Listen to this Post
Introduction:
Every digital interaction leaves behind a trace—your email addresses, usernames, and domains are scattered across thousands of online platforms, creating a comprehensive profile that anyone can assemble with the right tools. PRISM is an open-source intelligence (OSINT) platform that automates the collection and correlation of this publicly available information, scanning targets across 22+ modules simultaneously to reveal data exposure, infrastructure vulnerabilities, and potential breach evidence.
Learning Objectives:
- Master the complete installation and configuration of PRISM in a self-hosted environment
- Execute domain, email, username, and phone number reconnaissance using automated modules
- Interpret OPSEC scoring and AI-generated risk assessments to identify exposure gaps
You Should Know:
- Building Your Own OSINT Arsenal: Complete PRISM Installation Guide
PRISM is an all-in-one OSINT platform that supports scanning domains, IPs, emails, phone numbers, or usernames across 22+ passive reconnaissance modules. It returns threat intelligence, breach data, subdomains, an OPSEC score, entity graphs, GeoIP maps, and HTML/PDF reports. The platform can be used online via a limited demo, but full functionality requires self-hosting with your own API keys.
Step-by-step guide to install PRISM (Docker – Recommended):
Step 1: Prerequisites
Linux (Ubuntu/Debian) sudo apt update && sudo apt install docker.io docker-compose git -y Verify Docker installation docker --version docker-compose --version
Step 2: Clone the Repository
git clone https://github.com/NovaCode37/Prism-platform.git cd Prism-platform
Step 3: Environment Configuration
Copy the example environment file cp .env.example .env Edit the .env file to add your API keys nano .env
PRISM requires API keys for enhanced functionality—14 out of 22 modules work with zero API keys, but the remaining modules utilize free-tier keys. Essential keys include:
– Shodan (SHODAN_API_KEY) – for open ports, services, and CVEs
– VirusTotal (VIRUSTOTAL_API_KEY) – for threat intelligence and file scanning
– Censys (CENSYS_API_ID & CENSYS_API_SECRET) – for certificate and infrastructure discovery
Step 4: Launch with Docker Compose
docker-compose up -d
This command builds and starts the FastAPI backend and Next.js frontend containers. The backend runs each module as an async task, streaming results to the frontend via WebSockets in real time.
Step 5: Access the Dashboard
Open your browser and navigate to http://localhost:3000
Alternative Installation (Manual Python Setup):
Clone the repository git clone https://github.com/NovaCode37/Prism-platform.git cd Prism-platform Create a virtual environment python3 -m venv venv source venv/bin/activate On Windows: venv\Scripts\activate Install Python dependencies pip install -r requirements.txt Run the FastAPI backend uvicorn app.main:app --reload --host 0.0.0.0 --port 8000 In a separate terminal, run the frontend cd frontend npm install npm run dev
2. Running Your First Reconnaissance Scan
Once PRISM is running, you can execute scans on various target types. The platform supports scanning domains, IP addresses, email addresses, phone numbers, and usernames.
Using the Web Interface:
Step 1: Navigate to the Dashboard
- Access `http://localhost:3000`
- Click on “New Scan” from the main interface
Step 2: Select Target Type and Input
- Choose the target type from the dropdown: Domain, IP, Email, Phone, or Username
- Enter your target value (e.g.,
example.com,[email protected], or@username)
Step 3: Configure Scan Options
- Select which modules to run (all 22+ modules are enabled by default)
- Enable AI-powered analysis for executive summaries and risk assessment
- Set notification preferences for scan completion
Step 4: Initiate Scan
- Click “Start Scan”
- Monitor real-time progress via WebSocket-driven dashboard updates
Using the Standalone CLI (Headless Mode):
Basic domain scan python cli.py scan example.com Scan with JSON output python cli.py scan example.com --json > scan_results.json Email investigation python cli.py scan [email protected] Phone number validation python cli.py scan +1234567890 Username reconnaissance across 3000+ platforms python cli.py scan @username
3. Decoding PRISM’s 22 Reconnaissance Modules
PRISM’s power lies in its comprehensive module architecture, organized into three primary categories:
Infrastructure & Threat Intelligence
Manual verification commands equivalent to PRISM modules WHOIS lookup whois example.com DNS enumeration (A, MX, NS, TXT, CNAME, SOA records) dig example.com ANY +noall +answer nslookup -type=MX example.com Certificate Transparency logs (crt.sh) curl "https://crt.sh/?q=%.example.com&output=json" Wayback Machine archive check curl "http://archive.org/wayback/available?url=example.com" Shodan (requires API key) curl "https://api.shodan.io/shodan/host/8.8.8.8?key=YOUR_API_KEY"
Leaks & Dark Web
- Breach/credential leak lookup using haveibeenpwned API
- Email reputation checks (MX, SPF, DKIM, DMARC, disposable email detection)
- SMTP mailbox verification
- Dark web .onion mirror checks via Ahmia and DarkSearch
People & Usernames
Blackbird username search (async across 50+ platforms) Maigret deep search (across 3,000+ sites) Telegram user lookup Phone HLR validation
The platform runs Blackbird for asynchronous username searches across 50+ platforms and Maigret for deep searches across 3,000+ sites.
4. Configuring API Keys for Maximum Effectiveness
While 14 modules work with zero API keys, adding free-tier keys dramatically enhances PRISM’s capabilities. Here’s how to configure them:
Step 1: Obtain Free API Keys
| Service | Free Tier | Purpose | Signup URL |
||–||-|
| Shodan | 1 monitor credit, 100 IP lookups/month | Open ports, services, CVEs | shodan.io |
| VirusTotal | 4 requests/minute, 500 requests/day | Threat intelligence, file scanning | virustotal.com |
| Censys | 120 queries/month | Certificate and infrastructure discovery | censys.io |
| AbuseIPDB | 1000 queries/day | IP reputation and abuse reporting | abuseipdb.com |
Step 2: Configure Environment Variables
Edit the .env file nano .env Add your API keys (example) SHODAN_API_KEY=your_shodan_key_here VIRUSTOTAL_API_KEY=your_virustotal_key_here CENSYS_API_ID=your_censys_id CENSYS_API_SECRET=your_censys_secret ABUSEIPDB_API_KEY=your_abuseipdb_key
Step 3: Restart PRISM to Apply Changes
docker-compose down docker-compose up -d
Step 4: Verify API Integration
Run a test scan and check the module status indicators. Successful integrations will show “Connected” status in the module configuration panel.
5. Understanding OPSEC Scoring and AI Analysis
After all modules finish, PRISM aggregates the results and sends them to an LLM via the free tiers of OpenRouter (Nvidia Nemotron) or Groq (Llama-3). The system computes a 0–100 OPSEC Score across four categories:
– Data Exposure – Breach records, leaked credentials, exposed personal information
– Identity Footprint – Username associations, social media presence, digital identity
– Infrastructure Vulnerabilities – Open ports, outdated services, misconfigurations
– Web Security Hygiene – SSL/TLS issues, SPF/DKIM/DMARC compliance
Using the AI Analysis Feature:
Enable AI analysis during scan python cli.py scan example.com --ai Or via web interface (toggle "AI Analysis" switch)
The AI generates:
- An executive summary highlighting critical findings
- A risk assessment with prioritized action items
- An interactive chat interface for follow-up questions about the scan data
The AI consistently catches cross-module patterns that are hard to spot manually—such as correlating a leaked credential from one database with an exposed admin panel found in Wayback URLs.
6. Exporting Reports and Webhook Integration
Export Formats:
Generate HTML report python cli.py scan example.com --format html --output report.html Generate PDF report python cli.py scan example.com --format pdf --output report.pdf Export as CSV for data analysis python cli.py scan example.com --format csv --output results.csv
Webhook Configuration for Automation:
Configure webhook URL in .env file WEBHOOK_URL=https://your-endpoint.com/prism-webhook WEBHOOK_SECRET=your_hmac_secret_key The webhook receives HMAC-signed payloads on scan completion Payload includes: scan_id, target, completion_time, summary, OPSEC score
Query Historical Scans:
-- If using the database directly (PostgreSQL) SELECT scan_id, target, created_at, opsec_score FROM scans WHERE target LIKE '%example.com%' ORDER BY created_at DESC;
What Undercode Say:
- Key Takeaway 1: PRISM democratizes advanced OSINT capabilities that were previously only available through expensive commercial platforms like Maltego and SpiderFoot, making professional-grade reconnaissance accessible to security professionals, penetration testers, and threat hunters.
- Key Takeaway 2: The platform’s AI analysis layer is its most innovative feature—automating the correlation of disparate data points across modules to identify patterns that would take hours of manual analysis, effectively reducing investigation time from hours to minutes.
Expected Output:
The convergence of OSINT automation and AI-driven analysis represents a paradigm shift in how security professionals conduct reconnaissance. PRISM’s ability to scan across 22+ modules in parallel, generate OPSEC scores, and provide interactive AI analysis creates an intelligence loop where investigators can ask follow-up questions about scan data and receive contextual answers. This reduces the barrier to entry for OSINT investigations while dramatically increasing the speed and depth of analysis. However, organizations must recognize that the same tools available to defenders are equally accessible to adversaries—proactive monitoring of your own digital footprint using PRISM is no longer optional but essential for identifying exposure gaps before they are exploited.
Prediction:
- +1 By 2027, self-hosted OSINT platforms like PRISM will become standard components of enterprise security stacks, replacing manual reconnaissance workflows and enabling continuous monitoring of digital footprints with automated alerting.
- -1 The proliferation of accessible OSINT tools will lead to increased targeted social engineering attacks, as malicious actors leverage automated username and email enumeration across thousands of platforms to build detailed victim profiles with minimal effort.
- +1 Open-source alternatives to commercial OSINT tools will accelerate innovation in the field, creating a competitive ecosystem where features like AI analysis, real-time dashboards, and modular architectures become baseline expectations rather than premium differentiators.
- -1 Organizations that fail to regularly scan their own digital assets using these tools will face widening exposure gaps, as the time between data leakage and public discovery shrinks from weeks to hours with automated reconnaissance.
- +1 The integration of AI analysis layers into OSINT platforms will fundamentally change threat intelligence workflows, shifting from manual data correlation to strategic interpretation and response planning based on AI-generated risk assessments.
▶️ Related Video (84% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Https: – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
