PHANTOM is a personal digital exposure audit and security reconnaissance tool within the Borealis AI suite. It reveals what your device, browser, and network broadcast to every website you visit — checks what the public internet knows about you — and audits the external attack surface of infrastructure you own.
This is a mirror, not a weapon. All scans analyze YOUR device, YOUR public data, and YOUR domains. Nothing is stored, transmitted, or logged beyond your browser session.
Architecture
Tier 1 — Device Fingerprint (Implemented)
100% client-side JavaScript. Probes browser APIs to reveal your unique digital signature: canvas hash, WebGL renderer, audio fingerprint, font enumeration, hardware profile, and entropy score.
Tier 2 — Network Exposure (Implemented)
Client-side + one API call. Reveals public IP, ISP, geolocation, WebRTC leak detection, connection metadata, and privacy feature assessment.
Tier 3 — OSINT / Public Footprint (Implemented)
Email breach checking (HIBP), password breach check via k-anonymity, username enumeration across 20+ platforms, and advanced Google dork generation for self-exposure discovery.
Tier 4 — Infrastructure Recon (NEW)
Domain and server audit tools mapping to Kali Linux equivalents. DNS enumeration, certificate transparency search, SSL/TLS analysis, HTTP security header auditing, SPF/DKIM/DMARC validation, and WHOIS/RDAP registration lookup. All via free public APIs.
Tier 5 — Local Forensic Tools (NEW)
100% client-side analysis utilities. EXIF/metadata extraction from images (GPS, camera, timestamps) and email header analysis for phishing forensics and routing trace.
Tool Reference — Kali / SANS Equivalents
🔎 DNS Recon API
Kali equivalent: dnsrecon, dnsenum, dig
Queries A, AAAA, MX, TXT, NS, SOA, CNAME records via Cloudflare DNS-over-HTTPS (no API key). TXT records reveal SPF policy, DMARC config, and service verification tokens (Google Workspace, Salesforce, etc). Free, unlimited.
📜 Certificate Transparency API
Kali equivalent: sublist3r, amass, certspotter
Queries crt.sh (Comodo CT log aggregator) for every SSL certificate ever issued for a domain. Reveals subdomains, staging servers, forgotten dev environments, and third-party integrations. This is the #1 technique attackers use for subdomain enumeration. Free, no key.
🔒 SSL/TLS Analyzer API
Kali equivalent: sslyze, testssl.sh, sslscan
Full TLS audit via Qualys SSL Labs API. Checks cipher suites, protocol versions (TLS 1.0/1.1/1.2/1.3), certificate chain validation, and known vulnerabilities (POODLE, Heartbleed, BEAST, DROWN, ROBOT). Returns A+ through F grade. Takes 60–90 seconds. Free, no key.
🛡️ HTTP Security Headers FETCH
Kali equivalent: nikto (header checks)
Audits HTTP response headers for security best practices: Content-Security-Policy, Strict-Transport-Security (HSTS), X-Content-Type-Options, X-Frame-Options, Permissions-Policy, Referrer-Policy, X-XSS-Protection. Most sites fail this check. Uses direct fetch — CORS permitting.
📧 SPF / DKIM / DMARC Validator API
SANS relevance: Email security, anti-phishing
Queries DNS TXT records to check: SPF (Sender Policy Framework) — who can send email as your domain; DMARC — what happens to failing emails (none/quarantine/reject); DKIM selectors — cryptographic signing verification. Shows whether your email domain is spoofable.
🌐 WHOIS / RDAP Lookup API
Kali equivalent: whois
RDAP (Registration Data Access Protocol) is the modern JSON-based replacement for legacy WHOIS. Returns registrar, nameservers, registration/expiry dates, registrant info (if not privacy-protected), and abuse contacts. Uses rdap.org bootstrap service. Free, no key.
🖼️ EXIF / Metadata Extractor CLIENT
Kali equivalent: exiftool, mat2
Extracts embedded EXIF metadata from JPEG/TIFF images entirely client-side: GPS coordinates (lat/lng), camera make/model, software used, timestamps, orientation, color space, and thumbnail data. Reveals what your photos broadcast before you upload them. Zero network calls.
📨 Email Header Analyzer CLIENT
SANS relevance: Phishing forensics, incident response
Parses raw email headers to reconstruct the full relay routing path. Extracts: originating IP, each Received hop with timestamps, SPF/DKIM/DMARC authentication results, and delay analysis between hops. Used by analysts to trace phishing emails to their source. Zero network calls.
Original Data Sources
Browser APIs CLIENT
Navigator, Screen, Canvas, WebGL, AudioContext, Performance, Connection, RTCPeerConnection — all probed locally
ipapi.co API
IP geolocation, ISP/ASN lookup, country/city. Free tier: 1,000 requests/day. No key required.
Have I Been Pwned API
Email breach database by Troy Hunt. k-Anonymity password check is FREE (no API key). Email breach lookup requires paid key ($3.50/month) — manual link provided.
HIBP Passwords (k-Anonymity) API
Checks passwords against 900M+ breached credentials. Only first 5 chars of SHA-1 hash transmitted — full password never leaves browser. Free, no key required.
Cloudflare DNS-over-HTTPS API
Privacy-respecting DNS resolution via cloudflare-dns.com/dns-query. Returns JSON. Used for DNS recon, SPF/DKIM/DMARC validation. Free, unlimited, no key.
crt.sh (Comodo) API
Certificate Transparency log aggregator. Returns JSON list of all certificates ever issued for a domain with issuance dates and SANs. Free, no key.
Qualys SSL Labs API
Industry-standard TLS grading via api.ssllabs.com/api/v3/. Async scan with polling. Returns comprehensive cipher/protocol/vulnerability analysis. Free, no key, rate-limited.
rdap.org API
RDAP bootstrap service. Routes domain queries to the correct registrar's RDAP server. Returns JSON registration data. Free, no key.
Disclaimer
⚠ FOR PERSONAL SELF-ASSESSMENT ONLY.
This tool is designed to help you understand your own digital exposure and audit infrastructure you own. Using it to investigate, profile, or surveil other individuals or organizations without their consent may violate applicable laws including the Computer Fraud and Abuse Act (CFAA). Borealis AI assumes no responsibility for misuse.
Fingerprint data is computed locally and never leaves your browser. IP geolocation uses a third-party API subject to their privacy policy (ipapi.co). Domain recon tools query public databases (DNS, CT logs, RDAP) which may log your queries.
Version
Phantom v2.1α · Borealis AI Suite · Single-file HTML · 7 Tiers · SubtleCrypto SHA-256 · Client-side processing
New in v2.1: Profile-driven full audit, Digital Hygiene Report with scoring, tab toggle (click to close), AI context exporter (13 tools), HTML report export
New in v2.0: DNS Recon, Certificate Transparency, SSL/TLS Analyzer, HTTP Security Headers, SPF/DKIM/DMARC Validator, WHOIS/RDAP Lookup, EXIF Metadata Extractor, Email Header Analyzer