mirror of
https://github.com/Vyntral/god-eye.git
synced 2026-07-08 05:07:48 +02:00
v0.1.1: Major AI improvements, new security modules, and documentation fixes
## AI & CVE Improvements - Fix AI report to display actual subdomain names instead of generic placeholders - Add 10-year CVE filter to reduce false positives from outdated vulnerabilities - Integrate CISA KEV (Known Exploited Vulnerabilities) database support - Improve AI analysis prompt for more accurate security findings ## New Security Modules - Add wildcard DNS detection with multi-phase validation (DNS + HTTP) - Add TLS certificate analyzer for certificate chain inspection - Add comprehensive rate limiting module for API requests - Add retry mechanism with exponential backoff - Add stealth mode for reduced detection during scans - Add progress tracking module for better UX ## Code Refactoring - Extract scanner output logic to dedicated module - Add base source interface for consistent passive source implementation - Reduce admin panel paths to common generic patterns only - Improve HTTP client with connection pooling - Add JSON output formatter ## Documentation Updates - Correct passive source count to 20 (was incorrectly stated as 34) - Fix AI model names: deepseek-r1:1.5b (fast) + qwen2.5-coder:7b (deep) - Update all markdown files for consistency - Relocate demo GIFs to assets/ directory - Add benchmark disclaimer for test variability ## Files Changed - 4 documentation files updated (README, AI_SETUP, BENCHMARK, EXAMPLES) - 11 new source files added - 12 existing files modified
This commit is contained in:
+69
-2
@@ -6,6 +6,7 @@ import (
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"god-eye/internal/ai"
|
||||
"god-eye/internal/config"
|
||||
"god-eye/internal/output"
|
||||
"god-eye/internal/scanner"
|
||||
@@ -27,7 +28,9 @@ Examples:
|
||||
god-eye -d example.com -r 1.1.1.1,8.8.8.8 Custom resolvers
|
||||
god-eye -d example.com -p 80,443,8080 Custom ports to scan
|
||||
god-eye -d example.com --json JSON output to stdout
|
||||
god-eye -d example.com -s Silent mode (subdomains only)`,
|
||||
god-eye -d example.com -s Silent mode (subdomains only)
|
||||
god-eye -d example.com --stealth moderate Moderate stealth (evasion mode)
|
||||
god-eye -d example.com --stealth paranoid Maximum stealth (very slow)`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
if cfg.Domain == "" {
|
||||
fmt.Println(output.Red("[-]"), "Domain is required. Use -d flag.")
|
||||
@@ -67,11 +70,75 @@ Examples:
|
||||
// AI flags
|
||||
rootCmd.Flags().BoolVar(&cfg.EnableAI, "enable-ai", false, "Enable AI-powered analysis with Ollama (includes CVE search)")
|
||||
rootCmd.Flags().StringVar(&cfg.AIUrl, "ai-url", "http://localhost:11434", "Ollama API URL")
|
||||
rootCmd.Flags().StringVar(&cfg.AIFastModel, "ai-fast-model", "phi3.5:3.8b", "Fast triage model")
|
||||
rootCmd.Flags().StringVar(&cfg.AIFastModel, "ai-fast-model", "deepseek-r1:1.5b", "Fast triage model")
|
||||
rootCmd.Flags().StringVar(&cfg.AIDeepModel, "ai-deep-model", "qwen2.5-coder:7b", "Deep analysis model (supports function calling)")
|
||||
rootCmd.Flags().BoolVar(&cfg.AICascade, "ai-cascade", true, "Use cascade (fast triage + deep analysis)")
|
||||
rootCmd.Flags().BoolVar(&cfg.AIDeepAnalysis, "ai-deep", false, "Enable deep AI analysis on all findings")
|
||||
|
||||
// Stealth flags
|
||||
rootCmd.Flags().StringVar(&cfg.StealthMode, "stealth", "", "Stealth mode: light, moderate, aggressive, paranoid (reduces detection)")
|
||||
|
||||
// Database update subcommand
|
||||
updateDbCmd := &cobra.Command{
|
||||
Use: "update-db",
|
||||
Short: "Update vulnerability databases (CISA KEV)",
|
||||
Long: `Downloads and updates local vulnerability databases:
|
||||
- CISA KEV (Known Exploited Vulnerabilities) - ~500KB, updated daily by CISA
|
||||
|
||||
The KEV database contains vulnerabilities that are actively exploited in the wild.
|
||||
This data is used for instant, offline CVE lookups during scans.`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
fmt.Println(output.BoldCyan("🔄 Updating vulnerability databases..."))
|
||||
fmt.Println()
|
||||
|
||||
// Update KEV
|
||||
fmt.Print(output.Dim(" Downloading CISA KEV catalog... "))
|
||||
kevStore := ai.GetKEVStore()
|
||||
if err := kevStore.Update(); err != nil {
|
||||
fmt.Println(output.Red("FAILED"))
|
||||
fmt.Printf(" %s %v\n", output.Red("Error:"), err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
version, count, date := kevStore.GetCatalogInfo()
|
||||
fmt.Println(output.Green("OK"))
|
||||
fmt.Printf(" %s %s vulnerabilities (v%s, released %s)\n",
|
||||
output.Green("✓"), output.BoldWhite(fmt.Sprintf("%d", count)), version, date)
|
||||
fmt.Println()
|
||||
fmt.Println(output.Green("✅ Database update complete!"))
|
||||
fmt.Println(output.Dim(" KEV data cached at: ~/.god-eye/kev.json"))
|
||||
},
|
||||
}
|
||||
rootCmd.AddCommand(updateDbCmd)
|
||||
|
||||
// Database info subcommand
|
||||
dbInfoCmd := &cobra.Command{
|
||||
Use: "db-info",
|
||||
Short: "Show vulnerability database status",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
fmt.Println(output.BoldCyan("📊 Vulnerability Database Status"))
|
||||
fmt.Println()
|
||||
|
||||
kevStore := ai.GetKEVStore()
|
||||
|
||||
// Check if KEV needs update
|
||||
if kevStore.NeedUpdate() {
|
||||
fmt.Println(output.Yellow("⚠️ CISA KEV: Not downloaded or outdated"))
|
||||
fmt.Println(output.Dim(" Run 'god-eye update-db' to download"))
|
||||
} else {
|
||||
if err := kevStore.Load(); err != nil {
|
||||
fmt.Printf("%s CISA KEV: Error loading - %v\n", output.Red("❌"), err)
|
||||
} else {
|
||||
version, count, date := kevStore.GetCatalogInfo()
|
||||
fmt.Printf("%s CISA KEV: %s vulnerabilities\n", output.Green("✓"), output.BoldWhite(fmt.Sprintf("%d", count)))
|
||||
fmt.Printf(" Version: %s | Released: %s\n", version, date)
|
||||
fmt.Println(output.Dim(" Source: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"))
|
||||
}
|
||||
}
|
||||
},
|
||||
}
|
||||
rootCmd.AddCommand(dbInfoCmd)
|
||||
|
||||
if err := rootCmd.Execute(); err != nil {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user