OSINT Pivot Bar by Signal & Shadow

About

OSINT Pivot Bar is a browser extension for investigative journalists, OSINT practitioners, and researchers. Right-click any selected text — an email in an article, an IP in a log dump, a crypto address in a court filing — and the extension surfaces the OSINT investigation tools that match the entity type. Every action is logged locally for reproducibility.

The extension itself makes no network requests. No telemetry, no analytics, no remote code. Source code is available for review and a static privacy audit script ships with the extension.

WHAT IT DOES

Select text on any page and right-click. The extension classifies the selection into one of ten entity types using local regex detectors with structural validators: email, phone, URL, IPv4, IPv6, Bitcoin address, Ethereum address, GPS coordinate, social handle, and ISO date.

The right-click menu dynamically populates with only the pivot targets that match the detected entity type. The full catalogue of pivot targets is curated in the extension source where it can be reviewed.

One additional action is always available: Log without pivoting. This records that you saw an entity without taking any outward action — useful when tipping off a subject would compromise the investigation.

Click the toolbar icon to see the activity log. Every pivot is recorded with timestamp, source URL, entity type, raw value, normalised form, and target tool. Export the log as a zip bundle containing a CSV, a capture manifest, and a SHA256SUMS sidecar compatible with the standard sha256sum -c verifier.

READ THIS BEFORE INSTALLING

Pivot actions are information disclosures to third parties. When you click a pivot target, the third-party service sees your IP, your user agent, the page you were on when you right-clicked, and the value you are looking up. Some of these services log queries; some monetise them; some have shared data with law enforcement under subpoena.

The extension's privacy guarantee applies to what the extension itself does with your data: nothing. Every pivot click is a query you are voluntarily sending to a third-party service. The tool is built for practitioners who understand this and want reproducibility and logging of their pivots, not anonymity. For sensitive investigations, use the extension in conjunction with a VPN, Tor, or a dedicated browser profile, and use the Log without pivoting action when a pivot would compromise the investigation.

FORENSIC PROVENANCE

Every pivot is captured in a local activity log: timestamp, source URL, entity type, value, normalised form, target tool, target host. The log holds 5,000 entries; the popup warns you at 4,500 so you can export before any entries are evicted.

Export bundles carry the SHA-256 of every file alongside a capture manifest documenting the export. Anyone receiving a bundle can verify integrity offline. Aligned with the Berkeley Protocol on Digital Open Source Investigations.

PRIVACY

Permissions requested: contextMenus (required for the core feature), activeTab (read the source URL of the page you are pivoting from), storage (persist the activity log locally), downloads (save exports). No host permissions. No background network access. No fetch, XHR, or sendBeacon calls anywhere in the source.

Built and maintained by Signal & Shadow, an independent investigative-journalism and OSINT practice. More at signalandshadow.io.