An enterprise-grade, high-fidelity threat intelligence and reconnaissance platform.
DarkLens is a centralized session management and monitoring hub designed for security researchers and threat analysts. It solves the friction of managing dozens of isolated sock-puppet accounts across various threat actor forums, Telegram channels, and dark web portals.
By maintaining persistent, authenticated access via injected session cookies and local storage directly into a sandboxed Chromium instance, DarkLens enables instant, seamless access to gated intelligence sources without the need for repeated logins.
Launch an authenticated browsing session instantly. The platform serializes and securely stores your session state, injecting it directly into a sandboxed browser environment on demand.
DarkLens injects a discreet, context-aware Floating Action Button (FAB) directly into your research sessions.
- Context Capture: Instantly grab full-page screenshots and target metadata without leaving the browser.
- Session Sync: Update and save your authentication state back to the database directly from the HUD.
A robust threat intelligence note-taking system built with rich Markdown support. Write full documentation, track target IOCs, clamp long-form text, and organize identities using a beautifully crafted glassmorphism interface.
A background polling engine runs cron jobs to constantly track the infrastructure (A, NS, MX, TXT records) of all monitored targets. Shifts in proxies, DDoS protection, or backend hosting are logged historically to expose hidden infrastructure.
Connect directly to the Telegram network using MTProto (GramJS). Bypass fragile scraping blocks and pull live intelligence, media, and messages from private groups and channels seamlessly.
Targets can be configured with dual URLs (Surface and Onion). The launcher automatically detects .onion addresses and routes traffic through a local Tor proxy (127.0.0.1:9050) while retaining the speed and translation features of standard Chromium.
Ensure you have the following installed on your system before proceeding:
- Node.js (v18 or higher)
- MongoDB (Local instance or MongoDB Atlas)
- Tor Service (Running locally on port
9050for.onionaccess) - Google Chrome / Chromium (Installed locally for Playwright functionality)
-
Clone the repository:
git clone https://github.com/stukryptx/DarkLens.git cd DarkLens -
Configure the Environment: Copy the example environment file and configure it with your database credentials.
cp .env.example .env
-
Install Dependencies & Launch (Foreground): We have provided a unified startup script that will automatically install all NPM dependencies for both the frontend and backend, and start the development servers concurrently.
chmod +x start.sh ./start.sh
Access the Command Center at:
http://localhost:5173 -
Background Daemon Installation (Recommended): DarkLens includes a cross-platform installer that maps a custom local domain and configures the platform as an OS-level background service (Systemd on Linux, Launchd on macOS).
chmod +x install.sh ./install.sh
Once installed, DarkLens runs automatically on boot. Access the Command Center at:
http://darklens.local:5173
| Layer | Technologies Used |
|---|---|
| Frontend | React, Vite, React Router, Lucide Icons, Glassmorphism UI |
| Backend | Node.js, Express.js, MongoDB (Mongoose) |
| Browser Engine | Playwright (Chromium orchestration, context injection) |
| Integrations | GramJS (Telegram MTProto), Node-Cron, DNS Resolve |
Warning
Strictly for Authorized Research DarkLens is built exclusively for authorized security research, continuous monitoring, and threat intelligence analysis by cybersecurity professionals. Any usage for malicious purposes, unauthorized access, or illegal activities is strictly prohibited. The developers assume no liability for misuse.
