-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Platform Backend Frontend License Status
NexusIntel is an enterprise-style cyber investigation and intelligence platform built for modern analysts, researchers, SOC teams, and infrastructure investigators.
The platform is designed to transform fragmented intelligence into structured investigations through:
- relationship mapping
- infrastructure correlation
- graph analysis
- enrichment pipelines
- evidence management
- investigation timelines
- analyst workspaces
Unlike traditional OSINT utilities or standalone scanners, NexusIntel focuses on investigative workflows and infrastructure relationships at scale.
- Persistent investigation cases
- Analyst activity tracking
- Tagged findings
- Timeline reconstruction
- Evidence organization
- Multi-session workflows
- Domain analysis
- ASN intelligence
- Reverse DNS mapping
- TLS certificate pivots
- Shared infrastructure discovery
- Relationship scoring
- Interactive node graphs
- Pivot visualization
- Cluster analysis
- Infrastructure mapping
- Dynamic filtering
- Exportable relationships
- AbuseIPDB
- Shodan
- VirusTotal
- GreyNoise
- OTX
- Censys integrations
The NexusIntel graph engine enables investigators to visualize relationships between:
Domains
IP Addresses
ASNs
TLS Certificates
Usernames
Hashes
Technologies
Organizations
Infrastructure Clusters
Supports:
- drag-and-drop interaction
- animated pivots
- clustering
- filtering
- node scoring
- relationship confidence levels
Centralized evidence storage supporting:
- screenshots
- logs
- JSON evidence
- analyst notes
- timeline references
- metadata indexing
Each evidence object is automatically associated with:
- timestamps
- SHA256 hashes
- investigation cases
- analyst attribution
NexusIntel supports modular enrichment pipelines for:
- IP intelligence
- domain intelligence
- ASN correlation
- technology fingerprinting
- passive DNS
- geolocation
- infrastructure profiling
API integrations are optional and securely loaded using environment variables.
Frontend
├── React
├── TailwindCSS
├── Framer Motion
├── Cytoscape.js
└── Zustand
Backend
├── FastAPI
├── SQLAlchemy
├── AsyncIO
├── Pydantic
└── Modular Services
Database
├── SQLite
└── PostgreSQL
Deployment
├── Docker
├── Docker Compose
└── Linux VPS Ready
nexusintel/
│
├── frontend/
├── backend/
│ ├── api/
│ ├── enrichers/
│ ├── intelligence/
│ ├── graph/
│ ├── evidence/
│ ├── reports/
│ ├── database/
│ └── workers/
│
├── docker/
├── docs/
├── screenshots/
├── scripts/
└── .github/
Track:
- enrichment activity
- infrastructure changes
- analyst actions
- evidence uploads
- relationship pivots
Detect related infrastructure using:
- shared certificates
- ASN overlap
- favicon hashes
- hosting providers
- DNS reuse
- TLS fingerprints
Replay pivot chains and analyst workflows visually.
Global visualization of infrastructure relationships and investigation clusters.
git clone https://github.com/xdrew87/nexusintel.git
cd nexusintelcd backend python -m venv venv # Linux/macOS source venv/bin/activate # Windows venv\Scripts\activate pip install -r requirements.txt uvicorn main:app --reload
cd frontend
npm install
npm run devdocker-compose up --build
NexusIntel is intended strictly for:
- authorized investigations
- defensive security operations
- threat intelligence analysis
- infrastructure research
- OSINT workflows
Users are responsible for ensuring compliance with:
- local laws
- provider policies
- platform terms
- responsible disclosure standards
- Autonomous pivot engine
- Live collaboration
- Multi-tenant workspaces
- Threat feed ingestion
- Sigma rule exports
- Infrastructure scoring engine
- AI-assisted investigation workflows
- PCAP correlation support
- Investigation snapshots
- Real-time graph synchronization
Contributions, feature requests, and issue reports are welcome.
Please review:
- CONTRIBUTING.md
- SECURITY.md
- CODE_OF_CONDUCT.md
before submitting pull requests.
MIT License © xdrew87