MatrixTM26 / Atmosphere Overview

Atmosphere

A self-hosted OSINT & network intelligence platform written in Go. Combines IP geolocation, DNS resolution, SSL inspection, Whois lookup, and HTTP header analysis into a single dark-themed web interface — built for security researchers and red teamers.

8 Tools
Go Backend
3D Globe Map
Zero Dependencies
Educational Use Only. Information is derived from standard HTTP headers, public browser APIs, and third-party IP geolocation providers. No personal data is stored or exfiltrated. Use only for education and lawful security research.

What is Atmosphere?

Atmosphere is a lightweight, zero-external-dependency OSINT tool designed to run entirely on your own infrastructure. It wraps multiple reconnaissance primitives — geolocation, DNS, SSL, Whois, HTTP headers — into a single coherent UI that feels like a GitHub-native dark interface.

The backend is pure Go with no ORM, no framework, and no persistent database. All lookups are performed in real-time using Go's standard library and a small set of well-known public APIs.

Architecture

Frontend
Vanilla HTML/CSS/JS served directly from Go's net/http. No build step, no bundler. Font Awesome icons, Leaflet.js for 2D maps, Three.js-based 3D globe for geolocation visualization.
Backend
Go HTTP server exposing REST JSON endpoints under /api/ and serving static assets. Services are decoupled via interfaces in internal/service/.
External
Public IP geolocation APIs (ipwho.is, ip-api.com, ipinfo.io), system DNS resolver, TLS dial for SSL inspection, WHOIS TCP port 43.

Project Structure

Atmosphere/
cmd/server/ Entrypoint — main.go
internal/
model/ All data structs (GeoInfo, DnsLookupResult, SslCheckResult…)
service/ DNS, SSL, Whois, Header, Redirect services
web/
templates/ index.html — single-page app shell
static/ CSS, JS (app.js), SVG logo, images
go.mod
build.sh Build script

Installation

Prerequisites

Go 1.21 or later Standard library only, no third-party Go modules required
Git To clone the repository
Internet access For outbound geolocation API requests and WHOIS queries

Clone & Build

bash
git clone https://github.com/MatrixTM26/Atmosphere.git
cd Atmosphere
chmod +x build.sh
./build.sh

The build script runs go mod tidy, compiles the binary to ./atmosphere, and marks it executable.

Manual Build

bash
go mod tidy
go build -o atmosphere ./cmd/server/main.go
chmod +x atmosphere

Run

bash
./atmosphere
# Server starts on http://localhost:8080
Port configuration. By default the server listens on :8080. Check cmd/server/main.go to change the bind address or port.

Quick Start

After running ./atmosphere, open http://localhost:8080 in your browser.

1
Self Scan — The default view. Atmosphere immediately geolocates your own public IP, fingerprints your device/browser, and displays all HTTP headers your client sent.
2
Navigate via Sidebar — Use the left sidebar to switch between tools. The sidebar collapses to icon-only mode on smaller screens.
3
IP Lookup — Enter any IPv4 or IPv6 address and press Lookup. Results render on both a 2D Leaflet map and an interactive 3D globe. Use the Export JSON button to save raw results.
4
Export — Every tool with structured results includes an Export JSON button that downloads the raw API response.

Self Scan

Self Scan is the landing view. When opened, it automatically queries the server for the visitor's own IP-derived intelligence without any user input. All data is collected server-side from HTTP headers.

Endpoint /api/visitor
Method GET
Auth None

What it collects

CategoryFields
Geolocation City, Region, Country, Lat/Lon, ISP, ASN, Timezone, Proxy/VPN/Hosting flags
Device Browser name & version, OS name & version, Device type, Engine
Network Public IP, Protocol, User-Agent, Accept-Language, Referer, Host header
Classification IP version (v4/v6), Private, Loopback, Multicast flags, Binary octets
Client Hints Screen resolution, color depth, hardware threads, device memory, timezone, language list

IP Lookup

Resolves geolocation data for any public IPv4 or IPv6 address. Results are displayed in a structured panel with a dual-mode map (2D Leaflet and interactive 3D globe) and deep-linked to Google Maps and OpenStreetMap.

Endpoint /api/geo?ip=<address>
Method GET
Input ip — query param, IPv4 or IPv6

Example request

curl
curl "http://localhost:8080/api/geo?ip=202.4.186.101"

Response fields

FieldTypeDescription
IpstringQueried IP address
CitystringCity derived from geolocation
RegionstringRegion / State / Province
CountrystringCountry name
CountryCodestringISO 3166-1 alpha-2
Latitudefloat64Geographic latitude
Longitudefloat64Geographic longitude
IspstringInternet Service Provider name
AsnstringAutonomous System Number
ProxyboolDetected as proxy/VPN
HostingboolDetected as hosting/datacenter IP
GoogleMapUrlstringDirect Google Maps link
Private addresses. Private, loopback, and multicast addresses (10.x.x.x, 192.168.x.x, ::1, etc.) will return an error. Only publicly routable IPs are resolvable.

Batch Lookup

Resolves geolocation data for multiple IP addresses simultaneously. Enter one IP per line; results render in a collapsible per-IP panel. Each entry is individually exportable as JSON.

Endpoint /api/geo/batch
Method POST
Content-Type application/json

Request body

json
{
  "ips": [
    "8.8.8.8",
    "1.1.1.1",
    "202.4.186.101"
  ]
}

DNS Tools

Three DNS operations in one view: forward hostname resolution, reverse PTR lookup, and full DNS record inspection. All lookups use Go's net.Resolver with a 4-second timeout.

Forward Lookup
Endpoint /api/dns/resolve?host=<hostname>

Resolves a hostname to its A / AAAA records. Returns all IP addresses bound to the domain.

Reverse Lookup
Endpoint /api/dns/reverse?ip=<address>

Performs a reverse PTR lookup on a given IP. Returns associated hostnames if PTR records exist.

Full Record Lookup
Endpoint /api/dns/records?host=<hostname>

Retrieves A, AAAA, MX, NS, TXT, CNAME, and SOA records for a domain simultaneously.

Port Scan

The DNS Tools view also includes a port availability check against 18 common TCP ports. Ports are probed with a 2-second dial timeout; response latency is reported in milliseconds.

FTP 21 SSH 22 Telnet 23 SMTP 25 DNS 53 HTTP 80 POP3 110 IMAP 143 HTTPS 443 SMTPS 465 IMAPS 993 POP3S 995 MySQL 3306 RDP 3389 PostgreSQL 5432 Redis 6379 HTTP-Alt 8080 HTTPS-Alt 8443

SSL Certificate

Dials a host on TCP port 443 using Go's crypto/tls package and inspects the presented certificate chain. No HTTP request is made — this is a raw TLS handshake only.

Endpoint /api/ssl?host=<hostname>
Method GET
Timeout 6 seconds

Certificate fields

FieldDescription
SubjectCommon Name (CN) of the certificate
IssuerCertificate Authority that signed the cert
SerialNumberUnique serial number in decimal
SignatureAlgorithme.g. SHA256-RSA, ECDSA
NotBefore / NotAfterValidity window in RFC3339 UTC
DaysUntilExpiryInteger countdown in days (negative = expired)
IsExpiredTrue if current time is past NotAfter
IsSelfSignedTrue if Subject CN equals Issuer CN
DnsNamesSANs (Subject Alternative Names)
TlsVersionNegotiated TLS version (TLS 1.2, TLS 1.3…)
CipherSuiteNegotiated cipher suite name

Example request

curl
curl "http://localhost:8080/api/ssl?host=github.com"

Whois Lookup

Performs a WHOIS query over TCP port 43 against the appropriate registry server for the queried TLD. Supports automatic referral chaining (IANA → TLD-specific server).

Endpoint /api/whois?domain=<domain>
Method GET
Timeout 6 seconds

Supported TLDs

.com .net .org .io .co .dev .app .info .biz .us .me .tv .cc .xyz .id .sg .uk .ai

All other TLDs fall back to whois.iana.org as the referral resolver.

Example request

curl
curl "http://localhost:8080/api/whois?domain=github.com"

Header Inspector

Issues an HTTP GET request to any target URL and returns all response headers along with a security header presence report. Follows up to 10 redirects.

Endpoint /api/headers?url=<url>
Method GET
Timeout 8 seconds
User-Agent Atmosphere-OSINT-Tool

Security header flags

HeaderFlag field
Strict-Transport-SecurityHasHsts
Content-Security-PolicyHasCsp
X-Frame-OptionsHasXFrameOptions
X-Content-Type-OptionsHasXContentTypeOpts
Referrer-PolicyHasReferrerPolicy

Network Tools

Provides two HTTP-level network diagnostic utilities: redirect chain tracing and raw port checking on arbitrary hosts.

Redirect Tracer
Endpoint /api/redirect?url=<url>
Max hops 15
Timeout 10 seconds

Traces each HTTP redirect hop individually. Reports URL, status code, Location header value, and per-hop response latency in milliseconds.

curl
curl "http://localhost:8080/api/redirect?url=http://github.com"
Port Checker
Endpoint /api/ports?host=<hostname>

On-demand TCP port scan against the same 18-port set used by DNS Tools. See DNS Tools → Port Scan for the full port list.

API Reference

All endpoints return Content-Type: application/json. Error responses use a consistent envelope.

Error envelope

json
{
  "error": "description of what went wrong"
}

Endpoint summary

MethodPathDescription
GET /api/visitor Self scan (caller's own data)
GET /api/geo?ip= Geolocate a single IP
POST /api/geo/batch Geolocate multiple IPs
GET /api/dns/resolve?host= Forward DNS lookup
GET /api/dns/reverse?ip= Reverse PTR lookup
GET /api/dns/records?host= Full DNS record set
GET /api/ports?host= TCP port availability check
GET /api/ssl?host= TLS certificate inspection
GET /api/whois?domain= WHOIS domain record
GET /api/headers?url= HTTP response headers
GET /api/redirect?url= Redirect chain trace

Build & Deploy

Build script

build.sh
#!/usr/bin/sh

go mod tidy
go build -o atmosphere ./cmd/server/main.go
chmod +x atmosphere
echo "build finished."

Run as a background service

bash
nohup ./atmosphere > atmosphere.log 2>&1 &
echo $! > atmosphere.pid
# To stop:
kill $(cat atmosphere.pid)

Systemd unit (optional)

/etc/systemd/system/atmosphere.service
[Unit]
Description=Atmosphere OSINT Tool
After=network.target

[Service]
ExecStart=/opt/atmosphere/atmosphere
WorkingDirectory=/opt/atmosphere
Restart=on-failure
User=nobody

[Install]
WantedBy=multi-user.target
bash
sudo systemctl enable atmosphere
sudo systemctl start atmosphere
sudo systemctl status atmosphere

License

Atmosphere is open source software. See the LICENSE file in the repository root for the full text.

This tool is provided for educational and lawful security research purposes. The authors are not responsible for misuse. Always obtain proper authorization before performing reconnaissance on systems you do not own.