DexSentinel is a high-performance, real-time threat intelligence aggregator designed to provide global visibility into attack surface pressure. It correlates live telemetry with public OSINT feeds to offer a unified dashboard for security researchers and SOC analysts.
Experience the live intelligence feed: https://dexsentinel.iamdex.codes
- Global Threat Map: Visualizing attack surface pressure using D3.js and TopoJSON. Real-time pulses indicate live detections from session telemetry and OSINT sources.
- Unified IOC Investigation: Sub-second reputation lookups for IPs, Domains, and File Hashes via a multi-provider integration pipeline.
- Multi-Source Correlation: Aggregates data from VirusTotal, AbuseIPDB, Shodan, CrowdSec, and ThreatFox.
- Queue-First Architecture: Built with BullMQ and Redis for resilient, asynchronous threat processing and historical ingress tracking.
- Trending CVE Watch: Real-time monitoring of high-pressure vulnerabilities and active campaigns.
- Session Telemetry: Seamless integration for tracking live telemetry alongside public hotspots.
- Framework: Next.js 15 (App Router, React 18)
- Styling: Tailwind CSS with a custom cyber-industrial design system.
- Visualization: D3.js & TopoJSON for geospatial mapping.
- Animations: Framer Motion for fluid UI transitions.
- Persistence: Supabase (PostgreSQL) for IOC storage and reputation caching.
- Queueing: BullMQ & Redis for asynchronous lookup jobs.
- Icons: Lucide React
DexSentinel utilizes a distributed architecture to ensure sub-second response times:
- Ingress: Public feeds and session telemetry hit the API gateway.
- Queueing: Jobs are dispatched to Redis via BullMQ.
- Processing: Specialized workers fetch context from upstream providers (VirusTotal, etc.).
- Persistence: Results are cached in Supabase for high-speed retrieval.
- Streaming: Live updates are pushed to the frontend via Server-Sent Events (SSE).
Returns aggregate database statistics (total IPs tracked, hashes, active detections).
Asynchronously initiates an investigation for a specific IP. Triggers the background worker if data is stale.
A Server-Sent Event (SSE) stream providing real-time threat map updates.
- Node.js 20+
- Redis Server (local or managed)
- Supabase Project
-
Clone the repository:
git clone https://github.com/your-repo/DexSentinel.git cd DexSentinel -
Install dependencies:
npm install
-
Configure Environment Variables: Copy
.env.exampleto.env.localand fill in your API keys:cp .env.example .env.local
-
Run the development server:
npm run dev
-
Start the background worker: In a separate terminal:
npm run worker
Distributed under the MIT License. See LICENSE for more information.
Built with ⚡ by Dibyanshu Sekhar