PRISM - a self-hosted OSINT platform with a real-time dashboard
from trulysoulless@lemmy.world to selfhosted@lemmy.world on 20 Jun 15:20
https://lemmy.world/post/48411926

I’ve been building PRISM - a self-hosted OSINT toolkit you run yourself instead of pasting investigation targets into someone else’s web service.

Give it a domain, IP, email, phone, or username and it runs 22+ modules in parallel into one dashboard: WHOIS, DNS, crt.sh subdomains, GeoIP, threat intel (Shodan/VirusTotal/AbuseIPDB/Censys), breach data, username search across 3000+ sites (Blackbird + Maigret), dark-web mirror checks, and more. Results come with an entity graph, a GeoIP map, an OPSEC exposure score (0–100), and HTML/PDF/CSV/Markdown exports.

Your targets never leave your PC, and 14 of the 22 modules work with zero API keys (missing keys degrade gracefully instead of erroring).

Stack: FastAPI + Next.js 14, runs with one docker compose up. MIT licensed.

Demo: getprism.su Github: github.com/NovaCode37/Prism-platform

Built it solo - feedback welcome, especially on which modules you’d want added.

#selfhosted

threaded - newest

irmadlad@lemmy.world on 20 Jun 16:14 next collapse

That’s pretty darn cool:

<img alt="" src="https://lemmy.world/pictrs/image/73673338-4f37-4b78-bb08-735ae68a993a.png">

trulysoulless@lemmy.world on 20 Jun 17:01 collapse

Hiya, love that you actually tested it. That’s exactly the kind of 30-second recon it’s built for. The “missing security headers” check catches a surprising number of sites.

If there’s a module or source you’d want added, I’m genuinely taking requests that’s how the roadmap gets shaped. Thanks for trying it!

irmadlad@lemmy.world on 20 Jun 17:20 collapse

You bet. I’ve dropped it in my ‘Projects’ folder. Thank you for sharing.

anotherandrew@lemmy.mixdown.ca on 20 Jun 17:11 next collapse

This looks really cool. One minor bug: with the online demo, at least on mobile (chrome, iOS), the target text field never brings up the keyboard so it can’t be used.

trulysoulless@lemmy.world on 20 Jun 17:15 collapse

Oh thanks, I’ll fix that

ArcaneSlime@lemmy.dbzer0.com on 20 Jun 17:28 next collapse

So I have an interest in self hosting things in the future (nextcloud, chatmail), but for now I’m scared of opening my network to attacks, and also I don’t have a network right now I just hotspot from my phone when needed and torrent things at my friend’s house.

That said how would I go about using this? I’m guessing something to do with docker or porteus (maybe? The other one that wasn’t vulnerable to that recent thing), then when I want to check out X website I just “spin up the docker container” (still not 100% what that means but I’ve heard the verbiage), hotspot the pc (for now), and run it through the program? Am I understanding that right?

Sorry I’m so green, gotta start somewhere! I feel like a grandma calling an Xbox a “Nintendo” haha.

xyro@morbier.foo on 20 Jun 17:38 collapse

Super cool, I’m gonna host it when I have some time !