DEV Community

Cover image for How to Run a Full OSINT Recon on Any Domain in One Command
Saveliy
Saveliy

Posted on

How to Run a Full OSINT Recon on Any Domain in One Command

If you've ever needed to profile a domain — subdomains, open ports, breached emails, DNS hygiene, TLS posture — you know the pain: a dozen separate tools, a dozen output formats, and a lot of copy-paste.

Here's how to do all of it in one command, fully self-hosted, with no data leaving your machine.

The tool

PRISM is an open-source (MIT) OSINT platform. One target → 25+ modules run in parallel: WHOIS, DNS, certificate-transparency subdomains, Shodan, breach checks, dark-web mirrors, GeoIP, and more. It gives you an entity graph and an OPSEC exposure score at the end.

1. Get it running

Clone the repo and install:

git clone https://github.com/NovaCode37/Prism-platform
cd Prism-platform
pip install -r requirements.txt
Enter fullscreen mode Exit fullscreen mode

Use it straight from the CLI:

python cli.py scan example.com
Enter fullscreen mode Exit fullscreen mode

Or run the web UI in Docker (built from the repo):

docker build -t prism .
docker run -d -p 8080:8080 -e ALLOW_ANON_API=true prism
# open http://localhost:8080
Enter fullscreen mode Exit fullscreen mode

2. Scan a domain

python cli.py scan example.com --type domain
Enter fullscreen mode Exit fullscreen mode

In ~40 seconds you get, for example.com:

  • Subdomains from certificate transparency logs
  • Open ports + CVEs (via Shodan, if you add a key)
  • DNS records and whether SPF/DMARC are missing (spoofing risk)
  • WHOIS exposure (contact emails, org)
  • Archived sensitive URLs from the Wayback Machine

3. Read the OPSEC score

Every scan ends with a 0–100 exposure score across four categories — Data Exposure, Identity OPSEC, Infrastructure, Web Security. Lower = more exposed. It's a quick way to triage which targets need attention.

Tip: the score only reflects modules that actually ran — if you skip Shodan/VirusTotal, treat a high score as "less data," not "clean."

4. Export for reporting

python cli.py scan example.com --html -o report.html
Enter fullscreen mode Exit fullscreen mode

HTML/PDF reports, plus CSV/Markdown/JSON, and a graph export to GraphML/GEXF for Gephi or Maltego.

Why self-host it

No third party sees your targets. You bring your own API keys, set your own rate limits, and everything runs on your box. For anyone doing authorized recon, that's the whole point.

Repo: https://github.com/NovaCode37/Prism-platform
Live demo (no signup): https://getprism.su

Built and maintained in the open — issues and PRs welcome.

Top comments (0)