Vyntral
|
14c26dc726
|
feat: Add Multi-Agent AI Orchestration with 8 specialized agents
- Implement 8 specialized AI agents (XSS, SQLi, Auth, API, Crypto, Secrets, Headers, General)
- Add fast type-based routing for finding classification
- Include OWASP-aligned knowledge bases per agent
- Add agent handoff logic for cross-vulnerability detection
- Optimize timeouts and parallelism for local LLM
- Add new modules: cache, network, fingerprint, secrets, cloud, API, discovery
- Update documentation with multi-agent feature
|
2025-11-21 15:23:11 +01:00 |
|
Vyntral
|
b1bf119c82
|
v0.1.1: Major AI improvements, new security modules, and documentation fixes
## AI & CVE Improvements
- Fix AI report to display actual subdomain names instead of generic placeholders
- Add 10-year CVE filter to reduce false positives from outdated vulnerabilities
- Integrate CISA KEV (Known Exploited Vulnerabilities) database support
- Improve AI analysis prompt for more accurate security findings
## New Security Modules
- Add wildcard DNS detection with multi-phase validation (DNS + HTTP)
- Add TLS certificate analyzer for certificate chain inspection
- Add comprehensive rate limiting module for API requests
- Add retry mechanism with exponential backoff
- Add stealth mode for reduced detection during scans
- Add progress tracking module for better UX
## Code Refactoring
- Extract scanner output logic to dedicated module
- Add base source interface for consistent passive source implementation
- Reduce admin panel paths to common generic patterns only
- Improve HTTP client with connection pooling
- Add JSON output formatter
## Documentation Updates
- Correct passive source count to 20 (was incorrectly stated as 34)
- Fix AI model names: deepseek-r1:1.5b (fast) + qwen2.5-coder:7b (deep)
- Update all markdown files for consistency
- Relocate demo GIFs to assets/ directory
- Add benchmark disclaimer for test variability
## Files Changed
- 4 documentation files updated (README, AI_SETUP, BENCHMARK, EXAMPLES)
- 11 new source files added
- 12 existing files modified
|
2025-11-21 12:00:58 +01:00 |
|
Vyntral
|
123d6123c4
|
🚀 God's Eye v0.1.0 - AI-Powered Subdomain Reconnaissance
Initial public release of God's Eye - an AI-powered subdomain enumeration and reconnaissance tool.
## Key Features
**AI-Powered Analysis:**
- Local LLM integration via Ollama (100% private, zero API costs)
- Real-time CVE detection using function calling
- Smart cascade: fast triage (phi3.5:3.8b) + deep analysis (qwen2.5-coder:7b)
- JavaScript code security review
- Anomaly identification and executive summaries
**Reconnaissance:**
- 11 passive enumeration sources (crt.sh, SecurityTrails, Shodan, etc.)
- Active DNS brute-forcing with customizable wordlists
- HTTP/HTTPS probing with technology detection
- Subdomain takeover detection
- Cloud provider identification
- JavaScript secret extraction
- Port scanning and service detection
**Production-Ready:**
- Battle-tested on real bug bounties
- Concurrent execution with rate limiting
- Multiple output formats (JSON, CSV, TXT)
- Cross-platform support (macOS, Linux, Windows)
- Comprehensive error handling
## Documentation
- Complete README with usage examples
- AI Setup Guide (AI_SETUP.md)
- Performance benchmarks (BENCHMARK.md)
- Security policy (SECURITY.md)
- Professional demo GIFs showing basic and AI-powered scans
## Technical Stack
- Language: Go 1.21+
- AI: Ollama (local LLM inference)
- Architecture: Modular, extensible design
- License: MIT
---
Made with ❤️ by @Vyntral for Orizon
https://github.com/Vyntral/god-eye
|
2025-11-20 12:49:54 +01:00 |
|
Vyntral
|
14718dd75f
|
🚀 God's Eye v0.1 - Initial Release
God's Eye is an ultra-fast subdomain enumeration and reconnaissance tool with AI-powered security analysis.
## ✨ Key Features
### 🔍 Comprehensive Enumeration
- 20+ passive sources (crt.sh, Censys, URLScan, etc.)
- DNS brute-force with smart wordlists
- Wildcard detection and filtering
- 1000 concurrent workers for maximum speed
### 🌐 Deep Reconnaissance
- HTTP probing with 13+ security checks
- Port scanning (configurable)
- TLS/SSL fingerprinting
- Technology detection (Wappalyzer-style)
- WAF detection (Cloudflare, Akamai, etc.)
- Security header analysis
- JavaScript secrets extraction
- Admin panel & API discovery
- Backup file detection
- robots.txt & sitemap.xml checks
### 🎯 Subdomain Takeover Detection
- 110+ fingerprints (AWS, Azure, GitHub Pages, Heroku, etc.)
- CNAME validation
- Dead DNS detection
### 🤖 AI-Powered Analysis (NEW!)
- Local AI using Ollama - No API costs, complete privacy
- Real-time CVE detection via function calling (queries NVD database)
- Cascade architecture: phi3.5 (fast triage) + qwen2.5-coder (deep analysis)
- JavaScript security analysis
- HTTP response anomaly detection
- Executive summary reports
### 📊 Output Formats
- Pretty terminal output with colors
- JSON export
- CSV export
- TXT (simple subdomain list)
- Silent mode for piping
## 🚀 Installation
bash
go install github.com/Vyntral/god-eye@latest
## 📖 Quick Start
bash
# Basic scan
god-eye -d example.com
# With AI analysis
god-eye -d example.com --enable-ai
# Only active hosts
god-eye -d example.com --active
# Export to JSON
god-eye -d example.com -o results.json -f json
## 🎯 Use Cases
- Bug bounty reconnaissance
- Penetration testing
- Security audits
- Attack surface mapping
- Red team operations
## ⚠️ Legal Notice
This tool is for authorized security testing only. Users must obtain explicit permission before scanning any targets. Unauthorized access is illegal.
## 📄 License
MIT License with additional security tool terms - see LICENSE file
## 🙏 Credits
Built with ❤️ by Vyntral for Orizon
Powered by Go, Ollama, and the security community
---
🤖 Generated with Claude Code
https://claude.com/claude-code
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-11-20 10:41:05 +01:00 |
|