I’ve been building PRISM - a self-hosted OSINT toolkit you run yourself instead of pasting investigation targets into someone else’s web service.
Give it a domain, IP, email, phone, or username and it runs 22+ modules in parallel into one dashboard: WHOIS, DNS, crt.sh subdomains, GeoIP, threat intel (Shodan/VirusTotal/AbuseIPDB/Censys), breach data, username search across 3000+ sites (Blackbird + Maigret), dark-web mirror checks, and more. Results come with an entity graph, a GeoIP map, an OPSEC exposure score (0–100), and HTML/PDF/CSV/Markdown exports.
Your targets never leave your PC, and 14 of the 22 modules work with zero API keys (missing keys degrade gracefully instead of erroring).
Stack: FastAPI + Next.js 14, runs with one docker compose up. MIT licensed.
Demo: https://getprism.su/ Github: https://github.com/NovaCode37/Prism-platform
Built it solo - feedback welcome, especially on which modules you’d want added.
Full of AI fingerprints yet no disclosure.
Yep, I’m a solo dev and I use AI assistance while building this. So, I should’ve been upfront about it. The code’s all reviewed, tested, and MIT-licensed, so it’s fully auditable. I’ll add a disclosure to the README
NSA is that you?
Also jokes aside, how does the use case compare to some existing tools like BBOT?
This seems morr geared towards public facing targets than targeted information OSINT (user profiling, etc.)
Soviet Union TLD is an interesting choice lol
That’s pretty darn cool:
Hiya, love that you actually tested it. That’s exactly the kind of 30-second recon it’s built for. The “missing security headers” check catches a surprising number of sites.
If there’s a module or source you’d want added, I’m genuinely taking requests that’s how the roadmap gets shaped. Thanks for trying it!
You bet. I’ve dropped it in my ‘Projects’ folder. Thank you for sharing.
