A security reconnaissance and attack surface analysis framework combining a Rust async port scanner, Python recon modules, FastAPI backend, and Next.js dashboard.
Disclaimer: Phantom is intended for authorized security assessments only. Always obtain explicit permission before scanning any target. Unauthorized scanning may violate laws and regulations.
phantom/
├── scanner/ # Rust async TCP port scanner (tokio, clap)
├── recon/ # Python recon modules (DNS, TLS, HTTP, OSINT, Exposure)
├── api/ # FastAPI backend (orchestration, scoring, PDF export)
├── dashboard/ # Next.js + Tailwind + Recharts (interactive dashboard)
├── db/ # PostgreSQL schema
├── scripts/ # Utility scripts
└── docker-compose.yml
- Port Scanner — Async TCP connect scan with semaphore-based rate limiting and banner grabbing (Rust/tokio)
- DNS Recon — A/AAAA/MX/NS/TXT/CNAME resolution, zone transfer detection, subdomain enumeration (wordlist + crt.sh)
- TLS Analysis — Certificate validity, protocol version audit, HSTS check
- HTTP Security — Security headers scoring, technology stack detection, CORS analysis
- OSINT — WHOIS, ASN (RDAP), certificate transparency monitoring
- Exposure Detection — Sensitive path fuzzing, .git exposure, secrets in headers, robots.txt analysis
- CVE Matching — Local curated database (~100 CVEs) with regex banner matching
- Risk Scoring — Weighted severity formula (critical=10, high=7, medium=4, low=1) on a 0-100 scale
- PDF Reports — HTML-to-PDF generation via Jinja2 + WeasyPrint
- Scan Comparison — Diff findings, ports, and subdomains between scans
- Dark Dashboard — Interactive UI with risk gauge, severity charts, findings table, and comparison view
cp .env.example .env
docker compose up --build- Dashboard: http://localhost:3000
- API: http://localhost:8000
- API Docs: http://localhost:8000/docs
# 1. Database
docker compose up db -d
# 2. Scanner
cd scanner && cargo build --release
# 3. Recon modules
cd recon && pip install -e ".[dev]"
# 4. API
cd api && pip install -e ".[dev]"
uvicorn app.main:app --reload
# 5. Dashboard
cd dashboard && npm install && npm run dev| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/scans |
Create and launch a new scan |
| GET | /api/v1/scans |
List all scans |
| GET | /api/v1/scans/{id} |
Get scan details |
| GET | /api/v1/scans/{id}/findings |
Get scan findings (filterable) |
| GET | /api/v1/scans/{id}/report/json |
Export JSON report |
| GET | /api/v1/scans/{id}/report/pdf |
Export PDF report |
| POST | /api/v1/comparisons |
Compare two scans |
| GET | /health |
Health check |
curl -X POST http://localhost:8000/api/v1/scans \
-H "Content-Type: application/json" \
-d '{
"target": "example.com",
"ports": "22,80,443,8000-9000",
"modules": ["dns", "tls", "http", "osint", "exposure"],
"confirm_authorization": true
}'The confirm_authorization: true field is required — it serves as an explicit acknowledgment that you have permission to scan the target.
# All tests
./scripts/run-tests.sh
# Individual components
cd scanner && cargo test
cd recon && pytest tests/ -v
cd api && pytest tests/ -v
cd dashboard && npm run build| Component | Technology |
|---|---|
| Port Scanner | Rust, tokio, clap |
| Recon Modules | Python 3.12, httpx, dnspython, cryptography |
| Backend | FastAPI, SQLAlchemy (async), Pydantic v2 |
| Database | PostgreSQL 16 |
| Dashboard | Next.js 14, Tailwind CSS, Recharts |
| PDF Export | Jinja2, WeasyPrint |
| Containerization | Docker, Docker Compose |
- Rust scanner as subprocess — Clean process boundary, independent testing, JSON stdout interface
- Async everywhere — FastAPI, SQLAlchemy async, httpx, asyncio.gather for concurrent recon
- Background tasks via asyncio.create_task — Simplicity over Celery for scan orchestration
- Weighted severity scoring — Reconnaissance-focused (not CVSS), logarithmic scaling to 100
- Curated local CVE database — No external API dependency, regex-based banner matching
- Authorization gate — Every active scan requires explicit
confirm_authorization: true
MIT License — see LICENSE for details.