# πŸ—ΊοΈ God's Eye v2 β€” Feature Map > Living document. What's shipped Β· what's in progress Β· what's planned. > If you're about to build on a feature, **check its status here first**. **Status legend:** - βœ… implemented and tested with `-race` - 🟑 implemented, awaiting integration-level testing on live targets - πŸ”΅ skeleton in place (interfaces + scaffolding), body pending - πŸ“‹ planned (design drafted, not yet written) - ❌ intentionally deferred or declined --- ## At-a-glance | Fase | Theme | Status | |------|------------------------------------|--------| | 0 | Foundation refactor | βœ… | | 1 | Discovery Supremacy | 🟑 (core done, 40+ sources to add) | | 2 | Vulnerability Engine | 🟑 (4/10 native scanners done) | | 3 | AI Agentic v2 | πŸ”΅ (interfaces + 2 tools; planner/workers pending) | | 4 | TUI + Reporting | 🟑 (wizard done, LivePrinter done; report generator pending) | | 5 | Continuous & Distributed | 🟑 (diff + scheduler + webhook done; distributed pending) | | 6 | Ecosystem & community | πŸ“‹ (plan exists; templates + marketplace pending) | --- ## Fase 0 β€” Foundation refactor *(βœ… complete)* Prerequisite for everything else. Keeps v2 extensible and testable without changing v1's external behavior. | Feature | Status | Location | |--------------------------------------------|:------:|-------------------------------------------| | Typed event bus with per-subscriber goroutines | βœ… | `internal/eventbus/` | | 20 canonical event types | βœ… | `internal/eventbus/events.go` | | Non-blocking publish with drop counter | βœ… | `internal/eventbus/bus.go` | | Panic-safe handlers | βœ… | `internal/eventbus/bus.go:run()` | | Module interface + auto-registry | βœ… | `internal/module/` | | Phase-based selection + Consumes/Produces | βœ… | `internal/module/registry.go` | | In-memory store with per-host locks | βœ… | `internal/store/memory.go` | | Deep-copy Get (caller can't corrupt state) | βœ… | `internal/store/memory.go:cloneHost` | | Pipeline coordinator with phase barriers | βœ… | `internal/pipeline/pipeline.go` | | Error aggregation via `errors.Join` | βœ… | `internal/pipeline/pipeline.go:Run` | | YAML config loader + 5 scan profiles | βœ… | `internal/config/profile.go` + `yaml.go` | | AI profiles (lean/balanced/heavy) | βœ… | `internal/config/ai_profile.go` | | ConfigView exposed to modules | βœ… | `internal/config/view.go` | | 185 unit tests passing with `-race` | βœ… | `*_test.go` across 15 packages | | BoltDB store backend | πŸ“‹ | deferred to Fase 5 | --- ## Fase 1 β€” Discovery Supremacy *(🟑 core done)* Goal: match or beat BBOT and Amass in subdomain coverage. ### Passive sources | Source | Status | Module | |---------------------------------|:------:|--------------------------------------------| | 20 v1 sources (crt.sh, CertSpotter, AlienVault, HackerTarget, URLScan, RapidDNS, Anubis, ThreatMiner, DNSRepo, SubdomainCenter, Wayback, CommonCrawl, Sitedossier, Riddler, Robtex, DNSHistory, ArchiveToday, JLDC, SynapsInt, CensysFree) | βœ… | `internal/modules/passive` (wrapper) | | Shodan, Censys, BinaryEdge, SecurityTrails, FOFA, ZoomEye, Quake, Netlas (key-gated) | πŸ“‹ | planned | | VirusTotal, Chaos, BufferOver, Shrewdeye | πŸ“‹ | planned | | **Supply chain**: npm + PyPI dorks | βœ… | `internal/modules/supplychain` | | GitHub code-search dorks | βœ… | `internal/modules/github` | | Certificate Transparency live | βœ… (opt-in) | `internal/modules/ctstream` | ### Active discovery | Technique | Status | Module | |----------------------------------|:------:|--------------------------------------------| | DNS wordlist brute-force | βœ… | `internal/modules/bruteforce` | | Wildcard DNS detection + filter | βœ… | v1 `internal/dns/wildcard.go` + bruteforce | | Recursive pattern learning | βœ… | `internal/modules/recursive` | | DNS permutation (alterx-style) | βœ… (opt-in) | `internal/modules/permutation` | | AXFR zone-transfer attempt | βœ… | `internal/modules/axfr` | | Reverse DNS Β±16 sweep per seed IP | βœ… (opt-in) | `internal/modules/reversedns` | | Virtual host discovery | βœ… (opt-in) | `internal/modules/vhost` | | ASN/CIDR expansion | βœ… (opt-in) | `internal/modules/asn` | --- ## Fase 2 β€” Vulnerability Engine *(🟑 4/10 native done)* Goal: move beyond v1's "chain Nuclei and pray" model β€” build native, accurate, high-signal detections. | Scanner | Status | Module | |----------------------------------|:------:|-----------------------------------------------| | v1 security checks (open redirect, CORS, HTTP methods, git/svn, backups, admin, API) | βœ… | `internal/modules/security` | | Subdomain takeover (110+ fingerprints) | βœ… | `internal/modules/takeover` | | Cloud asset discovery (S3 / GCS / Azure / CDNs) | βœ… | `internal/modules/cloud` + v1 `internal/cloud` | | JS secret extraction | βœ… | `internal/modules/javascript` | | Security headers audit (OWASP-aligned) | βœ… | `internal/modules/headers` | | GraphQL introspection + mutation flag | βœ… | `internal/modules/graphql` | | JWT analyzer + weak-secret crack | βœ… | `internal/modules/jwt` | | HTTP request smuggling (CL.TE / TE.CL timing probe) | βœ… (opt-in) | `internal/modules/smuggling` | | Nuclei template compatibility layer | πŸ“‹ | planned | | SPA crawler w/ headless browser (chromedp) | πŸ“‹ | planned | | OAuth / SAML flow misconfig | πŸ“‹ | planned | | Race condition scanner | πŸ“‹ | planned | | Prototype pollution | πŸ“‹ | planned | | SSRF + built-in OOB canary server | πŸ“‹ | planned | | Live secret validation against source APIs | πŸ“‹ | planned | --- ## Fase 3 β€” AI Agentic v2 *(πŸ”΅ scaffolding done)* Goal: move from "LLM reviews findings" to "LLM plans + executes multi-step investigations using tools". | Component | Status | Location | |--------------------------------------------|:------:|----------------------------------| | v1 Ollama cascade wrapper (triage+deep) | βœ… | `internal/ai/ollama.go` + `modules/ai` | | Multi-agent orchestrator (8 specialist agents: XSS, SQLi, Auth, API, Crypto, Secrets, Headers, General) | βœ… (from v1) | `internal/ai/agents/` | | CVE matching via KEV (offline) + NVD (online) | βœ… | `internal/ai/kev.go` + `cve.go` | | Function calling to live CVE lookup | βœ… | `internal/ai/tools.go` | | Model ensurer (auto-pull via `/api/pull`) | βœ… | `internal/ai/ensure.go` | | AI profiles (lean / balanced / heavy) | βœ… | `internal/config/ai_profile.go` | | Verbose per-query logging | βœ… | `internal/ai/ollama.go:logVerbose` | | Agent / Planner / Worker interfaces | βœ… | `internal/agent/agent.go` | | Built-in tools: `http_request`, `dns_resolve` | βœ… | `internal/agent/tools.go` | | Native Planner (reasoning loop) | πŸ”΅ | planned | | Native Worker specializations | πŸ”΅ | planned | | Vulnerability-chain composer agent | πŸ“‹ | planned | | Fine-tuning dataset pipeline | πŸ“‹ | planned | | RAG over CISA KEV + HackerOne public reports | πŸ“‹ | planned | --- ## Fase 4 β€” Terminal UX + Reporting *(🟑 partial)* **Terminal-only by explicit design.** No web dashboard. | Feature | Status | Location | |--------------------------------------------|:------:|----------------------------------| | Interactive setup wizard | βœ… | `internal/wizard/` | | Auto-launch on zero-flag TTY invocation | βœ… | `cmd/god-eye/main.go` | | `--wizard` force flag | βœ… | `cmd/god-eye/main.go` | | Model pull consent + streaming progress | βœ… | `internal/wizard/wizard.go:handleAIModels` | | Live colorized event stream (`--live`) | βœ… | `internal/tui/live.go` | | 3-level verbosity (findings / normal / noisy) | βœ… | `internal/tui/live.go` | | Bubbletea-based interactive TUI (k9s-like) | πŸ“‹ | planned | | Professional report generator (PDF/HTML/Markdown with CVSS + MITRE mapping) | πŸ“‹ | planned | | Burp / Caido extension for findings export | πŸ“‹ | planned | --- ## Fase 5 β€” Continuous & Distributed *(🟑 single-node done)* Goal: turn God's Eye into an Attack Surface Management (ASM) daemon. | Feature | Status | Location | |--------------------------------------------|:------:|----------------------------------| | Diff engine (9 change kinds) | βœ… | `internal/diff/` | | Scheduler with interval ticker | βœ… | `internal/scheduler/scheduler.go`| | `StdoutAlerter` (human-readable) | βœ… | `internal/scheduler/alerter.go` | | `WebhookAlerter` (generic JSON POST) | βœ… | `internal/scheduler/alerter.go` | | `--monitor-interval` + `--monitor-webhook` | βœ… | `cmd/god-eye/main.go:runMonitor` | | BoltDB / SQLite persistent store | πŸ“‹ | planned (requires Store backend) | | Cron-syntax scheduling | πŸ“‹ | planned | | Distributed worker pool (NATS/Redis) | πŸ“‹ | planned | | Slack / Discord / Teams / Linear adapters | πŸ“‹ | planned | --- ## Fase 6 β€” Ecosystem *(πŸ“‹ planned)* | Feature | Status | |--------------------------------------------|:------:| | Community template repository | πŸ“‹ | | Module marketplace (`god-eye module install`) | πŸ“‹ | | Docs site (VitePress) | πŸ“‹ | | Integrations: HackerOne / Bugcrowd / Intigriti APIs | πŸ“‹ | | Published benchmark suite vs BBOT / Subfinder / Amass | πŸ“‹ | --- ## Operational / cross-cutting features ### Config | Feature | Status | Notes | |--------------------------------------------|:------:|-------| | CLI flags (backwards-compatible with v0.1) | βœ… | `cmd/god-eye/main.go` | | YAML config auto-discovery | βœ… | `./god-eye.yaml`, `.god-eye.yaml`, `~/.god-eye/config.yaml` | | `--config ` override | βœ… | | | Named scan profiles (`--profile`) | βœ… | 5 profiles: bugbounty, pentest, asm-continuous, stealth-max, quick | | Named AI profiles (`--ai-profile`) | βœ… | lean / balanced / heavy | | Per-module enable/disable via YAML | βœ… | `modules:` YAML key | ### Stealth | Feature | Status | Notes | |--------------------------------------------|:------:|-------| | 4-level stealth mode | βœ… (v1 heritage) | light / moderate / aggressive / paranoid | | 25+ User-Agent rotation pool | βœ… | `internal/stealth/` | | Randomized delays, per-host throttling | βœ… | `internal/stealth/`, `internal/ratelimit/` | | Adaptive backoff on error-rate spikes | βœ… | `internal/ratelimit/ratelimit.go` | | Retry with exponential backoff | βœ… | `internal/retry/retry.go` | | **Proxy / SOCKS5 / Tor routing** | βœ… | `internal/proxyconf/` Β· issue [#1](https://github.com/Vyntral/god-eye/issues/1) | ### Observability | Feature | Status | |--------------------------------------------|:------:| | Event bus stats (published / delivered / dropped) | βœ… | | Per-phase timing events | βœ… | | Module error events (non-fatal) | βœ… | | AI verbose logging (`--ai-verbose`) | βœ… | | Structured JSON output | βœ… | ### Security of the tool itself | Feature | Status | |--------------------------------------------|:------:| | Input validation (domain, wordlist path, output path, resolvers, concurrency, timeout) | βœ… | | Rejects write to system paths (/etc, /var, /proc, etc.) | βœ… | | Null-byte and path-traversal rejection | βœ… | | Panic containment in event handlers | βœ… | | Per-subscriber goroutine isolation | βœ… | --- ## What's intentionally NOT on the roadmap - **Web UI** β€” explicit scope choice. Terminal only. - **Exploitation / payload delivery** β€” detection, chaining and PoC generation only; no shell, no persistence. - **Collaborative multi-user state** β€” single-operator tool. - **Proprietary feed integrations (Shodan / Censys paid tiers) by default** β€” must be user-configured with their own API keys. - **Agent-based compromise of targets** β€” scope is bounded to authorized offensive reconnaissance and disclosure-track testing. --- ## Test coverage snapshot | Package | Tests | `-race` | Notes | |---------------------|------:|:-------:|-----------------------------------------| | validator | ~30 | βœ… | exhaustive input validation | | sources | ~5 | βœ… | extract subdomains, client pooling | | dns | ~10 | βœ… | wildcard helpers, pure functions only | | config | ~25 | βœ… | profiles, YAML, View | | eventbus | ~15 | βœ… | pub/sub, drop invariant, concurrent | | module | ~13 | βœ… | registry, filtering, dep graph | | store | ~15 | βœ… | concurrent Upsert, deep-copy Get | | pipeline | ~9 | βœ… | phase barriers, panic recovery | | diff | ~9 | βœ… | 9 change kinds | | scheduler | ~3 | βœ… | interval + diff integration | | wizard | ~15 | βœ… | prompts, validation, EOF cancel | | ai (ensurer) | ~10 | βœ… | mock httptest Ollama | | scanner (v1 legacy) | ~10 | βœ… | helper functions | **185 tests total** across 15 packages, all green with the `-race` flag on Go 1.21. ### Since v0.1 - **+15 packages** (foundation + modules + operational) - **~26 modules** auto-registered in the pipeline - **~200 lines of documentation per topic area** (README, AI, EXAMPLES, SECURITY, BENCHMARK, FEATURE) - **3 GIF demos** captured live against `scanme.nmap.org` - **Issue [#1](https://github.com/Vyntral/god-eye/issues/1)** (SOCKS5 / Tor support) fixed