I need an end-to-end solution that gives me real-time visibility over our public-facing assets and any related dark-web exposure. The work is split into two equally critical parts, so please scope your approach with that in mind: 1. ASM (Attack-Surface Management) module • Discover sub-domains and other Internet-facing assets automatically • Scan and track open ports / running services, flagging changes over time • Store historical data so trends and newly exposed services are obvious • Expose clean REST endpoints for each function (FastAPI or similar in Python preferred) 2. Dark-Web monitoring module • Crawl and scrape TOR “.onion” sites for brand, email or credential mentions • Correlate findings with the asset list from the ASM module • Trigger alerts when new leaks, credentials or mentions appear Core system expectations • Python backend, modular enough that the same API layer serves both modules • MongoDB or PostgreSQL for structured storage, whichever you’re more efficient with • Lightweight dashboard (simple React, Vue or even minimal HTML if faster) that surfaces key metrics and sends instant alerts (email / Slack / webhook) • Code must be clearly documented, environment variables handled through dotenv, and scraping components routed through Tor with proper fail-over Acceptance criteria • Running Docker Compose file spins up the entire stack with one command • First full scan completes without errors on a target I supply and data is visible in the dashboard • Dark-web crawler discovers at least one test leak I’ll provide and the alert fires within the dashboard and via webhook • Unit tests cover critical API routes and scraping functions Timeline: I’d like working prototypes in days, not weeks—please outline how you can deliver MVP functionality ASAP, then iterate quickly. If you have prior experience with OSINT frameworks, Shodan, Censys, or Tor automation, highlight it; it will shorten onboarding time.