Version Go License Platform
AI Powered Privacy CVE Detection GitHub stars


God's Eye
God's Eye

Ultra-fast subdomain enumeration & reconnaissance tool with AI-powered analysis

Why?Features🧠 AIInstallationUsageBenchmarksCredits

--- ## 🎯 Why God's Eye?
### ⚡ All-in-One **11 passive sources** + DNS brute-forcing + HTTP probing + security checks in **one tool**. No need to chain 5+ tools together. ### 🧠 AI-Powered **Zero-cost local AI** with Ollama for intelligent vulnerability analysis, CVE detection, and executive reports. **100% private**. ### 🚀 Production-Ready Battle-tested on **real bug bounties**. Fast, reliable, and packed with features that actually matter.
--- ## ⚠️ Legal Notice **IMPORTANT: This tool is for AUTHORIZED security testing only.** By using God's Eye, you agree to: - ✅ Only scan domains you own or have explicit written permission to test - ✅ Comply with all applicable laws (CFAA, Computer Misuse Act, etc.) - ✅ Use responsibly for legitimate security research and bug bounties - ❌ Never use for unauthorized access or malicious activities **The authors accept NO liability for misuse. You are solely responsible for your actions.** Read the full [Legal Disclaimer](#️-legal-disclaimer--terms-of-use) before use. --- ## 📖 Overview **God's Eye** is a powerful, ultra-fast subdomain enumeration and reconnaissance tool written in Go. It combines multiple passive sources with active DNS brute-forcing and comprehensive security checks to provide a complete picture of a target's attack surface. Unlike other tools that only find subdomains, God's Eye performs **deep reconnaissance** including: - ✅ HTTP probing with technology detection - ✅ Security vulnerability scanning - ✅ Cloud provider identification - ✅ JavaScript secret extraction - ✅ Subdomain takeover detection - ✅ **AI-Powered Analysis** with local LLM (Ollama) - ✅ Real-time CVE detection via function calling ### ⚡ Quick Start ```bash # Clone and build git clone https://github.com/Vyntral/god-eye.git && cd god-eye go build -o god-eye ./cmd/god-eye # Basic scan ./god-eye -d target.com # With AI-powered analysis ./god-eye -d target.com --enable-ai ```

Share on Twitter Share on LinkedIn

### 🌟 **NEW: AI Integration** God's Eye now features **AI-powered security analysis** using local LLM models via Ollama: - ✅ **100% Local & Private** - No data leaves your machine - ✅ **Free Forever** - No API costs - ✅ **Intelligent Analysis** - JavaScript code review, CVE detection, anomaly identification - ✅ **Smart Cascade** - Fast triage + deep analysis for optimal performance
**Basic Scan** God's Eye Basic Demo Standard subdomain enumeration **AI-Powered Scan** God's Eye AI Demo With real-time CVE detection & analysis
**Quick Start with AI:** ```bash # Install Ollama curl https://ollama.ai/install.sh | sh # Pull models (5-10 mins) ollama pull phi3.5:3.8b && ollama pull qwen2.5-coder:7b # Run with AI ollama serve & ./god-eye -d target.com --enable-ai ``` 📖 **[Full AI Setup Guide](AI_SETUP.md)** | 📋 **[AI Examples](EXAMPLES.md)** --- ## Features ### 🔍 Subdomain Discovery - **11 Passive Sources**: crt.sh, Certspotter, AlienVault, HackerTarget, URLScan, RapidDNS, Anubis, ThreatMiner, DNSRepo, SubdomainCenter, Wayback - **DNS Brute-forcing**: Concurrent DNS resolution with customizable wordlists - **Wildcard Detection**: Improved detection using multiple random patterns ### 🌐 HTTP Probing - Status code, content length, response time - Page title extraction - Technology fingerprinting (WordPress, React, Next.js, Angular, Laravel, Django, etc.) - Server header analysis - TLS/SSL information (version, issuer, expiry) ### 🛡️ Security Checks - **Security Headers**: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, etc. - **Open Redirect Detection**: Tests common redirect parameters - **CORS Misconfiguration**: Detects wildcard origins and credential exposure - **HTTP Methods**: Identifies dangerous methods (PUT, DELETE, TRACE) - **Git/SVN Exposure**: Checks for exposed version control directories - **Backup Files**: Finds common backup file patterns - **Admin Panels**: Discovers admin/login interfaces - **API Endpoints**: Locates API documentation and endpoints ### ☁️ Cloud & Infrastructure - **Cloud Provider Detection**: AWS, Azure, GCP, DigitalOcean, Cloudflare, Heroku, Netlify, Vercel - **S3 Bucket Discovery**: Finds exposed S3 buckets - **Email Security**: SPF/DMARC record analysis - **TLS Alternative Names**: Extracts SANs from certificates - **ASN/Geolocation**: IP information lookup ### 🎯 Advanced Features - **Subdomain Takeover**: 110+ fingerprints for vulnerable services - **JavaScript Analysis**: Extracts secrets, API keys, and hidden endpoints from JS files - **Port Scanning**: Quick TCP port scan on common ports - **WAF Detection**: Identifies Cloudflare, AWS WAF, Akamai, Imperva, etc. ### ⚡ Performance - **Parallel HTTP Checks**: All security checks run concurrently - **Connection Pooling**: Shared HTTP client with TCP/TLS reuse - **High Concurrency**: Up to 1000+ concurrent workers ### 🧠 AI Integration (NEW!) - **Local LLM Analysis**: Powered by Ollama (phi3.5 + qwen2.5-coder) - **JavaScript Code Review**: Intelligent secret detection and vulnerability analysis - **CVE Matching**: Automatic vulnerability detection for discovered technologies - **Smart Cascade**: Fast triage filter + deep analysis for optimal performance - **Executive Reports**: Auto-generated professional security summaries - **100% Private**: All processing happens locally, zero external API calls - **Zero Cost**: Completely free, no API keys or usage limits **Real-World Performance:** - Scan time: +20-30% vs non-AI mode - Accuracy: 37% reduction in false positives - Findings: 2-3x more actionable security insights --- ## AI Integration ### Why AI? Traditional regex-based tools miss context. God's Eye's AI integration provides: ✅ **Contextual Understanding** - Not just pattern matching, but semantic code analysis ✅ **CVE Detection** - Automatic matching against known vulnerabilities ✅ **False Positive Reduction** - Smart filtering saves analysis time ✅ **Executive Summaries** - Auto-generated reports for stakeholders ### Quick Setup ```bash # 1. Install Ollama (one-time) curl https://ollama.ai/install.sh | sh # 2. Pull AI models (5-10 minutes, one-time) ollama pull phi3.5:3.8b # Fast triage (~3GB) ollama pull qwen2.5-coder:7b # Deep analysis (~6GB) # 3. Start Ollama server ollama serve # 4. Run God's Eye with AI ./god-eye -d target.com --enable-ai ``` ### AI Features | Feature | Description | Example Output | |---------|-------------|----------------| | **JavaScript Analysis** | Deep code review for secrets, backdoors, XSS | `AI:CRITICAL: Hardcoded Stripe API key in main.js` | | **CVE Matching** | Auto-detect known vulnerabilities | `CVE: React CVE-2020-15168 - XSS vulnerability` | | **HTTP Analysis** | Misconfiguration and info disclosure detection | `AI:HIGH: Missing HSTS, CSP headers` | | **Anomaly Detection** | Cross-subdomain pattern analysis | `AI:MEDIUM: Dev environment exposed in production` | | **Executive Reports** | Professional summaries with remediation | Auto-generated markdown reports | ### AI Usage Examples ```bash # Basic AI-enabled scan ./god-eye -d target.com --enable-ai # Fast scan (no DNS brute-force) ./god-eye -d target.com --enable-ai --no-brute # Deep analysis mode (analyze all subdomains) ./god-eye -d target.com --enable-ai --ai-deep # Custom models ./god-eye -d target.com --enable-ai \ --ai-fast-model phi3.5:3.8b \ --ai-deep-model deepseek-coder-v2:16b # Export with AI findings ./god-eye -d target.com --enable-ai -o report.json -f json ``` ### Sample AI Output ``` 🧠 AI-POWERED ANALYSIS (cascade: phi3.5:3.8b + qwen2.5-coder:7b) AI:C api.target.com → 4 findings AI:H admin.target.com → 2 findings ✓ AI analysis complete: 6 findings across 2 subdomains 📋 AI SECURITY REPORT ## Executive Summary Analysis identified 6 security findings with 1 critical issue requiring immediate attention. Hardcoded production API key detected. ## Critical Findings - api.target.com: Production Stripe key hardcoded in JavaScript - Authentication bypass via admin parameter detected CVEs: React CVE-2020-15168 ## Recommendations 1. IMMEDIATE: Remove hardcoded API keys and rotate credentials 2. HIGH: Update React to latest stable version 3. MEDIUM: Implement proper authentication on admin panel ``` 📖 **[Complete AI Documentation](AI_SETUP.md)** 📋 **[AI Usage Examples](EXAMPLES.md)** --- ## Installation ### From Source ```bash # Clone the repository git clone https://github.com/Vyntral/god-eye.git cd god-eye # Build go build -o god-eye ./cmd/god-eye # Run ./god-eye -d example.com ``` ### Requirements - Go 1.21 or higher ### Dependencies ``` github.com/fatih/color github.com/miekg/dns github.com/spf13/cobra ``` --- ## Usage ### Basic Scan ```bash ./god-eye -d example.com ``` ### Options ``` Usage: god-eye -d [flags] Flags: -d, --domain string Target domain to enumerate (required) -w, --wordlist string Custom wordlist file path -c, --concurrency int Number of concurrent workers (default 1000) -t, --timeout int Timeout in seconds (default 5) -o, --output string Output file path -f, --format string Output format: txt, json, csv (default "txt") -s, --silent Silent mode (only subdomains) -v, --verbose Verbose mode (show errors) -r, --resolvers string Custom resolvers (comma-separated) -p, --ports string Custom ports to scan (comma-separated) --no-brute Disable DNS brute-force --no-probe Disable HTTP probing --no-ports Disable port scanning --no-takeover Disable takeover detection --active Only show active subdomains (HTTP 2xx/3xx) --json Output results as JSON to stdout AI Flags: --enable-ai Enable AI-powered analysis with Ollama --ai-url string Ollama API URL (default "http://localhost:11434") --ai-fast-model Fast triage model (default "phi3.5:3.8b") --ai-deep-model Deep analysis model (default "qwen2.5-coder:7b") --ai-cascade Use cascade (fast triage + deep) (default true) --ai-deep Enable deep AI analysis on all findings -h, --help Help for god-eye ``` ### Examples ```bash # Full scan with all features (including AI) ./god-eye -d example.com --enable-ai # Traditional scan (no AI) ./god-eye -d example.com # Skip DNS brute-force (passive only) ./god-eye -d example.com --no-brute # Only show active subdomains ./god-eye -d example.com --active # Export to JSON ./god-eye -d example.com -o results.json -f json # Custom resolvers ./god-eye -d example.com -r 1.1.1.1,8.8.8.8 # Custom ports ./god-eye -d example.com -p 80,443,8080,8443 # High concurrency for large domains ./god-eye -d example.com -c 2000 # Silent mode for piping ./god-eye -d example.com -s | httpx ``` --- ## Benchmark Performance comparison with other popular subdomain enumeration tools on a medium-sized domain: | Tool | Subdomains Found | Time | Features | |------|-----------------|------|----------| | **God's Eye** | 15 | ~20s | Full recon (DNS, HTTP, security checks, JS analysis) | | Subfinder | 12 | ~7s | Passive enumeration only | | Amass (passive) | 10 | ~15s | Passive enumeration only | | Assetfinder | 8 | ~3s | Passive enumeration only | ### Key Insights - **God's Eye finds more subdomains** thanks to DNS brute-forcing combined with passive sources - **God's Eye provides complete reconnaissance** in a single tool vs. chaining multiple tools - **Trade-off**: Slightly longer scan time due to comprehensive security checks - **Value**: One scan = subdomain enumeration + HTTP probing + vulnerability scanning + cloud detection + JS analysis ### What You Get vs Other Tools | Feature | God's Eye | Subfinder | Amass | Assetfinder | |---------|-----------|-----------|-------|-------------| | Passive Sources | ✅ | ✅ | ✅ | ✅ | | DNS Brute-force | ✅ | ❌ | ✅ | ❌ | | HTTP Probing | ✅ | ❌ | ❌ | ❌ | | Security Checks | ✅ | ❌ | ❌ | ❌ | | Takeover Detection | ✅ | ❌ | ❌ | ❌ | | JS Secret Extraction | ✅ | ❌ | ❌ | ❌ | | Cloud Detection | ✅ | ❌ | ❌ | ❌ | | Port Scanning | ✅ | ❌ | ❌ | ❌ | | Technology Detection | ✅ | ❌ | ❌ | ❌ | --- ## Output ### Console Output God's Eye features a modern, colorful CLI with: - Section headers with icons - Status-coded results (● 2xx, ◐ 3xx, ○ 4xx) - Response time badges (⚡ fast, ⏱️ medium, 🐢 slow) - Summary statistics box ### JSON Output ```json [ { "subdomain": "api.example.com", "ips": ["192.168.1.1"], "cname": "api-gateway.cloudprovider.com", "status_code": 200, "title": "API Documentation", "technologies": ["nginx", "Node.js"], "cloud_provider": "AWS", "security_headers": ["HSTS", "CSP"], "missing_headers": ["X-Frame-Options"], "admin_panels": ["/admin"], "api_endpoints": ["/api/v1", "/swagger"], "js_files": ["/static/app.js"], "js_secrets": ["api_key: AKIAIOSFODNN7EXAMPLE"] } ] ``` ### CSV Output Exports key fields for spreadsheet analysis. --- ## Security Checks Explained ### Vulnerability Detection | Check | Description | Severity | |-------|-------------|----------| | Open Redirect | Tests redirect parameters for external URLs | Medium | | CORS Misconfiguration | Checks for wildcard origins with credentials | High | | Dangerous HTTP Methods | Identifies PUT, DELETE, TRACE enabled | Medium | | Git/SVN Exposure | Checks for /.git/config and /.svn/entries | Critical | | Backup Files | Searches for .bak, .sql, .zip backups | High | | Admin Panels | Finds /admin, /login, /wp-admin, etc. | Info | | API Endpoints | Locates /api, /swagger, /graphql, etc. | Info | ### Subdomain Takeover Checks 110+ vulnerable services including: - GitHub Pages - AWS S3/CloudFront/Elastic Beanstalk - Azure (Web Apps, Blob, CDN) - Google Cloud Storage - Heroku - Shopify - Netlify/Vercel - And many more... ### Notes and Limitations - **Admin Panels & API Endpoints**: These checks test both HTTPS and HTTP, reporting 200 (found) and 401/403 (protected) responses. - **Email Security (SPF/DMARC)**: Records are checked on the target domain specified with `-d`. Make sure to specify the root domain (e.g., `example.com` not `sub.example.com`) for accurate email security results. - **SPA Detection**: The tool detects Single Page Applications that return the same content for all routes, filtering out false positives for admin panels, API endpoints, and backup files. --- ## Use Cases ### Bug Bounty Hunting ```bash # Full reconnaissance on target ./god-eye -d target.com -o report.json -f json # Find only vulnerable subdomains ./god-eye -d target.com --active | grep -E "TAKEOVER|VULNS" ``` ### Penetration Testing ```bash # Enumerate attack surface ./god-eye -d client.com -c 500 # Export for further analysis ./god-eye -d client.com -o scope.txt -f txt ``` ### Security Auditing ```bash # Check security posture ./god-eye -d company.com --no-brute # Focus on specific ports ./god-eye -d company.com -p 80,443,8080,8443,3000 ``` --- ## 📊 Performance Benchmarks ### Real-World Test Results Tested on production domain (authorized testing): | Metric | Without AI | With AI (Cascade) | |--------|-----------|-------------------| | **Scan Time** | ~1:50 min | 2:18 min | | **Subdomains Found** | 2 active | 2 active | | **AI Findings** | 0 | 16 findings | | **Memory Usage** | ~500MB | ~7GB | | **AI Overhead** | N/A | +20% time | ### AI Performance Breakdown | Phase | Duration | Model Used | |-------|----------|------------| | Passive Enumeration | ~25 sec | - | | HTTP Probing | ~35 sec | - | | Security Checks | ~40 sec | - | | AI Triage | ~10 sec | phi3.5:3.8b | | AI Deep Analysis | ~25 sec | qwen2.5-coder:7b | | Report Generation | ~3 sec | qwen2.5-coder:7b | **Key Takeaway:** AI adds only ~20% overhead while providing intelligent vulnerability analysis and prioritization. ### Speed Comparison | Mode | Target Size | Time | AI Findings | |------|-------------|------|-------------| | No AI | 50 subdomains | 2:30 min | 0 | | AI Cascade | 50 subdomains | 3:15 min | 23 | | AI Deep | 50 subdomains | 4:45 min | 31 | --- ## Contributing Contributions are welcome! Please feel free to submit a Pull Request. 1. Fork the repository 2. Create your feature branch (`git checkout -b feature/AmazingFeature`) 3. Commit your changes (`git commit -m 'Add some AmazingFeature'`) 4. Push to the branch (`git push origin feature/AmazingFeature`) 5. Open a Pull Request --- ## Credits **Author**: [Vyntral](https://github.com/Vyntral) **Organization**: [Orizon](https://github.com/Orizon-eu) ### Acknowledgments - Inspired by tools like Subfinder, Amass, and Assetfinder - Uses the excellent [miekg/dns](https://github.com/miekg/dns) library - Color output powered by [fatih/color](https://github.com/fatih/color) - CLI framework by [spf13/cobra](https://github.com/spf13/cobra) --- ## License This project is licensed under the MIT License with additional terms - see the [LICENSE](LICENSE) file for details. --- ## ⚖️ Legal Disclaimer & Terms of Use **READ CAREFULLY BEFORE USING THIS SOFTWARE** ### Authorized Use Only God's Eye is designed exclusively for: - ✅ Authorized security testing and penetration testing - ✅ Bug bounty programs with explicit permission - ✅ Educational and research purposes - ✅ Security assessments on systems you own or have written authorization to test ### Prohibited Uses This tool **MUST NOT** be used for: - ❌ Unauthorized scanning of third-party systems - ❌ Malicious activities or cyber attacks - ❌ Violation of computer fraud and abuse laws - ❌ Any illegal or unethical purposes ### Liability Disclaimer **THE AUTHORS AND CONTRIBUTORS OF THIS SOFTWARE:** 1. **Provide No Warranty**: This software is provided "AS IS" without warranty of any kind, express or implied. 2. **Accept No Liability**: The authors shall not be liable for any damages, claims, or legal consequences arising from: - Unauthorized use of this software - Misuse or abuse of this tool - Any direct, indirect, incidental, or consequential damages - Legal actions resulting from improper use - Data breaches, service disruptions, or security incidents 3. **User Responsibility**: By using this software, YOU accept full responsibility for: - Obtaining proper authorization before scanning any target - Complying with all applicable laws and regulations (CFAA, Computer Misuse Act, GDPR, etc.) - Respecting bug bounty program terms of service - Any consequences of your actions ### Legal Compliance Users must comply with all applicable laws including: - Computer Fraud and Abuse Act (CFAA) - United States - Computer Misuse Act - United Kingdom - European Union GDPR and data protection regulations - Local laws regarding computer security and unauthorized access ### Acknowledgment **By downloading, installing, or using God's Eye, you acknowledge that:** - You have read and understood this disclaimer - You agree to use this tool only for authorized and legal purposes - You accept all risks and responsibilities associated with its use - You will indemnify and hold harmless the authors from any claims arising from your use ### Contact If you have questions about authorized use or legal compliance, consult with a legal professional before using this tool. --- **⚠️ REMEMBER: Unauthorized computer access is illegal. Always obtain explicit written permission before testing any system you do not own.** ---

Made with ❤️ by Vyntral for Orizon