- Go 63.5%
- Svelte 33%
- JavaScript 2.5%
- CSS 0.7%
- HTML 0.1%
- Other 0.1%
|
|
||
|---|---|---|
| docs | ||
| frontend | ||
| internal | ||
| .env.example | ||
| .gitignore | ||
| build.sh | ||
| CHANGELOG.md | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| README.md | ||
Prismo / INTELLIGENCE PLATFORM
local first, single binary, all source intel platform. Go backend, Svelte frontend, SQLite. any AI you want (Ollama, Claude, GPT, Groq, Mistral, DeepSeek, OpenRouter, Gemini, or compatible). Maltego style transform graph
free project. no payment required. everything works with free APIs. API keys in Settings are optional, your choice. we prefer free. paid APIs only if you add your own key. see docs/FREE_APIS.md and docs/PAID_AND_MAINTAINED_SOURCES.md
AI is optional. you can run Prismo with zero AI. see Modes below and docs/AI_OPTIONAL.md. first time: docs/GETTING_STARTED.md for glossary, quick start, troubleshooting
Modes: no AI vs with AI
without AI you get: cases (create open delete). entities and graph (add IP domain email wallet URL person query whatever, add delete relationships, layouts, export PNG SVG GraphML). all non AI transforms: OSINT (IP domain email username), DARKINT (Ahmia), CYBINT threat (VirusTotal ThreatCrowd URLhaus PhishTank), FININT (wallet sanctions), GEOINT (geocode reverse), TECHINT (InternetDB Shodan), SOCMINT (21 platform search), HUMINT (source reports), NEWS (RSS), Wayback, VIN, Dork Builder, fetch crawl. dashboard timeline map. export case JSON and report MD (plain summary when AI not set). Settings for API keys (VT Shodan etc)
with AI you get everything above plus: MEMEINT (narrative analysis), AI INT (entity extraction from text), AI Analyze, AI Fuse (cross correlate), AI Report (brief detailed TLP). configure in Settings: Ollama local no key or any supported provider
so full intel workflow (case to entities to transforms to graph to export) works in no AI mode. AI just adds analysis fusion report generation and entity extraction from free text
use it your way. run transforms when you want. use automated workflows and templates only when you want. docs/USER_CHOICE.md
roadmap: AI Copilot that answers stuff like find me everything suspicious about this domain with a synthesized answer and evidence. docs/AI_COPILOT_VISION.md
responsible use. Prismo is for legitimate research, threat intel, due diligence, authorized investigations. not for stalking harassment doxxing or anything unlawful. you comply with laws and source ToS. docs/COMPLIANCE_AND_RESPONSIBLE_USE.md
Stack
Go 1.22+ single static binary. Svelte 5 and Vite. Cytoscape.js for the graph. SQLite (modernc). AI: Ollama, Anthropic, OpenAI, Groq, Mistral, Together, xAI, DeepSeek, OpenRouter, Fireworks, Anyscale, Lepton, Google, Cohere, Azure, or any OpenAI compatible (LocalAI LiteLLM vLLM etc)
Features
OSINT: IP (ip-api, IPInfo, AbuseIPDB), domain (WHOIS RDAP whoisjson, DNS, HackerTarget, crt.sh, URLScan), email (HIBP, Hunter), username (70+ platforms, Reddit enrichment). all in parallel, combined summary per lookup
DARKINT: Ahmia onion search (use Tor for full results)
HUMINT: source report entry with subject date source type location contact what assessment follow up reliability tags. saved to case intel log
CYBINT threat: IP domain hash URL via VirusTotal ThreatCrowd URLhaus MalwareBazaar PhishTank. combined summary. graph from ThreatCrowd (resolutions subdomains hashes emails)
FININT: wallet lookup (Bitcoin Ethereum, balance tx count, counterparties). sanctions (OpenSanctions). graph edges sent_to received_from
GEOINT: Nominatim geocode and reverse (lat lon to address)
TECHINT: InternetDB always, Shodan with key. hostname open_ports services
Person and username lookup: person entity runs SOCMINT sanctions Wikidata Wikipedia court company news academic. username runs 70+ profile checks and SOCMINT and Bluesky. docs/PERSON_LOOKUP.md
SOCMINT: 21+ sources no keys. Reddit HN GitHub Stack Overflow GitLab Bitbucket Codeberg Dev.to Medium Wikipedia Mastodon Bluesky Nitter npm PyPI Docker Hub ArXiv Lobste.rs Packagist Crates.io RubyGems Hashnode. SocialSearchAll
NEWS: Google News RSS, Bing, Reddit r/news r/worldnews. title link pub_date source description snippet
MEMEINT AI INT AI Fusion AI Reports: need AI configured. entity extraction, cross correlate, brief/detailed/TLP report. export report MD and case JSON. plain summary when AI not set
Transform graph: add entities, run transforms, layouts (force circle grid tree concentric). relationships with type and confidence. relationship types: related_to met_with reported_to works_with communicates_with located_at owns uses associated_with employed_by member_of family_of contacted sent_to received_from hosted_by links_to located_in resolves_to subdomain_of open_port crawled geocodes_to sanctions_match reported_by verified_by isp. GET /api/relationship-types for full list
Dork Builder: build Google dork style queries from fields or paste raw. templates. open in Google DDG Bing Startpage Yandex Qwant Ecosia. docs/DORK_BUILDER_AND_SEARCH_ENGINES.md
Case management: SQLite, no cloud
Build and run
UI is embedded at build time. if you run ./prismo without building you get a blank page or fail. do this every time:
cd /path/to/prismo
make all
./prismo
open http://localhost:3456 (or this machines IP from another device). data in prismo.db. optional: proxy_url in Settings for Tor or other (e.g. socks5h://127.0.0.1:9050). docs/GETTING_STARTED.md
make all builds frontend into frontend/dist then builds the Go binary which embeds that. required before first run and after any frontend change. backend target depends on frontend so order is enforced. frontend only change: run make all again so new dist is re-embedded. if you see "frontend not embedded" you ran from wrong dir or didnt make all. alternative: ./build.sh does frontend build and go build with ldflags
Dev
make dev-backend in one terminal (optional ENV=development for CORS from Vite). make dev-frontend in another, http://localhost:5173, proxies /api to 3456. with ENV=development backend allows CORS from 5173 so Vite can call the API. Vite proxy already forwards /api so CORS only if you hit backend from another origin
AI provider (Settings)
Ollama: no key, set endpoint and model. Anthropic OpenAI Groq Mistral Together xAI DeepSeek OpenRouter Fireworks Anyscale Lepton Google Cohere Azure: set endpoint and key where needed. any OpenAI compatible: set base URL and model. stored in prismo.db. legacy anthropic_api_key still works if no ai_provider set
Export
Case view, generate report, Download Report (MD or TXT). AI generated when configured else plain intel summary. Export Case for JSON (case entities relationships intel_results with ai_summary)
Graph
open case, GRAPH. add entity, select node, run transform (e.g. OSINT IP). switch layout: Force Circle Grid Tree Concentric
Docs
Modes and no AI vs AI: docs/AI_OPTIONAL.md. what's implemented vs roadmap: docs/IMPLEMENTED_VS_ROADMAP.md. comparison to other OSINT tools: docs/OSINT_COMPARISON.md. first run glossary troubleshooting: docs/GETTING_STARTED.md. person lookup: docs/PERSON_LOOKUP.md. other public sources: docs/OTHER_PUBLIC_SOURCES.md. government open data geospatial: docs/LINKOUT_GOVERNMENT_GEOSPATIAL.md. gaps and optional: docs/MISSING_OR_OPTIONAL.md