v0.1.1: Major AI improvements, new security modules, and documentation fixes

## AI & CVE Improvements
- Fix AI report to display actual subdomain names instead of generic placeholders
- Add 10-year CVE filter to reduce false positives from outdated vulnerabilities
- Integrate CISA KEV (Known Exploited Vulnerabilities) database support
- Improve AI analysis prompt for more accurate security findings

## New Security Modules
- Add wildcard DNS detection with multi-phase validation (DNS + HTTP)
- Add TLS certificate analyzer for certificate chain inspection
- Add comprehensive rate limiting module for API requests
- Add retry mechanism with exponential backoff
- Add stealth mode for reduced detection during scans
- Add progress tracking module for better UX

## Code Refactoring
- Extract scanner output logic to dedicated module
- Add base source interface for consistent passive source implementation
- Reduce admin panel paths to common generic patterns only
- Improve HTTP client with connection pooling
- Add JSON output formatter

## Documentation Updates
- Correct passive source count to 20 (was incorrectly stated as 34)
- Fix AI model names: deepseek-r1:1.5b (fast) + qwen2.5-coder:7b (deep)
- Update all markdown files for consistency
- Relocate demo GIFs to assets/ directory
- Add benchmark disclaimer for test variability

## Files Changed
- 4 documentation files updated (README, AI_SETUP, BENCHMARK, EXAMPLES)
- 11 new source files added
- 12 existing files modified
This commit is contained in:
Vyntral
2025-11-21 12:00:58 +01:00
parent 2be93a0dbb
commit 45295bb262
28 changed files with 4650 additions and 882 deletions
+69 -2
View File
@@ -6,6 +6,7 @@ import (
"github.com/spf13/cobra"
"god-eye/internal/ai"
"god-eye/internal/config"
"god-eye/internal/output"
"god-eye/internal/scanner"
@@ -27,7 +28,9 @@ Examples:
god-eye -d example.com -r 1.1.1.1,8.8.8.8 Custom resolvers
god-eye -d example.com -p 80,443,8080 Custom ports to scan
god-eye -d example.com --json JSON output to stdout
god-eye -d example.com -s Silent mode (subdomains only)`,
god-eye -d example.com -s Silent mode (subdomains only)
god-eye -d example.com --stealth moderate Moderate stealth (evasion mode)
god-eye -d example.com --stealth paranoid Maximum stealth (very slow)`,
Run: func(cmd *cobra.Command, args []string) {
if cfg.Domain == "" {
fmt.Println(output.Red("[-]"), "Domain is required. Use -d flag.")
@@ -67,11 +70,75 @@ Examples:
// AI flags
rootCmd.Flags().BoolVar(&cfg.EnableAI, "enable-ai", false, "Enable AI-powered analysis with Ollama (includes CVE search)")
rootCmd.Flags().StringVar(&cfg.AIUrl, "ai-url", "http://localhost:11434", "Ollama API URL")
rootCmd.Flags().StringVar(&cfg.AIFastModel, "ai-fast-model", "phi3.5:3.8b", "Fast triage model")
rootCmd.Flags().StringVar(&cfg.AIFastModel, "ai-fast-model", "deepseek-r1:1.5b", "Fast triage model")
rootCmd.Flags().StringVar(&cfg.AIDeepModel, "ai-deep-model", "qwen2.5-coder:7b", "Deep analysis model (supports function calling)")
rootCmd.Flags().BoolVar(&cfg.AICascade, "ai-cascade", true, "Use cascade (fast triage + deep analysis)")
rootCmd.Flags().BoolVar(&cfg.AIDeepAnalysis, "ai-deep", false, "Enable deep AI analysis on all findings")
// Stealth flags
rootCmd.Flags().StringVar(&cfg.StealthMode, "stealth", "", "Stealth mode: light, moderate, aggressive, paranoid (reduces detection)")
// Database update subcommand
updateDbCmd := &cobra.Command{
Use: "update-db",
Short: "Update vulnerability databases (CISA KEV)",
Long: `Downloads and updates local vulnerability databases:
- CISA KEV (Known Exploited Vulnerabilities) - ~500KB, updated daily by CISA
The KEV database contains vulnerabilities that are actively exploited in the wild.
This data is used for instant, offline CVE lookups during scans.`,
Run: func(cmd *cobra.Command, args []string) {
fmt.Println(output.BoldCyan("🔄 Updating vulnerability databases..."))
fmt.Println()
// Update KEV
fmt.Print(output.Dim(" Downloading CISA KEV catalog... "))
kevStore := ai.GetKEVStore()
if err := kevStore.Update(); err != nil {
fmt.Println(output.Red("FAILED"))
fmt.Printf(" %s %v\n", output.Red("Error:"), err)
os.Exit(1)
}
version, count, date := kevStore.GetCatalogInfo()
fmt.Println(output.Green("OK"))
fmt.Printf(" %s %s vulnerabilities (v%s, released %s)\n",
output.Green("✓"), output.BoldWhite(fmt.Sprintf("%d", count)), version, date)
fmt.Println()
fmt.Println(output.Green("✅ Database update complete!"))
fmt.Println(output.Dim(" KEV data cached at: ~/.god-eye/kev.json"))
},
}
rootCmd.AddCommand(updateDbCmd)
// Database info subcommand
dbInfoCmd := &cobra.Command{
Use: "db-info",
Short: "Show vulnerability database status",
Run: func(cmd *cobra.Command, args []string) {
fmt.Println(output.BoldCyan("📊 Vulnerability Database Status"))
fmt.Println()
kevStore := ai.GetKEVStore()
// Check if KEV needs update
if kevStore.NeedUpdate() {
fmt.Println(output.Yellow("⚠️ CISA KEV: Not downloaded or outdated"))
fmt.Println(output.Dim(" Run 'god-eye update-db' to download"))
} else {
if err := kevStore.Load(); err != nil {
fmt.Printf("%s CISA KEV: Error loading - %v\n", output.Red("❌"), err)
} else {
version, count, date := kevStore.GetCatalogInfo()
fmt.Printf("%s CISA KEV: %s vulnerabilities\n", output.Green("✓"), output.BoldWhite(fmt.Sprintf("%d", count)))
fmt.Printf(" Version: %s | Released: %s\n", version, date)
fmt.Println(output.Dim(" Source: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"))
}
}
},
}
rootCmd.AddCommand(dbInfoCmd)
if err := rootCmd.Execute(); err != nil {
os.Exit(1)
}