dom-omg/webscout

# WebScout — Autonomous OSINT Threat Intelligence Agent Autonomous threat intelligence agent powered by **Bright Data** live web infrastructure + **Claude Opus** orchestrator. **Hackathon:** Bright Data x lablab.ai Web Data UNLOCKED — Track 3: Security & Compliance **Deadline:** May 29, 2026 ## What It Does Give it any IOC — domain, IP, org, email, threat actor — and it autonomously: 1. **Searches live web** via Bright Data SERP API (bypasses geo-blocks, real-time) 2. **Scrapes threat intel pages** via Bright Data Web Unlocker (bypasses bot detection) 3. **Hunts credential exposure** on paste sites, GitHub, dark web forums 4. **Cross-references infrastructure** — WHOIS, DNS, IP reputation, domain reputation 5. **Self-corrects** — iterates on low-confidence findings, re-verifies before reporting 6. **Produces structured report** — every finding MITRE ATT&CK tagged, confidence scored, traced to live source ## Why Bright Data Standard scrapers hit walls: bot detection on AbuseIPDB, geo-blocks on threat intel forums, JS-rendered paste sites, SERP rate limits. Bright Data removes every wall — Web Unlocker bypasses bot detection, SERP API returns real-time results, residential proxies route through any country. ## Architecture agent/ Claude Opus orchestrator Self-correction loop | Confidence scoring | Hallucination detection mcp-server/ Custom MCP Server — 14 Bright Data OSINT tools bd_web_search | bd_scrape_url | bd_whois | bd_dns_lookup bd_search_news | osint_paste_search | osint_github_exposure osint_threat_actor_search | osint_ip_reputation osint_domain_reputation | osint_linkedin_org | report_* ## Quick Start git clone https://github.com/dom-omg/webscout && cd webscout cd mcp-server && npm install && npm run build && cd .. cd agent && npm install && cd .. export ANTHROPIC_API_KEY=sk-ant-... export BRIGHTDATA_API_TOKEN=your_token # Investigate a domain TARGET_IOC=evil.com TARGET_TYPE=domain npx tsx agent/src/index.ts # Investigate an IP TARGET_IOC=185.220.101.45 TARGET_TYPE=ip npx tsx agent/src/index.ts # Investigate a threat actor TARGET_IOC="Lazarus Group" TARGET_TYPE=threat_actor npx tsx agent/src/index.ts ## Confidence Scoring | Level | Score | Requirement | |-------|-------|-------------| | CONFIRMED | ≥0.85 | 3+ independent Bright Data sources agree | | CORROBORATED | 0.65–0.84 | 2 independent sources | | INFERRED | 0.40–0.64 | 1 source + logic | | SPECULATIVE | <0.40 | Flagged as hallucination — NOT in report |

标签：自动化攻击