{"id":"soxoj-maigret","name":"maigret","homepage":"https://maigret.readthedocs.io","repo_url":"https://github.com/soxoj/maigret","category":"ai-ml","subcategories":[],"tags":["osint","cli","python","scraping","reconnaissance","investigation","sociomint","open-source"],"what_it_does":"Maigret is an OSINT/OSINT-framework style Python CLI (and optional web UI / Telegram bot / Docker image) that collects public “dossiers” by username. It searches across thousands of supported sites, parses profile pages to extract available information and links, supports recursive discovery of new usernames/IDs, can detect censorship/captchas, and retries requests. It can also check Tor/I2P-related targets and domains via DNS resolving.","use_cases":["Bulk OSINT investigations to find accounts associated with a username across many sites","Investigations of username reuse/nickname reuse across platforms","Generating graph/table/report outputs (HTML/PDF/XMind) for an investigation workflow","Researching exposure of identifiers on different site categories or countries via tag filters"],"not_for":["Automated account takeover, credential harvesting, or any intrusive behavior beyond public web pages","High-assurance identity verification (it does not guarantee the accounts are the same person)","Operations requiring a formal authenticated API contract for third-party software integration (the primary interface is a CLI)","Use in contexts where OSINT/legal/compliance constraints disallow cross-site searching and automated data collection"],"best_when":"You need to run local or containerized username-based OSINT searches with human review of results, or you need an offline investigation tool that does not require API keys.","avoid_when":"You need strict data minimization, strong privacy guarantees, or a formally secured API with fine-grained scopes; also avoid where scraping/automation against many sites is legally or contractually disallowed.","alternatives":["Sherlock (Sherlock-project/sherlock)","SocialLinks APIs / usersearch-style services (commercial, API-based alternatives mentioned as using Maigret)","Other OSINT platforms/frameworks with APIs and governance (e.g., commercial OSINT vendors)"],"af_score":47.2,"security_score":44.5,"reliability_score":42.5,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T13:16:11.500288+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["Python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["No authentication required for local CLI usage (public web scraping).","Optional hosted Telegram bot suggests a managed service, but README does not specify auth mechanisms for API access."],"oauth":false,"scopes":false,"notes":"Local usage does not require API keys per README. A separate commercial API may exist (emailed contact), but the README does not document auth details, scopes, or endpoints."},"pricing":{"model":"Self-hosted (pip/Docker/Windows exe) with optional","free_tier_exists":false,"free_tier_limits":null,"paid_tiers":["Commercial: daily updated database of supported sites","Commercial: username check API"],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing for commercial services is not specified in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":["Educational/lawful-use disclaimer","Mentions GDPR/CCPA compliance responsibility is on the user"],"min_contract":null},"agent_readiness":{"af_score":47.2,"security_score":44.5,"reliability_score":42.5,"mcp_server_quality":0.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":95.0,"rate_limit_clarity":30.0,"tls_enforcement":60.0,"auth_strength":25.0,"scope_granularity":10.0,"dependency_hygiene":55.0,"secret_handling":80.0,"security_notes":"Security posture is mostly about how it performs unauthenticated web requests and processes scraped content. README indicates no API keys are required for local use. The tool uses networking/scraping dependencies (including SOCKS/Tor-related packages), which increases operational risk (e.g., reaching hostile endpoints and parsing untrusted HTML). Specific guidance on TLS requirements, safe HTML handling, logging of sensitive data, or mitigation of SSRF-like risks is not provided in the supplied content. Dependency hygiene is unknown from the snapshot; versions appear reasonably modern but CVE status is not verifiable here.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":50.0,"error_recovery":60.0,"idempotency_support":"false","idempotency_notes":"Not described. Re-running a username search will likely repeat network requests and regenerate reports; idempotency is not documented.","pagination_style":"none","retry_guidance_documented":true,"known_agent_gotchas":["The tool performs large-scale crawling/scraping across many sites; automated use may trigger rate limiting/captchas or legal/compliance issues per-site.","Results depend on site HTML structure and availability; parsing failures may occur without consistent machine-readable error reporting.","Because there is no documented REST API contract for programmatic consumption, agents typically must drive the CLI (and parse generated outputs) rather than call stable endpoints."]}}