____  __  _____    _   ____________  __  ___
   / __ \/ / / /   |  / | / /_  __/ __ \/  |/  /
  / /_/ / /_/ / /| | /  |/ / / / / / / / /|_/ /
 / ____/ __  / ___ |/ /|  / / / / /_/ / /  / /
/_/   /_/ /_/_/  |_/_/ |_/ /_/  \____/_/  /_/

   _____ ___________   _____    __
  / ___//  _/ ____/ | / /   |  / /
  \__ \ / // / __/  |/ / /| | / /
 ___/ // // /_/ / /|  / ___ |/ /___
/____/___/\____/_/ |_/_/  |_/_____/
// PHANTOM SIGNAL v1.3.0

PHANTOMSIGNAL

"See everything. Leave no trace."

Open-source OSINT intelligence framework for security researchers,
penetration testers, and digital investigators.

$ pip install phantomsignal
⚡ QUICK START ★ STAR ON GITHUB
Python MIT License Platform Stars GitHub Repo PyPI
▼ SCROLL
◉ LIVE DEMO

Ghost Run in Action

Full-spectrum recon against example.com — DNS, ports, tech stack, APIs, and web crawl in one command.

phantomsignal — scan example.com
PhantomSignal CLI demo
🆕 WHAT'S NEW

v1.3.0 — PHANTOM SIGNAL

The biggest CLI and scanning update since launch.

🖥️

Rich Terminal Panels

phantomsignal scan <target> now renders module-specific intelligence panels — DNS records, aligned port table with version/banner/risk, tech stack with security grade A–F, exposed endpoints, GeoIP/ASN, and a red anomaly callout. All borders flush to terminal width.

🎯

nmap Integration

Port scanner now chains nmap -sV -O for full service-version detection and OS fingerprinting. Falls back silently to the pure-Python async prober when nmap is absent or unprivileged — no config required. OS guess and engine label shown in output.

🌐

Expanded Port Coverage

Default scan covers 99 ports (up from 56) — both low privileged services and high-numbered application ports: WinRM, Webmin, InfluxDB, Radmin, Kubernetes API, Docker API, and more. Dangerous port list extended accordingly.

🌑

Web UI Parity

Results page renders each result type as structured output matching CLI panels — port cards, DNS tables, SPF/DMARC status, TLS info, security header grade, API endpoint status codes, geo/TOR flags. Quick Probe now runs all 5 default modules.

📋 FULL CHANGELOG
◈ CAPABILITIES

Everything in One Grid

Six intelligence modules. One unified platform.

🕸️

Web Reconnaissance

Scrapy-powered deep crawler. Technology fingerprinting across 50+ stacks — CMS, frameworks, CDNs, WAFs. API endpoint discovery, security header analysis, email and link harvesting.

ScrapyWappalyzerAPI Hunter
🌐

DNS Intelligence

Full DNS enumeration — A, MX, NS, TXT, SOA, CAA. Zone transfer attempts. Subdomain brute-force plus certificate transparency via crt.sh. SPF/DMARC spoofing analysis.

crt.shZone TransferSPF/DMARC
🔌

Port Scanner

nmap-powered service & OS detection (-sV -O) with transparent pure-Python async fallback. 99 ports by default, 1 000+ or full 65 535 on demand. Risk-based assessment flags databases, admin panels, and exposed dev services.

nmap -sV -OOS Detection65k Ports
📡

Intelligence APIs

30+ integrations: Shodan, VirusTotal, AbuseIPDB, GreyNoise, SecurityTrails, URLScan, AlienVault OTX, IPInfo, Hunter.io, HaveIBeenPwned, and more. Plugin architecture for custom sources.

ShodanVirusTotal+28 more
👤

Shadow Profiler

People intelligence aggregation from public records. Cross-correlates emails, phones, social accounts, breach data, and aliases. Outputs a Shadow Score — digital exposure quantified.

HIBPPiplShadow Score
📦

Export & Encrypt

JSON, CSV, HTML, PDF, XLSX, STIX 2.1, XML, Markdown. All formats support ZIP compression and AES-256-GCM encryption. Share client-ready reports or feed results into your SIEM.

AES-256-GCMSTIX 2.1PDF
👻 GHOST MODE

Low-and-Slow. Minimum Footprint.

Identity rotation, request jitter, user-agent spoofing, and optional Tor routing keep your recon beneath the noise floor. Purpose-built for engagements where detection is not an option.

DEPLOY GHOST MODE
ghost mode + tor 
# Docker — Ghost Mode with Tor routing
docker-compose --profile ghost up -d

# CLI — Ghost Mode scan
phantomsignal scan target.com \
  --profile ghost \
  --modules dns,tech \
  --format json

# Web UI — toggle Ghost Mode
Advanced Config → Ghost Mode (low & slow) ✓
⬡ SHADOW SCORE

Exposure. Quantified.

Every scan produces a Shadow Score (0–100) — a weighted composite of open ports, vulnerability findings, missing security controls, and threat intelligence flags.

0–25
CLEAN
Minimal exposure. Good security posture.
26–50
ELEVATED
Some findings worth reviewing and tracking.
51–75
HIGH
Significant issues. Remediation recommended.
76–100
CRITICAL
Urgent issues. Active risk. Act immediately.
◫ WEB INTERFACE

Two Themes. One Grid.

Dark mode cyberpunk aesthetic or clean Phantom Dawn light mode — toggle with a single click. Both themes cover every page and component.

🌙 Dark — Shadow Grid
SHADOW GRID — Dashboard
Dashboard dark theme
LAUNCH GHOST RUN — New Mission
New Mission dark theme
CAPTURED SIGNALS — Scan Results
Scan Results dark theme
☀ Light — Phantom Dawn
SHADOW GRID — Dashboard
Dashboard light theme
LAUNCH GHOST RUN — New Mission
New Mission light theme
CAPTURED SIGNALS — Scan Results
Scan Results light theme
🚀 QUICK START

Up in 60 Seconds

pip install — Python 3.10+ 
# Install from PyPI
pip install phantomsignal

# Initialize database
phantomsignal init

# Launch web UI
phantomsignal web --open-browser
# → http://127.0.0.1:5000

# Or scan straight from the CLI
phantomsignal scan example.com
Docker 
git clone https://github.com/getphantomsignal/phantomsignal
cd phantomsignal
docker-compose up -d
# Open http://localhost:5000
From source — Python 3.10+ 
git clone https://github.com/getphantomsignal/phantomsignal
cd phantomsignal
python -m venv .venv
source .venv/bin/activate   # Windows: .venv\Scripts\activate
pip install -e .
phantomsignal web --open-browser
# Open http://127.0.0.1:5000
CLI — rich panel output 
# IP recon — nmap version + OS detection, GeoIP, panels
phantomsignal scan 192.168.1.1 --type ip_recon

# Domain recon with HTML report
phantomsignal scan example.com \
  --profile standard \
  --format html --output ./reports

# People intelligence
phantomsignal profile \
  --email target@example.com \
  --first-name John --last-name Doe

# Extend with API keys for Shodan, VT, AbuseIPDB...
phantomsignal config --list-apis

⚠ For authorized use only. See the Legal & Ethics section before running any scan.

🔌 INTELLIGENCE GRID

30+ API Integrations

Configure your own keys in Ghost Keys — every API has a free tier to get started.

Shodan VirusTotal Censys AbuseIPDB GreyNoise AlienVault OTX SecurityTrails URLScan.io IPInfo Hunter.io HaveIBeenPwned FullContact Clearbit ZoomEye BinaryEdge WhoisXML Pipl GitHub Twitter / X + 11 more via plugin API 
    ____  __  _____    _   ____________  __  ___
   / __ \/ / / /   |  / | / /_  __/ __ \/  |/  /
  / /_/ / /_/ / /| | /  |/ / / / / / / / /|_/ /
 / ____/ __  / ___ |/ /|  / / / / /_/ / /  / /
/_/   /_/ /_/_/  |_/_/ |_/ /_/  \____/_/  /_/

Ready for a Ghost Run?

Open-source. MIT licensed. No telemetry. No phone-home. Your recon stays on your machine.

⚡ INSTALL NOW 📖 READ THE DOCS ★ GITHUB
// SIGNAL CATEGORIES
osint security python hacking cybersecurity reconnaissance recon penetration-testing ethical-hacking bug-bounty information-gathering threat-intelligence security-tools network-scanner dns-recon infosec flask security-research footprinting automation