gitwtfhub

wtf is seekyou?

teycir/seekyou — explained in plain English

Analysis updated 2026-05-18

8TypeScriptAudience · developerComplexity · 4/5Setup · moderate

TL;DR

OSINT web tool that takes an IP, domain, or ASN and pulls a single report from fifteen public sources, running on Cloudflare Workers with D1 and KV storage.

Mindmap

mindmap
  root((SeekYou))
    Inputs
      IP address
      Domain
      ASN
    Outputs
      Network report
      Threat hits
      Certificate history
      Vulnerability data
    Use Cases
      Triage suspicious IPs
      Audit owned infrastructure
      Track host changes
    Tech Stack
      TypeScript
      Cloudflare Workers
      D1
      KV

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Run a one-shot OSINT report on an IP you control during incident response

REASON 2

Watch a domain with the cron worker and post a webhook diff when it changes

REASON 3

Self-host a free OSINT dashboard on the Cloudflare free tier

REASON 4

Enrich a threat feed with RDAP, passive DNS, and certificate transparency data

What's in the stack?

TypeScriptCloudflare WorkersD1KVWrangler

How it stacks up

teycir/seekyoulisenkaci/revoliomadeye/bangumi-downloader
Stars888
LanguageTypeScriptTypeScriptTypeScript
Setup difficultymoderatehard
Complexity4/54/5
Audiencedeveloperdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · moderate Time to first run · 1h+

Needs a Cloudflare account with D1 and KV plus secrets for every OSINT source you want enabled.

Wtf does this do

SeekYou is a web tool for what the security industry calls OSINT, or open-source intelligence. You give it an IP address, a domain name, or an ASN, which is the identifier for a network operator on the internet, and it gathers a single report by querying fifteen public data sources at once. The README pitches it as a way to quickly see who owns a piece of internet infrastructure, what ports are open, what certificates it has used, and whether it appears in any threat feeds. The report bundles several categories. Network details include open ports, BGP routing prefixes, and upstream and peer networks. Identity covers RDAP registration data, contacts, and registrar information. Geo shows country, city, ISP, and flags for proxy, hosting, or mobile networks. Certificates pull from crt.sh, DNS information comes from passive DNS and Robtex, and threat intelligence is checked against URLhaus, ThreatFox, MalwareBazaar, Feodo Tracker, and SSLBL. It also enriches any vulnerability identifier from InternetDB with details from the NVD and CIRCL databases, and lists exposed cloud storage buckets and archived web snapshots. The whole thing runs on the Cloudflare free tier, with no traditional server behind it. The README describes an edge-first architecture using Cloudflare Workers, with no Node.js dependency, layered parallel execution, and graceful degradation so that a single failing source shows an unavailable badge rather than breaking the whole page. Storage is split between Cloudflare D1, which is a SQL database, and KV, which is a key-value store, and there is a fire-and-forget pattern for writing history so user requests stay fast. The README also describes a separate cron worker that polls hosts on a schedule and emits a typed diff to a webhook when something changes. A large section on lawful use spells out what the author considers permitted and prohibited. Permitted uses cover security operations on networks you own or are authorised to monitor, threat intelligence research, penetration testing with written permission, academic study, and compliance work. Prohibited uses include any unauthorised reconnaissance, harassment or stalking, and anything that would breach laws like the US Computer Fraud and Abuse Act, the UK Computer Misuse Act, or the GDPR. The author also notes that querying a host through SeekYou does not give permission to access it. The rest of the README covers project structure, caching, rate limiting, circuit breakers, an API key rotation scheme for one source called GrayHatWarfare, D1 schema setup, deployment with Wrangler, and a list of required secrets. A donation address and links to related tools by the same author round it out.

Yoink these prompts

Prompt 1
Deploy SeekYou to my Cloudflare account with Wrangler and the required secrets
Prompt 2
Walk me through the D1 schema and how history records are written
Prompt 3
Add a new OSINT source to SeekYou behind the same circuit breaker pattern
Prompt 4
Show me how the cron worker computes the typed diff and posts it to a webhook
Prompt 5
Explain the API key rotation scheme for GrayHatWarfare and how to wire it up

Frequently asked questions

wtf is seekyou?

OSINT web tool that takes an IP, domain, or ASN and pulls a single report from fifteen public sources, running on Cloudflare Workers with D1 and KV storage.

What language is seekyou written in?

Mainly TypeScript. The stack also includes TypeScript, Cloudflare Workers, D1.

How hard is seekyou to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is seekyou for?

Mainly developer.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.