Home
NexusIntel is an enterprise-style cyber investigation and intelligence platform built for modern analysts, researchers, SOC teams, and infrastructure investigators.
The platform is designed to transform fragmented intelligence into structured investigations through:
- relationship mapping
- infrastructure correlation
- graph analysis
- enrichment pipelines
- evidence management
- investigation timelines
- analyst workspaces
Unlike traditional OSINT utilities or standalone scanners, NexusIntel focuses on investigative workflows and infrastructure relationships at scale.
|
|
|
|
The NexusIntel graph engine enables investigators to visualize relationships between:
Domains
IP Addresses
ASNs
TLS Certificates
Usernames
Hashes
Technologies
Organizations
Infrastructure Clusters
Supports:
- drag-and-drop interaction
- animated pivots
- clustering
- filtering
- node scoring
- relationship confidence levels
Centralized evidence storage supporting:
- screenshots
- logs
- JSON evidence
- analyst notes
- timeline references
- metadata indexing
Each evidence object is automatically associated with:
- timestamps
- SHA256 hashes
- investigation cases
- analyst attribution
NexusIntel supports modular enrichment pipelines for:
- IP intelligence
- domain intelligence
- ASN correlation
- technology fingerprinting
- passive DNS
- geolocation
- infrastructure profiling
API integrations are optional and securely loaded using environment variables.
Frontend
├── React
├── TailwindCSS
├── Framer Motion
├── Cytoscape.js
└── Zustand
Backend
├── FastAPI
├── SQLAlchemy
├── AsyncIO
├── Pydantic
└── Modular Services
Database
├── SQLite
└── PostgreSQL
Deployment
├── Docker
├── Docker Compose
└── Linux VPS Ready
nexusintel/
│
├── frontend/
├── backend/
│ ├── api/
│ ├── enrichers/
│ ├── intelligence/
│ ├── graph/
│ ├── evidence/
│ ├── reports/
│ ├── database/
│ └── workers/
│
├── docker/
├── docs/
├── screenshots/
├── scripts/
└── .github/
Track:
- enrichment activity
- infrastructure changes
- analyst actions
- evidence uploads
- relationship pivots
Detect related infrastructure using:
- shared certificates
- ASN overlap
- favicon hashes
- hosting providers
- DNS reuse
- TLS fingerprints
Replay pivot chains and analyst workflows visually.
Global visualization of infrastructure relationships and investigation clusters.
git clone https://github.com/xdrew87/nexusintel.git
cd nexusintelcd backend
python -m venv venv
# Linux/macOS
source venv/bin/activate
# Windows
venv\Scripts\activate
pip install -r requirements.txt
uvicorn main:app --reloadcd frontend
npm install
npm run devdocker-compose up --buildNexusIntel is intended strictly for:
- authorized investigations
- defensive security operations
- threat intelligence analysis
- infrastructure research
- OSINT workflows
Users are responsible for ensuring compliance with:
- local laws
- provider policies
- platform terms
- responsible disclosure standards
- Autonomous pivot engine
- Live collaboration
- Multi-tenant workspaces
- Threat feed ingestion
- Sigma rule exports
- Infrastructure scoring engine
- AI-assisted investigation workflows
- PCAP correlation support
- Investigation snapshots
- Real-time graph synchronization
Contributions, feature requests, and issue reports are welcome.
Please review:
- CONTRIBUTING.md
- SECURITY.md
- CODE_OF_CONDUCT.md
before submitting pull requests.
MIT License © xdrew87