🛡️ Heimdall — a self-hosted OSINT monitor for your online identity

Heimdall is a self-hosted OSINT monitor developed as a spare-time project. It watches for mentions of a given identity across the web and provides alerts when new material appears.

The core approach is straightforward: scheduled scans are executed across a configurable set of sources, all findings are stored locally, and a structured triage workflow is provided for reviewing results. No cloud dependency or third-party service is required — data is stored in a local SQLite database and accessed through a terminal interface.

What it monitors

Heimdall covers 11 categories of web presence by default:

• Username enumeration across 500+ sites (via Maigret)
• Search engine indexing
• Data breach databases (Have I Been Pwned, IntelX)
• Paste sites
• TLS certificate transparency logs (crt.sh)
• Reverse image indexing
• Code repositories (GitHub)
• Social platforms
• People-search aggregators and data brokers
• Domain & WHOIS monitoring
• Network reconnaissance

How the triage works

Each scan run compares results against prior findings — only net-new entries are surfaced. Findings are assigned a severity level (info / low / medium / high / critical) and can be tagged, annotated, or dismissed through an interactive one-key review interface. Stale findings that remain unreviewed auto-escalate after a configurable number of days. Domains repeatedly marked as false positives are automatically whitelisted, so signal quality improves over time.

Signal and webhook notifications provide visibility between review sessions.

Under the hood

• Python 3.11+, available on PyPI (pip install heimdall-monitor)
• SQLite for local storage — no external database required
• Plugin architecture (~15 plugins, some requiring a self-hosted SearXNG instance)
• Docker Compose for the optional services (SearXNG, etc.)
• heimdall init for interactive setup, heimdall doctor to validate the configuration

Multi-profile support allows tracking of multiple identities from a single installation.

The project is open-source under the MIT license and available on GitLab: gitlab.com/dequidt/heimdall. Feedback and contributions are welcome.