A privacy-first, graph-based OSINT investigation platform with 30+ automated enrichers for mapping relationships between domains, IPs, people, and organizations.
Flowsint is an open-source OSINT (Open Source Intelligence) investigation platform that brings together graph visualization, automated enrichers, and privacy-first design into a single self-hosted environment. Instead of juggling a collection of disconnected scripts and third-party services, analysts get a unified workspace where intelligence flows directly into an interactive graph — revealing hidden connections between domains, IP addresses, email addresses, social profiles, cryptocurrency wallets, and more.
The platform is organized into five autonomous Python modules (core, types, enrichers, API, and app) alongside a React-based frontend built on React Flow. This modular architecture means individual enrichers can be added, replaced, or extended without touching the rest of the system. Over 30 enrichers ship out of the box — covering DNS resolution, WHOIS history, subdomain enumeration, ASN lookups, social media username searches via Maigret, breach checks, cryptocurrency transaction traces, and website crawling.
Flowsint also supports visual automation through its Flows feature: analysts can design reusable enrichment pipelines as directed graphs, where the output of one enricher feeds automatically into the next. This makes it possible to encode entire investigation methodologies — from an email address all the way to an organizational structure — as reproducible, shareable workflows.
All data remains on the investigator’s own machine. No telemetry, no external accounts, no cloud sync. A Docker Compose setup with PostgreSQL, Neo4j, and Redis can be running in minutes on Linux, macOS, or Windows, and the same stack deploys unchanged to a team server for collaborative investigations.
Architecture
Flowsint follows a clean layered monorepo architecture with strict dependency direction: a shared types layer feeds up through an enrichers layer, which feeds into a core orchestration layer, which the FastAPI server consumes, while the React frontend sits entirely separate at the top. The Python backend enforces this separation through a uv workspace where each module declares explicit dependencies. The enricher execution model is particularly well-designed — a FlowOrchestrator class accepts a list of FlowBranch objects representing directed execution paths, instantiates the corresponding enrichers from a global EnricherRegistry, and runs them asynchronously via Celery workers while streaming results back to the client through Server-Sent Events. State is never passed implicitly between layers; each enricher is self-contained and stateless beyond its Neo4j write operations.
Tech Stack The backend is Python 3.12+ with FastAPI serving the REST API and SSE event streams, Celery with Redis as the task broker for async enrichment jobs, PostgreSQL via SQLAlchemy for user and investigation metadata, and Neo4j 5 for graph storage with APOC extensions. The frontend is React 19 with TypeScript, bundled by Vite, routed by TanStack Router, and state-managed via Zustand stores. The graph canvas uses React Flow (xyflow) with a Dagre layout engine, complemented by PixiJS and D3-force for alternative rendering modes. The rich-text analysis editor is built on Tiptap. The entire stack ships as a Docker Compose cluster with Nginx proxying the frontend, and pre-built images are published to GitHub Container Registry for zero-build deployments.
Code Quality The project has a limited but focused test suite — the API module includes auth-oriented tests using pytest, and each Python module has a test directory, though the README explicitly notes the suites are incomplete. The frontend has vitest configured. Code quality signals are strong elsewhere: TypeScript strict mode is enforced throughout the frontend, Pydantic v2 models are used rigorously for all data validation in the Python backend, and enricher inputs/outputs are validated through dynamically constructed Pydantic models. The vault module demonstrates careful security thinking with HKDF key derivation and AES-256-GCM encryption. Commit discipline is enforced via Commitizen and commitlint with conventional changelog.
What Makes It Unique
The combination of a visual Flow automation editor with a live OSINT graph distinguishes Flowsint from both traditional CLI OSINT toolkits and static graph visualizers. Most OSINT tools operate in isolation — Flowsint treats enrichers as composable, typed graph transformations: every enricher declares an InputType and OutputType as Pydantic models, and the Flow editor enforces type-safe connections between them, preventing an IP enricher from being wired to an email input. The encrypted per-user vault for third-party API keys is also uncommon in self-hosted OSINT tooling, enabling teams to safely share an installation without exposing individual credentials. The N8n connector enricher further extends the platform to arbitrary external automation, making Flowsint a hub rather than a terminal point in an investigation workflow.
Flowsint is licensed under the Apache License 2.0, one of the most permissive open-source licenses available. You can use it commercially, modify the source, distribute your own version, and run it internally without any royalty or restriction. The only requirements are preserving the copyright notice and the NOTICE file when distributing. There is no copyleft obligation, so integrating Flowsint into a proprietary internal toolchain does not require open-sourcing your own code. There are no enterprise modules, gating flags, or premium tiers — the entire feature set visible in the repository is available to anyone.
Running Flowsint yourself means operating a multi-service Docker Compose stack: PostgreSQL for relational data, Neo4j for graph storage, Redis as the Celery message broker, a FastAPI backend, a Celery worker process, and an Nginx-fronted React frontend. On a single server this is straightforward with the provided make prod command, but scaling to handle large investigations or many concurrent users requires manually managing Neo4j heap, Celery worker concurrency, and Postgres connection pooling. You are responsible for backups of the Postgres and Neo4j volumes, keeping images pinned to tested versions (FLOWSINT_VERSION in .env), rotating AUTH_SECRET and MASTER_VAULT_KEY_V1 for credential hygiene, and configuring TLS through a reverse proxy before exposing the instance to any network beyond a trusted LAN. The project is still in relatively early development (v1.2.x with 13 releases since late 2025), so breaking changes between versions are possible.
There is no hosted or managed version of Flowsint at this time — the project is purely self-hosted. This means there is no vendor support tier, no SLA, no cloud backup service, and no managed upgrade path. Support is community-driven via Discord and GitHub Issues. For teams that need shared investigations, the same Docker Compose stack can be deployed to a server with port 5173 exposed, and multiple users can register and work simultaneously — but access control, network security, and operational monitoring are entirely the operator’s responsibility.
Automation · Productivity · AI Assistants
Build, deploy, and run autonomous AI agents that automate complex multi-step workflows using a visual block-based graph editor.
No Code Platforms · AI Development · Developer Tools
Visual LLM workflow platform with RAG pipelines, agent capabilities, and model management for building production AI applications.
Developer Tools · Game Development · Design Tools
Free, MIT-licensed 2D and 3D game engine with one-click multi-platform export and no royalties.