+ 
+ 
+ 
+
+
+ 
+
+ Every scan ends with an AI SCAN BRIEF β severity totals, top exploitable chains, executive summary, and recommended next actions β framed in the terminal. Recorded live on scanme.nmap.org, models served by local Ollama.
+
+
+ Target: scanme.nmap.org Β· Nmap's authorized test host Β·
+ Date: 2026-04-18 Β·
+ Hardware: Apple M1 Pro Β· 16 GB RAM Β· Go 1.21 Β· macOS 25.4 Β·
+ Binary: God's Eye v2.0-dev @ v2-dev
+
+
+ Built the binary yet? go build -o god-eye ./cmd/god-eye β then pick a recipe.
+
- 
- 
+ 
+
+ 
+
+ Zero-flag launch β AI tier β model check β target β profile β live scan. Recorded live against scanme.nmap.org.
+
+ 
+ 
- 
-
- 
- 
- 
- 
-blueviolet.svg?style=for-the-badge&logo=ollama){kind=icon}
+ 
+ 
+ 
+ 
- - Why? β’ - Features β’ - π§ AI β’ - Installation β’ - Usage β’ - Benchmarks β’ - Credits + β‘ Quick start β’ + Why β’ + Features β’ + Wizard β’ + AI β’ + Live benchmark β’ + vs. competitors β’ + Legal
--- -## π― Why God's Eye? - -| - -### β‘ All-in-One -**20 passive sources** + DNS brute-forcing + HTTP probing + security checks in **one tool**. No need to chain 5+ tools together. - - | -- -### π§ AI-Powered -**Zero-cost local AI** with Ollama for intelligent vulnerability analysis, CVE detection, and executive reports. **100% private**. - - | -- -### π Production-Ready -Battle-tested on **real bug bounties**. Fast, reliable, and packed with features that actually matter. - - | -
- 
+ Live colorized event stream β every finding appears as it's discovered. +
-God's Eye now features **AI-powered security analysis** using local LLM models via Ollama: -- β **100% Local & Private** - No data leaves your machine -- β **Free Forever** - No API costs -- β **Intelligent Analysis** - JavaScript code review, CVE detection, anomaly identification -- β **Smart Cascade** - Fast triage + deep analysis for optimal performance +--- + +## π What it finds + +### π°οΈ Discovery β 11 module types, 26 passive sources + +
-
-**Basic Scan**
-
-Standard subdomain enumeration
-
- |
-
-
-**AI-Powered Scan**
-
-With real-time CVE detection & analysis
-
- |
-
| Header audit | HSTS Β· CSP Β· X-Frame-Options Β· X-Content-Type-Options Β· Referrer-Policy Β· Permissions-Policy. OWASP-aligned with remediation text. |
| Surface misconfigs | Open redirect Β· CORS wildcards Β· dangerous HTTP methods Β· Git/SVN exposure Β· backup-file discovery Β· admin/API-endpoint enumeration |
| Takeover | 110+ fingerprints: GitHub Pages, S3, CloudFront, Heroku, Netlify, Vercel, Azure Web Apps, Shopify, β¦ |
| GraphQL | Introspection enabled detection + mutation-enabled flag (v2 native) |
| JWT | alg=none, excessive expiry, kid-injection, weak-HMAC crack (v2 native) |
| HTTP smuggling | CL.TE / TE.CL timing probe, non-destructive (v2 native, opt-in) |
| Cloud assets | S3 / GCS / Azure Blob / Firebase enumeration |
| Secret extraction | Regex + entropy + validation. FP denylist for third-party APIs and UI strings. |
| Nuclei compat | ~13k community templates, HTTP subset, auto-scope-filtered (no off-host false positives) |
- Made with β€οΈ by Vyntral for Orizon + Every number in this README is reproducible. No marketing fluff, no synthetic benchmarks, no vendor lock-in. Just a single Go binary, your local machine, and the targets you're authorized to test.
diff --git a/SECURITY.md b/SECURITY.md index e7e6c53..b3f8a29 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,129 +1,140 @@ -# Security Policy +# π‘οΈ Security Policy & Responsible Use -## Responsible Use ++ + God's Eye is a serious offensive-security tool. + It finds real vulnerabilities on real targets. + Use it only on systems you own or have written permission to test. + +
-God's Eye is a powerful security reconnaissance tool. With great power comes great responsibility. +--- -### Ethical Guidelines +## Why this doc exists + +God's Eye v2 can do damage. The same pipeline that surfaces a critical CVE correlation on your own asset will surface it just as well on your ex-employer's infrastructure β and the latter is a crime. This document sets the boundary between useful and illegal use, and it explains how to report vulnerabilities **in the tool itself** when you find them. + +--- + +## Responsible use + +### Ethical guidelines β **DO:** -- Use for authorized penetration testing -- Participate in bug bounty programs -- Conduct security research on your own systems -- Help improve security through responsible disclosure -- Follow coordinated vulnerability disclosure processes +- Use for **authorized** penetration testing engagements +- Participate in bug-bounty programs **within their declared scope** +- Conduct security research on systems **you own** or have **written permission** to test +- Help improve defense through responsible disclosure +- Follow coordinated vulnerability-disclosure processes β **DO NOT:** - Scan systems without explicit permission -- Use for malicious purposes -- Violate terms of service -- Attempt unauthorized access -- Sell or distribute scan results without authorization +- Chain vulnerabilities or exfiltrate data on targets you don't own +- Violate bug-bounty program terms of service +- Use God's Eye for initial access, lateral movement, or persistence on unauthorized systems +- Sell or republish scan results without the asset owner's consent -## Reporting Security Issues +--- -### Vulnerability Disclosure +## Reporting Security Issues *in God's Eye itself* -If you discover a security vulnerability in God's Eye itself, please report it responsibly: +If you discover a vulnerability in the tool (e.g., input injection via the CLI, SSRF in a fetch module, prompt injection against the AI layer), report it **privately**. -1. **DO NOT** open a public issue -2. Email the maintainers privately (see GitHub profile for contact) -3. Provide detailed information: - - Description of the vulnerability - - Steps to reproduce - - Potential impact - - Suggested fix (if any) +1. **DO NOT** open a public GitHub issue. +2. Email the maintainer or open a private security advisory on the repository. +3. Include: + - Affected component (package path + version or branch) + - Reproduction steps + - Impact assessment + - Suggested fix if available ### Response Timeline -- **Acknowledgment**: Within 48 hours -- **Initial Assessment**: Within 7 days -- **Fix Development**: Depends on severity -- **Public Disclosure**: After fix is released +| Stage | Target | +|--------------------|-----------------------------------------| +| Acknowledgment | Within 48 hours | +| Initial assessment | Within 7 days | +| Fix development | Driven by severity (24h critical β 30d low) | +| Public disclosure | After a patched release | + +--- ## Security Best Practices ### For Users -1. **Always verify authorization** before scanning -2. **Keep the tool updated** to latest version -3. **Use in controlled environments** when testing -4. **Respect rate limits** to avoid service disruption -5. **Secure your scan results** - they may contain sensitive data +1. **Always verify authorization** before scanning. +2. **Keep the tool updated** β v2 modules add new probe types that may break old rules of engagement you had in place. +3. **Scope the AI layer** β AI modules send finding evidence to the LLM. With the default Ollama path this stays on your machine, but if you swap in a cloud provider later, make sure your ROE permits that. +4. **Respect rate limits** β adaptive per-host limiting is built in, but some targets have hard ceilings; honor them. +5. **Secure your scan results** β output files may contain exposed credentials, internal hostnames, CVE mappings. -### For Developers +### For Contributors -1. **Review code changes** for security implications -2. **Follow secure coding practices** -3. **Test thoroughly** before releasing -4. **Document security-relevant changes** -5. **Never commit credentials** or sensitive data +1. Review module code for SSRF, command injection, and path traversal before merging. +2. Never log raw secrets. The `secrets.Kind` field is redacted by default; don't bypass redaction in new modules. +3. Keep network-dependent tests behind `-tags integration` so CI doesn't leak traffic to third parties. +4. Add new probe types to the ROE-impact note in the release changelog. + +--- ## Compliance -### Legal Requirements +Users must comply with all laws applicable to them, including: -Users must comply with: - -- **United States**: Computer Fraud and Abuse Act (CFAA), 18 U.S.C. Β§ 1030 -- **European Union**: GDPR, ePrivacy Directive, NIS2 Directive -- **United Kingdom**: Computer Misuse Act 1990 -- **International**: Budapest Convention on Cybercrime -- **Local laws**: All applicable regional regulations +- **United States** β Computer Fraud and Abuse Act (CFAA), 18 U.S.C. Β§ 1030 +- **European Union** β GDPR, NIS2 Directive +- **United Kingdom** β Computer Misuse Act 1990 +- **International** β Budapest Convention on Cybercrime +- **Local** β anything stricter than the above in your jurisdiction ### Bug Bounty Programs -When using God's Eye for bug bounty hunting: +When using God's Eye in a bug-bounty context: -1. β Read and follow program rules -2. β Respect scope limitations -3. β Avoid testing production systems unless explicitly allowed -4. β Report findings through proper channels -5. β Do not publicly disclose before program authorization +1. Read the program's scope, **including out-of-scope paths**. +2. Respect "no automated scanning" rules β several modules (brute-force, permutation, smuggling probe) qualify. +3. Never test in production unless the program explicitly permits it. +4. Submit findings through the program's channel, not publicly. +5. Disclose only after authorization. + +--- ## Data Protection -### Handling Scan Results - Scan results may contain sensitive information: -- Private IP addresses -- Technology stack details -- Potential vulnerabilities -- Configuration information +- Private IP addresses and internal hostnames +- Technology stack details with exact versions +- Identified vulnerabilities and working PoCs +- Cloud asset metadata -**Your Responsibilities:** +**Your responsibilities:** -1. Store results securely -2. Encrypt sensitive data -3. Delete when no longer needed -4. Do not share without authorization -5. Comply with GDPR and data protection laws +1. Encrypt scan results at rest. +2. Delete them when no longer needed. +3. Do not share outside the engagement without the asset owner's consent. +4. Comply with data-protection laws applicable to the target's jurisdiction. + +--- ## Disclaimer **NO WARRANTY**: This software is provided "AS IS" without warranty of any kind. -**NO LIABILITY**: The authors are not responsible for: +**NO LIABILITY**: The author is not responsible for: - Misuse of this tool - Unauthorized access attempts - Legal consequences of improper use -- Data breaches or security incidents +- Data breaches or service disruptions caused by your scans - Any damages arising from use **USER RESPONSIBILITY**: You are solely responsible for ensuring: - You have proper authorization -- Your use complies with all laws +- Your use complies with all applicable laws - You accept all risks -- You will not hold authors liable - -## Contact - -For security-related questions: -- Check the [LICENSE](LICENSE) file for legal terms -- Review the [README](README.md) for usage guidelines -- Contact maintainers through GitHub for private security reports +- You will not hold the author liable --- -**Remember: Unauthorized computer access is illegal. Always get permission first.** +**Remember: unauthorized computer access is illegal. Always get written permission first.**