"Now not only the bad guys have these tools."
PGOP is a modular, open-source intelligence platform designed to democratize access to advanced investigative tools for journalists, researchers, activists, and public-interest technologists. It combines OSINT, blockchain forensics, and AI-powered automation into one privacy-first, accessible toolkit.
Have I Been Rekt is a public-interest, open-source crypto incident response tool that helps users assess whether their wallet has been compromised using open-source intelligence and production-ready AI threat detection.
HIBR now features a production-ready deep learning model trained on massive cryptocurrency threat intelligence datasets:
- 96.27% AUC Performance - State-of-the-art threat detection accuracy
- 11MB PyTorch Model - Deep neural network with 6 hidden layers (2048→1024→512→256→128→64 neurons)
- 12-Feature Analysis - Multi-dimensional risk assessment of addresses, domains, and URLs
- Real-Time Classification - Instant threat scoring with confidence levels
- 10+ Intelligence Sources - Trained on Elliptic, Ethereum fraud datasets, OFAC sanctions, and more
- ✅ Deep Neural Network - 6-layer architecture trained on 945k+ Ethereum addresses
- ✅ Multi-Source Intelligence - Elliptic datasets, OFAC sanctions, DeFi fraud patterns
- ✅ Risk Classification - LOW/MEDIUM/HIGH/VERY HIGH with confidence scoring
- ✅ Feature Extraction - 12-dimensional analysis of crypto indicators
- ✅ Batch Processing - Efficient analysis of multiple addresses
- ✅ Comprehensive Data Collection - 10+ threat intelligence sources integrated
- ✅ Large Dataset Management - Cloud storage & streaming for unlimited data sizes
- ✅ Investigation Report Templates - Attack-specific recommendations
- ✅ UX Flow Design - Complete user journey from form to actionable report
- ✅ Training Pipeline - Automated model training with performance monitoring
- ✅ API Service - FastAPI backend with AI model integration
- ✅ Docker Support - Containerized deployment ready
- ✅ Documentation - Comprehensive guides for contributors
All planning and development is tracked transparently:
Labels help organize work:
dev-task: Developer work (backend, payment, security)docs: Documentation and educational materialsdeployment: Hosting, CI/CD, Dockerizationestimate:Xh: Estimated time in hours
- Free Tier: Local AI summary (fully self-hosted, no API calls)
- Paid Tier: Deeper OSINT reports using third-party data sources
- User-pays design: we don’t track, log, or subsidize use—every request is yours alone
- AI/ML: PyTorch deep learning model (96.27% AUC), Python 3.12
- Backend: FastAPI with async processing, hibr_ai_service.py
- Data Pipeline: Pandas, NumPy, scikit-learn for feature engineering
- Intelligence Sources: Elliptic++, Ethereum fraud datasets, OFAC sanctions, HIBP, Shodan
- Storage: Cloud-native with S3/GCS support, Parquet optimization
- Deployment: Docker-ready, Python virtual environment
- Frontend: React, Tailwind CSS
- Blockchain Connect: wagmi, web3modal
- Payments: Stripe API + WalletConnect (ETH, USDC)
- Hosting: CanHost (CA), Futo (US), or self-hosted Docker
This project uses a hybrid deployment approach:
- Initial MVP runs on OpenAI + Supabase + Vercel for rapid iteration
- Long-term migration targets a self-hosted stack using tools like Ollama, Postgres, and CanHost
See MVP-Deployment-Plan.md for the full architecture and migration strategy.
The codebase is still under construction. Here’s how to prepare for contributing:
git clone https://github.com/Pretty-Good-OSINT-Protocol/Have-I-Been-Rekt.git
cd Have-I-Been-RektWe recommend:
- GitHub CLI (
gh) - PNPM
- Termux (for mobile devs)
- Node.js (v18+)
Once the code is pushed, you'll be able to:
pnpm install
pnpm devDocker instructions and scripts are coming soon.
HIBR is built from the ground up for:
- User control (no central logs or analytics)
- Transparent hosting (CanHost + Futo only)
- Consent-first reporting (checkbox before submission)
- Self-sovereign tools (run locally, if desired)
A full PRIVACY.md is planned for v0.1. Contributions welcome.
- Wallet Compromise Form: Collect symptoms from users (wallet, loss time, what happened)
- Input Validation: Check ETH address format + required fields
- Consent Layer: Explicit privacy checkbox with disclaimer
- API Endpoint: Accepts form input for AI + OSINT analysis
- Self-Hosted AI: Uses Ollama to summarize likely attack vector
- Wallet Connect: Use wagmi/web3modal to auto-fill wallet address
- Payment Gateway: Stripe (credit card) + Ethereum (ETH/USDC)
- Report Gating: Show premium OSINT output after payment
- README + Study Guide: For onboarding contributors
- Community Testing: Feedback channels, bug bounty, and opt-in analytics (if ever added, user-controlled)
- SpiderFoot integration for passive OSINT
- KINT: local AI agent for wallet tracing
- Blockchain trace API support (Bitquery, Etherscan)
- Privacy tools: Holonym for redacted reports
- Immutable storage: IPFS + OrbitDB for case logs
- CLI and offline mode for censorship-resistance
- Multi-chain payment: Monero, zkUSD, Lightning
- Public safety exports: auto-generated reports for law enforcement or exchanges
We welcome anyone who wants to help make Web3 safer, fairer, and more transparent. Whether you're a dev, designer, translator, or survivor of a crypto scam—you’re welcome here.
See help wanted issues or ping @M0nkeyFl0wer.
MIT — because everyone deserves tools that fight back.