool that does not require API keys.
Avoid When
You need strict data minimization, strong privacy guarantees, or a formally secured API with fine-grained scopes; also avoid where scraping/automation against many sites is legally or contractually disallowed.
Use Cases
- • Bulk OSINT investigations to find accounts associated with a username across many sites
- • Investigations of username reuse/nickname reuse across platforms
- • Generating graph/table/report outputs (HTML/PDF/XMind) for an investigation workflow
- • Researching exposure of identifiers on different site categories or countries via tag filters
Not For
- • Automated account takeover, credential harvesting, or any intrusive behavior beyond public web pages
- • High-assurance identity verification (it does not guarantee the accounts are the same person)
- • Operations requiring a formal authenticated API contract for third-party software integration (the primary interface is a CLI)
- • Use in contexts where OSINT/legal/compliance constraints disallow cross-site searching and automated data collection
Interface
Authentication
Local usage does not require API keys per README. A separate commercial API may exist (emailed contact), but the README does not document auth details, scopes, or endpoints.
Pricing
Pricing for commercial services is not specified in the provided content.
Agent Metadata
Known Gotchas
- ⚠ The tool performs large-scale crawling/scraping across many sites; automated use may trigger rate limiting/captchas or legal/compliance issues per-site.
- ⚠ Results depend on site HTML structure and availability; parsing failures may occur without consistent machine-readable error reporting.
- ⚠ Because there is no documented REST API contract for programmatic consumption, agents typically must drive the CLI (and parse generated outputs) rather than call stable endpoints.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for maigret.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-29.