mirror of https://github.com/Vyntral/god-eye.git synced 2026-02-12 16:52:45 +00:00

Files

Vyntral 14718dd75f 🚀 God's Eye v0.1 - Initial Release

God's Eye is an ultra-fast subdomain enumeration and reconnaissance tool with AI-powered security analysis.

## ✨ Key Features

### 🔍 Comprehensive Enumeration
- 20+ passive sources (crt.sh, Censys, URLScan, etc.)
- DNS brute-force with smart wordlists
- Wildcard detection and filtering
- 1000 concurrent workers for maximum speed

### 🌐 Deep Reconnaissance
- HTTP probing with 13+ security checks
- Port scanning (configurable)
- TLS/SSL fingerprinting
- Technology detection (Wappalyzer-style)
- WAF detection (Cloudflare, Akamai, etc.)
- Security header analysis
- JavaScript secrets extraction
- Admin panel & API discovery
- Backup file detection
- robots.txt & sitemap.xml checks

### 🎯 Subdomain Takeover Detection
- 110+ fingerprints (AWS, Azure, GitHub Pages, Heroku, etc.)
- CNAME validation
- Dead DNS detection

### 🤖 AI-Powered Analysis (NEW!)
- Local AI using Ollama - No API costs, complete privacy
- Real-time CVE detection via function calling (queries NVD database)
- Cascade architecture: phi3.5 (fast triage) + qwen2.5-coder (deep analysis)
- JavaScript security analysis
- HTTP response anomaly detection
- Executive summary reports

### 📊 Output Formats
- Pretty terminal output with colors
- JSON export
- CSV export
- TXT (simple subdomain list)
- Silent mode for piping

## 🚀 Installation

bash
go install github.com/Vyntral/god-eye@latest

## 📖 Quick Start

bash
# Basic scan
god-eye -d example.com

# With AI analysis
god-eye -d example.com --enable-ai

# Only active hosts
god-eye -d example.com --active

# Export to JSON
god-eye -d example.com -o results.json -f json

## 🎯 Use Cases
- Bug bounty reconnaissance
- Penetration testing
- Security audits
- Attack surface mapping
- Red team operations

## ⚠️ Legal Notice
This tool is for authorized security testing only. Users must obtain explicit permission before scanning any targets. Unauthorized access is illegal.

## 📄 License
MIT License with additional security tool terms - see LICENSE file

## 🙏 Credits
Built with ❤️ by Vyntral for Orizon
Powered by Go, Ollama, and the security community

---

🤖 Generated with Claude Code
https://claude.com/claude-code

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-20 10:41:05 +01:00

3.6 KiB

Raw Permalink Blame History

Security Policy

Responsible Use

God's Eye is a powerful security reconnaissance tool. With great power comes great responsibility.

Ethical Guidelines

✅ DO:

Use for authorized penetration testing
Participate in bug bounty programs
Conduct security research on your own systems
Help improve security through responsible disclosure
Follow coordinated vulnerability disclosure processes

❌ DO NOT:

Scan systems without explicit permission
Use for malicious purposes
Violate terms of service
Attempt unauthorized access
Sell or distribute scan results without authorization

Reporting Security Issues

Vulnerability Disclosure

If you discover a security vulnerability in God's Eye itself, please report it responsibly:

DO NOT open a public issue
Email the maintainers privately (see GitHub profile for contact)
Provide detailed information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)

Response Timeline

Acknowledgment: Within 48 hours
Initial Assessment: Within 7 days
Fix Development: Depends on severity
Public Disclosure: After fix is released

Security Best Practices

For Users

Always verify authorization before scanning
Keep the tool updated to latest version
Use in controlled environments when testing
Respect rate limits to avoid service disruption
Secure your scan results - they may contain sensitive data

For Developers

Review code changes for security implications
Follow secure coding practices
Test thoroughly before releasing
Document security-relevant changes
Never commit credentials or sensitive data

Compliance

Legal Requirements

Users must comply with:

United States: Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030
European Union: GDPR, ePrivacy Directive, NIS2 Directive
United Kingdom: Computer Misuse Act 1990
International: Budapest Convention on Cybercrime
Local laws: All applicable regional regulations

Bug Bounty Programs

When using God's Eye for bug bounty hunting:

✅ Read and follow program rules
✅ Respect scope limitations
✅ Avoid testing production systems unless explicitly allowed
✅ Report findings through proper channels
✅ Do not publicly disclose before program authorization

Data Protection

Handling Scan Results

Scan results may contain sensitive information:

Private IP addresses
Technology stack details
Potential vulnerabilities
Configuration information

Your Responsibilities:

Store results securely
Encrypt sensitive data
Delete when no longer needed
Do not share without authorization
Comply with GDPR and data protection laws

Disclaimer

NO WARRANTY: This software is provided "AS IS" without warranty of any kind.

NO LIABILITY: The authors are not responsible for:

Misuse of this tool
Unauthorized access attempts
Legal consequences of improper use
Data breaches or security incidents
Any damages arising from use

USER RESPONSIBILITY: You are solely responsible for ensuring:

You have proper authorization
Your use complies with all laws
You accept all risks
You will not hold authors liable

Contact

For security-related questions:

Check the LICENSE file for legal terms
Review the README for usage guidelines
Contact maintainers through GitHub for private security reports

Remember: Unauthorized computer access is illegal. Always get permission first.

3.6 KiB Raw Permalink Blame History