DEV.co
Open-Source Security · PhonePe

mantis

Mantis is a Python-based CLI framework that automates security scanning workflows for asset discovery, reconnaissance, and vulnerability detection. It ingests top-level domains or IP ranges and outputs findings on subdomains, open ports, misconfigurations, secrets, and phishing domains via a MongoDB-backed dashboard.

Source: GitHub — github.com/PhonePe/mantis
1k
GitHub stars
134
Forks
Python
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryPhonePe/mantis
OwnerPhonePe
Primary languagePython
LicenseApache-2.0 — OSI-approved
Stars1k
Forks134
Open issues22
Latest releasecli-1.6.0 (2025-03-21)
Last updated2026-07-07
Sourcehttps://github.com/PhonePe/mantis

What mantis is

Mantis orchestrates open-source and custom security tools (subdomain enumeration, port scanning, WAF/CDN detection, secrets scanning) in parallel workflows, with support for distributed scanning via Ray framework. It stores results in MongoDB and visualizes them through an AppSmith dashboard; minimum single-machine deployment requires 4GB RAM, 2 cores, 16GB storage.

Quickstart

Get the mantis source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/PhonePe/mantis.gitcd mantis# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Attack Surface Management (ASM)

Continuously discover and monitor subdomains, certificates, and exposed assets across organizational TLDs; ideal for teams managing large domain portfolios and needing centralized visibility.

Bug Bounty & Penetration Testing Reconnaissance

Automate initial reconnaissance phases (subdomain enumeration, port mapping, technology detection, secret scanning) to reduce manual labor and accelerate scope definition.

Internal Security Audits & Compliance Scanning

Scan IP ranges and internal assets for misconfigurations, open ports, and secrets; integrate with CI/CD or scheduled scans for continuous compliance monitoring.

Implementation considerations

  • Provision dedicated VM with ≥4GB RAM, ≥2 cores, ≥16GB storage; tool is CPU-intensive when running parallel scans (thread count configurable via -tc flag).
  • Docker setup is recommended entry point (docker-compose includes MongoDB and AppSmith); shell scripts provided for macOS and Ubuntu only.
  • Dashboard requires initial onboard scan and manual AppSmith account setup; JSON template import required to visualize results.
  • Distributed scanning via Ray framework available (-r flag) for scale; requires multi-node setup and understanding of actor model.
  • Customize workflows and tool integration via config files; framework advertises ability to add new tools in minutes but no templating details provided in excerpt.

When to avoid it — and what to weigh

  • Lightweight, Single-Purpose Tool Needed — Mantis combines many tools and runs CPU-intensively in parallel; it is not suitable for resource-constrained environments or teams needing only one specific scanner.
  • Production-Grade SLA/Support Required — Tool is in beta phase (per README); no formal support SLA, security guarantees, or vendor backing evident. Unsuitable for mission-critical, unmanaged deployments.
  • Requires Extensive Third-Party Integrations — Framework is self-contained with MongoDB and AppSmith; limited evidence of pre-built integrations with popular SIEM, ticketing, or orchestration platforms.
  • Windows-Only Infrastructure — Supported OS documented as Ubuntu and macOS only; no official Windows support stated.

License & commercial use

Licensed under Apache License 2.0 (Apache-2.0), a permissive OSI-approved license allowing commercial use, modification, and distribution with limitations on liability and trademark use.

Apache-2.0 is permissive and permits commercial use. However, tool is in beta phase with no explicit vendor support, security certifications, or commercial indemnification; organizations should review liability, support, and maintenance expectations before production deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Tool is designed to *conduct* security scanning; no explicit security posture (vulnerability disclosure, CVSS scoring, threat model, or secure coding practices) documented in README. Beta-phase status and lack of formal security certification warrant review before scanning sensitive assets. Ensure proper credential management (AWS profiles can be passed; details on secrets storage unclear). Secrets scanning module present but mechanisms for secure secret handling during scans not detailed.

Alternatives to consider

Shodan / Censys (Commercial SaaS)

Provide passive asset discovery and reconnaissance without running active scans; cloud-hosted with no deployment overhead, but limited customization and subscription cost.

Nuclei (Open Source)

Focused vulnerability scanner with simple YAML template-based rules; lighter-weight than Mantis but lacks discovery and recon automation, requires manual workflow chaining.

Nessus / Qualys (Commercial)

Enterprise vulnerability management platforms with advanced reporting, compliance frameworks, and vendor support; higher cost and learning curve than Mantis but battle-tested for production use.

Software development agency

Build on mantis with DEV.co software developers

Mantis is in beta and ideal for teams building internal attack surface management pipelines. Start with Docker, run your first scan in minutes, and integrate with your existing security workflows.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

mantis FAQ

Can Mantis scan Windows or macOS endpoints directly?
Supported OS for *running* Mantis are Ubuntu and macOS only. Scans can target IP ranges and domains (not OS-specific); endpoint scanning capability not explicitly stated.
What happens if a scan is interrupted or a node fails during distributed scanning?
Unknown. Ray integration is mentioned for distributed scans, but failure handling, resumption, and consistency mechanisms are not documented in the excerpt.
How are API keys and credentials for integrated tools (e.g., AWS Route53) securely stored?
AWS profiles can be passed via CLI (-aws flag); mechanism for secure credential storage and rotation not documented. Requires review before using with sensitive credentials.
Does Mantis require internet access to run, and does it phone home?
Not stated. Tools integrated likely require external API calls (e.g., WHOIS, DNS, vulnerability feeds); telemetry and data exfiltration not documented. Requires review for air-gapped deployments.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like mantis into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.

Ready to Automate Your Security Reconnaissance?

Mantis is in beta and ideal for teams building internal attack surface management pipelines. Start with Docker, run your first scan in minutes, and integrate with your existing security workflows.