Robin: The AI-Powered “Sidekick” for Dark Web OSINT Investigations
Robin is an AI-powered tool for conducting dark web OSINT investigations. It leverages LLMs to refine queries, filter search results from dark web search engines, and provide an investigation summary.
Features
- Modular Architecture – Clean separation between search, scrape, and LLM workflows.
- Multi-Model Support – Easily switch between OpenAI, Claude, Gemini or local models like Ollama.
- CLI-First Design – Built for terminal warriors and automation ninjas.
- Docker-Ready – Optional Docker deployment for clean, isolated usage.
- Custom Reporting – Save investigation output to file for reporting or further analysis.
- Extensible – Easy to plug in new search engines, models, or output formats.
Installation
Note
The tool needs Tor to do the searches. You can install Tor using apt install tor on Linux/Windows(WSL) or brew install tor on Mac. Once installed, confirm if Tor is running in the background.
Tip
You can provide OpenAI or Anthropic or Google API key by either creating .env file (refer to sample env file in the repo) or by setting env variables in PATH.
For Ollama, provide http://host.docker.internal:11434 as OLLAMA_BASE_URL in your env if running using docker method or http://127.0.0.1:11434 for other methods. You might need to serve Ollama on 0.0.0.0 depending on your OS. You can do by running OLLAMA_HOST=0.0.0.0 ollama serve & in your terminal.
Docker (Web UI Mode) [Recommended]
- Pull the latest Robin docker image
docker pull apurvsg/robin:latest
- Run the docker image as:
docker run --rm \
-v "$(pwd)/.env:/app/.env" \
--add-host=host.docker.internal:host-gateway \
-p 8501:8501 \
apurvsg/robin:latest ui --ui-port 8501 --ui-host 0.0.0.0
Release Binary (CLI Mode)
- Download the appropriate binary for your system from the latest release
- Unzip the file, make it executable
chmod +x robin
- Run the binary as:
robin cli –model gpt-4.1 –query “ransomware payments“
Using Python (Development Version)
- With
Python 3.10+installed, run the following:
pip install -r requirements.txt
python main.py cli -m gpt-4.1 -q “ransomware payments“ -t 12
Usage
[pastacode lang=”markup” manual=”Robin%3A%20AI-Powered%20Dark%20Web%20OSINT%20Tool%0A%0Aoptions%3A%0A%20%20-h%2C%20–help%20%20%20%20%20%20%20%20%20%20%20%20show%20this%20help%20message%20and%20exit%0A%20%20–model%20%7Bgpt4o%2Cgpt-4.1%2Cclaude-3-5-sonnet-latest%2Cllama3.1%2Cgemini-2.5-flash%7D%2C%20-m%20%7Bgpt4o%2Cgpt-4.1%2Cclaude-3-5-sonnet-latest%2Cllama3.1%2Cgemini-2.5-flash%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Select%20LLM%20model%20(e.g.%2C%20gpt4o%2C%20claude%20sonnet%203.5%2C%20ollama%20models%2C%20gemini%202.5%20flash)%0A%20%20–query%20QUERY%2C%20-q%20QUERY%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Dark%20web%20search%20query%0A%20%20–threads%20THREADS%2C%20-t%20THREADS%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Number%20of%20threads%20to%20use%20for%20scraping%20(Default%3A%205)%0A%20%20–output%20OUTPUT%2C%20-o%20OUTPUT%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Filename%20to%20save%20the%20final%20intelligence%20summary.%20If%20not%20provided%2C%20a%20filename%20based%20on%20the%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20current%20date%20and%20time%20is%20used.%0A%0AExample%20commands%3A%0A%20-%20robin%20-m%20gpt4.1%20-q%20%22ransomware%20payments%22%20-t%2012%0A%20-%20robin%20–model%20gpt4.1%20–query%20%22sensitive%20credentials%20exposure%22%20–threads%208%20–output%20filename%0A%20-%20robin%20-m%20llama3.1%20-q%20%22zero%20days%22%0A%20-%20robin%20-m%20gemini-2.5-flash%20-q%20%22zero%20days%22″ message=”” highlight=”” provider=”manual”/]
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
