🚀 God's Eye v0.1 - Initial Release

God's Eye is an ultra-fast subdomain enumeration and reconnaissance tool with AI-powered security analysis.

##  Key Features

### 🔍 Comprehensive Enumeration
- 20+ passive sources (crt.sh, Censys, URLScan, etc.)
- DNS brute-force with smart wordlists
- Wildcard detection and filtering
- 1000 concurrent workers for maximum speed

### 🌐 Deep Reconnaissance
- HTTP probing with 13+ security checks
- Port scanning (configurable)
- TLS/SSL fingerprinting
- Technology detection (Wappalyzer-style)
- WAF detection (Cloudflare, Akamai, etc.)
- Security header analysis
- JavaScript secrets extraction
- Admin panel & API discovery
- Backup file detection
- robots.txt & sitemap.xml checks

### 🎯 Subdomain Takeover Detection
- 110+ fingerprints (AWS, Azure, GitHub Pages, Heroku, etc.)
- CNAME validation
- Dead DNS detection

### 🤖 AI-Powered Analysis (NEW!)
- Local AI using Ollama - No API costs, complete privacy
- Real-time CVE detection via function calling (queries NVD database)
- Cascade architecture: phi3.5 (fast triage) + qwen2.5-coder (deep analysis)
- JavaScript security analysis
- HTTP response anomaly detection
- Executive summary reports

### 📊 Output Formats
- Pretty terminal output with colors
- JSON export
- CSV export
- TXT (simple subdomain list)
- Silent mode for piping

## 🚀 Installation

bash
go install github.com/Vyntral/god-eye@latest

## 📖 Quick Start

bash
# Basic scan
god-eye -d example.com

# With AI analysis
god-eye -d example.com --enable-ai

# Only active hosts
god-eye -d example.com --active

# Export to JSON
god-eye -d example.com -o results.json -f json

## 🎯 Use Cases
- Bug bounty reconnaissance
- Penetration testing
- Security audits
- Attack surface mapping
- Red team operations

## ⚠️ Legal Notice
This tool is for authorized security testing only. Users must obtain explicit permission before scanning any targets. Unauthorized access is illegal.

## 📄 License
MIT License with additional security tool terms - see LICENSE file

## 🙏 Credits
Built with ❤️ by Vyntral for Orizon
Powered by Go, Ollama, and the security community

---

🤖 Generated with Claude Code
https://claude.com/claude-code

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Vyntral
2025-11-20 10:41:05 +01:00
commit 6f3bc2f952
26 changed files with 8052 additions and 0 deletions
+78
View File
@@ -0,0 +1,78 @@
package main
import (
"fmt"
"os"
"github.com/spf13/cobra"
"god-eye/internal/config"
"god-eye/internal/output"
"god-eye/internal/scanner"
)
func main() {
var cfg config.Config
rootCmd := &cobra.Command{
Use: "god-eye -d <domain> [flags]",
Short: "Ultra-fast subdomain enumeration tool",
Long: `God's Eye - Ultra-fast subdomain enumeration & reconnaissance tool written in Go
Examples:
god-eye -d example.com Basic scan with all features
god-eye -d example.com --no-brute Skip DNS brute-force
god-eye -d example.com --active Only show active (HTTP 2xx/3xx)
god-eye -d example.com -o out.json -f json Export to JSON
god-eye -d example.com -r 1.1.1.1,8.8.8.8 Custom resolvers
god-eye -d example.com -p 80,443,8080 Custom ports to scan
god-eye -d example.com --json JSON output to stdout
god-eye -d example.com -s Silent mode (subdomains only)`,
Run: func(cmd *cobra.Command, args []string) {
if cfg.Domain == "" {
fmt.Println(output.Red("[-]"), "Domain is required. Use -d flag.")
cmd.Help()
os.Exit(1)
}
// Legal disclaimer
if !cfg.Silent && !cfg.JsonOutput {
fmt.Println(output.Yellow("⚠️ LEGAL NOTICE:"), "This tool is for authorized security testing only.")
fmt.Println(output.Dim(" Ensure you have explicit permission to scan"), output.BoldWhite(cfg.Domain))
fmt.Println(output.Dim(" Unauthorized access is illegal. You accept all responsibility."))
fmt.Println()
}
scanner.Run(cfg)
},
}
rootCmd.Flags().StringVarP(&cfg.Domain, "domain", "d", "", "Target domain to enumerate")
rootCmd.Flags().StringVarP(&cfg.Wordlist, "wordlist", "w", "", "Custom wordlist file path")
rootCmd.Flags().IntVarP(&cfg.Concurrency, "concurrency", "c", 1000, "Number of concurrent workers")
rootCmd.Flags().IntVarP(&cfg.Timeout, "timeout", "t", 5, "Timeout in seconds")
rootCmd.Flags().StringVarP(&cfg.Output, "output", "o", "", "Output file path")
rootCmd.Flags().StringVarP(&cfg.Format, "format", "f", "txt", "Output format (txt, json, csv)")
rootCmd.Flags().BoolVarP(&cfg.Silent, "silent", "s", false, "Silent mode (only subdomains)")
rootCmd.Flags().BoolVarP(&cfg.Verbose, "verbose", "v", false, "Verbose mode (show errors)")
rootCmd.Flags().BoolVar(&cfg.NoBrute, "no-brute", false, "Disable DNS brute-force")
rootCmd.Flags().BoolVar(&cfg.NoProbe, "no-probe", false, "Disable HTTP probing")
rootCmd.Flags().BoolVar(&cfg.NoPorts, "no-ports", false, "Disable port scanning")
rootCmd.Flags().BoolVar(&cfg.NoTakeover, "no-takeover", false, "Disable takeover detection")
rootCmd.Flags().StringVarP(&cfg.Resolvers, "resolvers", "r", "", "Custom resolvers (comma-separated)")
rootCmd.Flags().StringVarP(&cfg.Ports, "ports", "p", "", "Custom ports to scan (comma-separated)")
rootCmd.Flags().BoolVar(&cfg.OnlyActive, "active", false, "Only show active subdomains (HTTP 2xx/3xx)")
rootCmd.Flags().BoolVar(&cfg.JsonOutput, "json", false, "Output results as JSON to stdout")
// AI flags
rootCmd.Flags().BoolVar(&cfg.EnableAI, "enable-ai", false, "Enable AI-powered analysis with Ollama (includes CVE search)")
rootCmd.Flags().StringVar(&cfg.AIUrl, "ai-url", "http://localhost:11434", "Ollama API URL")
rootCmd.Flags().StringVar(&cfg.AIFastModel, "ai-fast-model", "phi3.5:3.8b", "Fast triage model")
rootCmd.Flags().StringVar(&cfg.AIDeepModel, "ai-deep-model", "qwen2.5-coder:7b", "Deep analysis model (supports function calling)")
rootCmd.Flags().BoolVar(&cfg.AICascade, "ai-cascade", true, "Use cascade (fast triage + deep analysis)")
rootCmd.Flags().BoolVar(&cfg.AIDeepAnalysis, "ai-deep", false, "Enable deep AI analysis on all findings")
if err := rootCmd.Execute(); err != nil {
os.Exit(1)
}
}