A few months ago, I started building PRISM — a self-hosted OSINT platform designed to replace the patchwork of CLI tools I was using for passive reconnaissance. What started as a weekend project grew into a full-stack application featuring 22+ modules, an AI analysis layer, and a real-time dashboard.
The Problem
If you have ever tried to investigate a domain or check what is publicly exposed about an email address, you know the friction: run whois, then dig, then check Shodan, then VirusTotal, then search usernames manually across sites, and finally paste everything into a document. It takes too much time, and it is easy to miss critical data.
I wanted a single tool that handles all of these checks in parallel and presents the results in a unified dashboard.
What PRISM Does
You enter a target — domain, IP, email, phone number, or username — and PRISM runs 22+ passive recon modules simultaneously:
Infrastructure & Threat Intel
- WHOIS, DNS (A/MX/NS/TXT/CNAME/SOA), certificate transparency via crt.sh
- Shodan (open ports, services, CVEs), VirusTotal, AbuseIPDB
- Censys, and Wayback Machine
Leaks & Dark Web
- Breach/credential leak lookup
- Email reputation (MX, SPF, DKIM, DMARC, disposable checks)
- SMTP mailbox verification
- Dark web .onion mirror checks via Ahmia and DarkSearch
People & Usernames
- Blackbird (async username search across 50+ platforms)
- Maigret (deep search across 3,000+ sites)
- Telegram user lookup
- Phone HLR validation
File Analysis
- EXIF, GPS coordinates, and PDF/DOCX metadata extraction
Note: 14 out of 22 modules work with zero API keys. The remaining modules utilize free-tier keys (Shodan, VirusTotal, Censys, etc.).
Architecture & Stack
User → Next.js 14 Dashboard → FastAPI Backend → 22+ OSINT Modules → External APIs
↓
Scan Orchestrator (asyncio)
↓
WebSocket events → real-time progress in UI
- Backend: Python 3.10+, FastAPI, asyncio, WebSockets, Pydantic, slowapi
- Frontend: Next.js 14 (App Router), React, TypeScript, Tailwind CSS, Leaflet
The backend runs each module as an async task. As modules complete, WebSocket events stream directly to the frontend, updating the per-module status and progress bar in real time. Results are cached per module with a 24-hour TTL.
AI Analysis & OPSEC Scoring
After all modules finish, PRISM aggregates the results and sends them to an LLM via the free tiers of OpenRouter (Nvidia Nemotron) or Groq (Llama-3). The AI generates:
- An executive summary highlighting the most critical findings
- A risk assessment with prioritized action items
- An interactive chat interface for follow-up questions about the scan data
The AI consistently catches cross-module patterns that are hard to spot manually — such as correlating a leaked credential from one database with an exposed admin panel found in Wayback URLs.
Additionally, the system computes a 0–100 OPSEC Score across four categories: data exposure, identity footprint, infrastructure vulnerabilities, and web security hygiene.
Security & What's New in v2.2
The platform has been hardened with a strong focus on security and production readiness:
-
Hardened Auth — API keys are accepted strictly via headers (
X-API-Key/Bearer). Query-string tokens are rejected, and strict CORS is enabled by default -
Webhook Callbacks — Complete scans trigger HMAC-signed payloads (
X-Prism-Secret). SSRF protection blocks private, loopback, and link-local IP addresses - Mapping UI — The legacy single-iframe GeoIP embed has been replaced with a native, multi-marker Leaflet map
- Localization — HTML and PDF report exports now fully render in English, Russian, and German
Quick Start
git clone https://github.com/NovaCode37/Prism-platform.git
cd Prism-platform
cp .env.example .env
docker compose up --build
Open http://localhost:3000 in your browser to run your first scan.
- GitHub: https://github.com/NovaCode37/Prism-platform
- License: MIT
Looking for Contributors
PRISM is fully open source. If you are looking to build up your resume or practice Python, TypeScript, or Docker, we have several open issues tagged as good first issue:
- Add French or Spanish locale support (translating a single JSON file)
- Add a Docker
HEALTHCHECKinstruction - Implement keyboard shortcuts for navigating result tabs
Check out the GitHub issues if you want to contribute! I would love to hear your feedback: what modules or open data sources should we add next?
Top comments (0)