Skip to content

GiovanniMenon/ophanim

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Note

This is a PoC and will be improve and expand with time

Ophanim

Agentic OSINT & reconnaissance platform that turns an investigation into a live knowledge graph.

You give Ophanim a target and chat with an LLM agent that plans and runs recon tools on its own, reasons over the findings, and grows a graph of everything it discovers.

Warning

Ophanim runs active reconnaissance and scanning tools (port scans, service probes, vulnerability templates, crawlers). Only use it against assets you own or are explicitly authorized to test. You are responsible for complying with all applicable laws and terms of service. For authorized security testing and research only.


How it works

                    ┌──────────────────────────────────────────────┐
   Browser          │  lab/  (Next.js)                             │
   chat + graph ◄───┤  chat UI  •  live force‑directed graph       │
                    └───────────────┬──────────────────────────────┘
                                    │ REST + SSE + WebSocket
                    ┌───────────────▼──────────────────────────────┐
                    │  core/api  (FastAPI)                         │
                    │  projects • chats • graph • modules          │
                    └───────────────┬──────────────────────────────┘
                                    │ Celery (Redis broker)
                    ┌───────────────▼──────────────────────────────┐
                    │  core/agent  (LangGraph plan → act loop)     │
                    │   • LLM planner                             │
                    │   • relevance + validation sub‑agents        │
                    │   • LLM "structurer" grounds raw tool output │
                    │     into graph nodes/edges                   │
                    └──────┬─────────────────────────┬─────────────┘
                           │ tool call (MCP/stdio)   │ upsert
              ┌────────────▼───────────┐   ┌─────────▼──────────────┐
              │  MCP tool servers      │   │  FalkorDB              │
              │  pd · nmap · maigret · │   │  the knowledge graph   │
              │  osint · cve           │   └────────────────────────┘
              └────────────────────────┘

Run modes

Mode What it does
Chat Answers questions from the current graph. Never launches scans.
Agent (auto) Plans and runs scans autonomously until the objective is met or budgets are hit.
Human‑in‑the‑loop Pauses for your approval before every active (intrusive) action; passive lookups run freely.

Tool servers

Tools come from MCP servers declared in core/agent/mcp/servers.json. Enable them with OPHANIM_MCP_ENABLED=1 (the default).

Server Source Tools Ships with --profile mcp?
pd ProjectDiscovery via pd-tools-mcp subfinder, dnsx, naabu, httpx, katana, nuclei ✅ built by compose
osint / cve badchars osint‑mcp‑server + cve‑mcp DNS, whois, crt.sh, Shodan, VirusTotal, wayback, GeoIP, ASN, CVE/NVD/KEV/EPSS/OSV ✅ built by compose
nmap FuzzingLabs/mcp-security-hub service_scan (-sV), quick_scan, script_scan ⚠️ build manually (see below)
maigret FuzzingLabs/mcp-security-hub username/email account enumeration ⚠️ build manually (see below)

Plus one built‑in module, nmap_vulners (core/modules/nmap_vulners.py): version‑specific service CVEs via the nmap vulners NSE script — something no MCP CVE tool can produce (they are all product‑level). It reuses the nmap-mcp image.


Getting started

Prerequisites

  • Docker + Docker Compose
  • An LLM provider: an OpenAI or Anthropic API key, or a local Ollama instance

1. Configure the environment

cp .env.example .env
# then edit .env and set your LLM provider + key

Minimal .env for OpenAI:

LLM_PROVIDER=openai
LLM_MODEL=gpt-4o
OPENAI_API_KEY=sk-...

2. Start the stack

# Core services + the MCP servers
docker compose --profile mcp up -d --build

This starts:

Service Port Role
lab http://localhost:3000 web UI
api http://localhost:8000 FastAPI backend (/health, /api/...)
worker Celery worker running the agent loop
redis 6379 state, pub/sub, Celery broker
falkordb 6380 the knowledge graph
mcp-pd, mcp-node idle tool containers (worker docker execs them per call)

Open http://localhost:3000, create a project, and start chatting with a target.

3. (Optional) nmap + maigret tools

These two run from images built from FuzzingLabs/mcp-security-hub (they are launched with docker run -i --rm, so they are not part of docker-compose.yml):

git clone https://github.com/FuzzingLabs/mcp-security-hub
# build the nmap and maigret server images from their respective dirs nmap-mcp:latest and  maigret-mcp:latest

docker pull soxoj/maigret:latest   # maigret-mcp shells out to this

If these images are missing, Ophanim simply skips those two servers at startup.

Configuration

Backend settings live in core/config/settings.py and are read from the environment / .env. Check .env.example.

Variable Default Description
LLM_PROVIDER ollama openai, anthropic, or ollama
LLM_MODEL provider default e.g. gpt-4o, claude-...
LLM_BASE_URL override for self‑hosted / proxy endpoints
OPENAI_API_KEY / ANTHROPIC_API_KEY required for the matching provider
OPHANIM_MCP_ENABLED 1 master switch for MCP tool servers
REDIS_URL redis://127.0.0.1:6379/0 overridden to the internal host by compose
FALKORDB_URL redis://127.0.0.1:6380/0 overridden to the internal host by compose
DEFAULT_MAX_CONCURRENT_SCANS 2 per‑investigation scan concurrency

Optional OSINT/CVE API keys (passed to mcp-node, all lookups have keyless fallbacks): SHODAN_API_KEY, VT_API_KEY, ST_API_KEY, CENSYS_API_ID, CENSYS_API_SECRET, NVD_API_KEY, GITHUB_TOKEN.

Project structure

core/                 Python backend
├── api/              FastAPI routes (investigations, chats, graph, modules, models)
├── agent/            the agentic layer
│   ├── graph.py      LangGraph plan → act loop (production orchestration)
│   ├── loop.py       shared prompts + helpers
│   ├── tools.py      dispatch → validate → commit pipeline
│   ├── llm/          provider‑agnostic LLM client (LangChain)
│   └── mcp/          MCP client, module wrapper, registry, servers.json
├── modules/          module registry + structurer + built‑in nmap_vulners
├── db/               FalkorDB (graph) + Redis (state) access
├── models/ schemas/  Pydantic models
└── tasks.py          Celery tasks (runs the agent)

lab/                  Next.js frontend (chat UI + live graph)
mcp/                  Dockerfiles for the bundled MCP servers (pd, node)
docker-compose.yml    the full stack

Acknowledgements

The interactive force‑directed graph in lab/components/graph/ is ported from Flowsint. Huge thanks to that project, the source files carry a // [PORTED FROM FLOWSINT] header.

About

Ophanim is an open source OSINT/RECON platform with autonomous agent reasoning and graph entity correlation.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors