Atmosphere
A self-hosted OSINT & network intelligence platform written in Go. Combines IP geolocation, DNS resolution, SSL inspection, Whois lookup, and HTTP header analysis into a single dark-themed web interface — built for security researchers and red teamers.
What is Atmosphere?
Atmosphere is a lightweight, zero-external-dependency OSINT tool designed to run entirely on your own infrastructure. It wraps multiple reconnaissance primitives — geolocation, DNS, SSL, Whois, HTTP headers — into a single coherent UI that feels like a GitHub-native dark interface.
The backend is pure Go with no ORM, no framework, and no persistent database. All lookups are performed in real-time using Go's standard library and a small set of well-known public APIs.
Architecture
net/http. No build step,
no bundler. Font Awesome icons, Leaflet.js
for 2D maps, Three.js-based 3D globe for
geolocation visualization.
/api/
and serving static assets. Services are
decoupled via interfaces in
internal/service/.
Project Structure
main.go
Installation
Prerequisites
Clone & Build
git clone https://github.com/MatrixTM26/Atmosphere.git
cd Atmosphere
chmod +x build.sh
./build.sh
The build script runs go mod tidy,
compiles the binary to ./atmosphere,
and marks it executable.
Manual Build
go mod tidy
go build -o atmosphere ./cmd/server/main.go
chmod +x atmosphere
Run
./atmosphere
# Server starts on http://localhost:8080
:8080. Check
cmd/server/main.go to change the
bind address or port.
Quick Start
After running ./atmosphere, open
http://localhost:8080 in your browser.
Self Scan
Self Scan is the landing view. When opened, it automatically queries the server for the visitor's own IP-derived intelligence without any user input. All data is collected server-side from HTTP headers.
/api/visitor
GET
What it collects
IP Lookup
Resolves geolocation data for any public IPv4 or IPv6 address. Results are displayed in a structured panel with a dual-mode map (2D Leaflet and interactive 3D globe) and deep-linked to Google Maps and OpenStreetMap.
/api/geo?ip=<address>
GET
ip — query param, IPv4 or IPv6
Example request
curl "http://localhost:8080/api/geo?ip=202.4.186.101"
Response fields
IpstringQueried IP address
CitystringCity derived from geolocation
RegionstringRegion / State / Province
CountrystringCountry name
CountryCodestringISO 3166-1 alpha-2
Latitudefloat64Geographic latitude
Longitudefloat64Geographic longitude
IspstringInternet Service Provider name
AsnstringAutonomous System Number
ProxyboolDetected as proxy/VPN
HostingboolDetected as hosting/datacenter IP
GoogleMapUrlstringDirect Google Maps link
Batch Lookup
Resolves geolocation data for multiple IP addresses simultaneously. Enter one IP per line; results render in a collapsible per-IP panel. Each entry is individually exportable as JSON.
/api/geo/batch
POST
application/json
Request body
{
"ips": [
"8.8.8.8",
"1.1.1.1",
"202.4.186.101"
]
}
DNS Tools
Three DNS operations in one view: forward hostname
resolution, reverse PTR lookup, and full DNS record
inspection. All lookups use Go's
net.Resolver with a 4-second timeout.
/api/dns/resolve?host=<hostname>
Resolves a hostname to its A / AAAA records. Returns all IP addresses bound to the domain.
/api/dns/reverse?ip=<address>
Performs a reverse PTR lookup on a given IP. Returns associated hostnames if PTR records exist.
/api/dns/records?host=<hostname>
Retrieves A, AAAA, MX, NS, TXT, CNAME, and SOA records for a domain simultaneously.
Port Scan
The DNS Tools view also includes a port availability check against 18 common TCP ports. Ports are probed with a 2-second dial timeout; response latency is reported in milliseconds.
21
SSH 22
Telnet 23
SMTP 25
DNS 53
HTTP 80
POP3 110
IMAP 143
HTTPS 443
SMTPS 465
IMAPS 993
POP3S 995
MySQL 3306
RDP 3389
PostgreSQL 5432
Redis 6379
HTTP-Alt 8080
HTTPS-Alt 8443
SSL Certificate
Dials a host on TCP port 443 using Go's
crypto/tls package and inspects the
presented certificate chain. No HTTP request is made
— this is a raw TLS handshake only.
/api/ssl?host=<hostname>
GET
6 seconds
Certificate fields
SubjectCommon Name (CN) of the certificate
IssuerCertificate Authority that signed the
cert
SerialNumberUnique serial number in decimal
SignatureAlgorithme.g. SHA256-RSA, ECDSA
NotBefore / NotAfterValidity window in RFC3339 UTC
DaysUntilExpiryInteger countdown in days (negative =
expired)
IsExpiredTrue if current time is past NotAfter
IsSelfSignedTrue if Subject CN equals Issuer CN
DnsNamesSANs (Subject Alternative Names)
TlsVersionNegotiated TLS version (TLS 1.2, TLS
1.3…)
CipherSuiteNegotiated cipher suite name
Example request
curl "http://localhost:8080/api/ssl?host=github.com"
Whois Lookup
Performs a WHOIS query over TCP port 43 against the appropriate registry server for the queried TLD. Supports automatic referral chaining (IANA → TLD-specific server).
/api/whois?domain=<domain>
GET
6 seconds
Supported TLDs
All other TLDs fall back to
whois.iana.org as the referral
resolver.
Example request
curl "http://localhost:8080/api/whois?domain=github.com"
Header Inspector
Issues an HTTP GET request to any target URL and returns all response headers along with a security header presence report. Follows up to 10 redirects.
/api/headers?url=<url>
GET
8 seconds
Atmosphere-OSINT-Tool
Security header flags
Strict-Transport-SecurityHasHsts
Content-Security-PolicyHasCsp
X-Frame-OptionsHasXFrameOptions
X-Content-Type-OptionsHasXContentTypeOpts
Referrer-PolicyHasReferrerPolicy
Network Tools
Provides two HTTP-level network diagnostic utilities: redirect chain tracing and raw port checking on arbitrary hosts.
/api/redirect?url=<url>
15
10 seconds
Traces each HTTP redirect hop individually. Reports URL, status code, Location header value, and per-hop response latency in milliseconds.
curl "http://localhost:8080/api/redirect?url=http://github.com"
/api/ports?host=<hostname>
On-demand TCP port scan against the same 18-port set used by DNS Tools. See DNS Tools → Port Scan for the full port list.
API Reference
All endpoints return
Content-Type: application/json. Error
responses use a consistent envelope.
Error envelope
{
"error": "description of what went wrong"
}
Endpoint summary
/api/visitor
Self scan (caller's own data)
/api/geo?ip=
Geolocate a single IP
/api/geo/batch
Geolocate multiple IPs
/api/dns/resolve?host=
Forward DNS lookup
/api/dns/reverse?ip=
Reverse PTR lookup
/api/dns/records?host=
Full DNS record set
/api/ports?host=
TCP port availability check
/api/ssl?host=
TLS certificate inspection
/api/whois?domain=
WHOIS domain record
/api/headers?url=
HTTP response headers
/api/redirect?url=
Redirect chain trace
Build & Deploy
Build script
#!/usr/bin/sh
go mod tidy
go build -o atmosphere ./cmd/server/main.go
chmod +x atmosphere
echo "build finished."
Run as a background service
nohup ./atmosphere > atmosphere.log 2>&1 &
echo $! > atmosphere.pid
# To stop:
kill $(cat atmosphere.pid)
Systemd unit (optional)
[Unit]
Description=Atmosphere OSINT Tool
After=network.target
[Service]
ExecStart=/opt/atmosphere/atmosphere
WorkingDirectory=/opt/atmosphere
Restart=on-failure
User=nobody
[Install]
WantedBy=multi-user.target
sudo systemctl enable atmosphere
sudo systemctl start atmosphere
sudo systemctl status atmosphere
License
Atmosphere is open source software. See the
LICENSE file in the repository root for
the full text.