CalvinBackup/god-eye
1
0
Fork 0
mirror of https://github.com/Vyntral/god-eye.git synced 2026-02-12 16:52:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
god-eye/SECURITY.md
Vyntral 14718dd75f 🚀 God's Eye v0.1 - Initial Release 
God's Eye is an ultra-fast subdomain enumeration and reconnaissance tool with AI-powered security analysis.

##  Key Features

### 🔍 Comprehensive Enumeration
- 20+ passive sources (crt.sh, Censys, URLScan, etc.)
- DNS brute-force with smart wordlists
- Wildcard detection and filtering
- 1000 concurrent workers for maximum speed

### 🌐 Deep Reconnaissance
- HTTP probing with 13+ security checks
- Port scanning (configurable)
- TLS/SSL fingerprinting
- Technology detection (Wappalyzer-style)
- WAF detection (Cloudflare, Akamai, etc.)
- Security header analysis
- JavaScript secrets extraction
- Admin panel & API discovery
- Backup file detection
- robots.txt & sitemap.xml checks

### 🎯 Subdomain Takeover Detection
- 110+ fingerprints (AWS, Azure, GitHub Pages, Heroku, etc.)
- CNAME validation
- Dead DNS detection

### 🤖 AI-Powered Analysis (NEW!)
- Local AI using Ollama - No API costs, complete privacy
- Real-time CVE detection via function calling (queries NVD database)
- Cascade architecture: phi3.5 (fast triage) + qwen2.5-coder (deep analysis)
- JavaScript security analysis
- HTTP response anomaly detection
- Executive summary reports

### 📊 Output Formats
- Pretty terminal output with colors
- JSON export
- CSV export
- TXT (simple subdomain list)
- Silent mode for piping

## 🚀 Installation

bash
go install github.com/Vyntral/god-eye@latest

## 📖 Quick Start

bash
# Basic scan
god-eye -d example.com

# With AI analysis
god-eye -d example.com --enable-ai

# Only active hosts
god-eye -d example.com --active

# Export to JSON
god-eye -d example.com -o results.json -f json

## 🎯 Use Cases
- Bug bounty reconnaissance
- Penetration testing
- Security audits
- Attack surface mapping
- Red team operations

## ⚠️ Legal Notice
This tool is for authorized security testing only. Users must obtain explicit permission before scanning any targets. Unauthorized access is illegal.

## 📄 License
MIT License with additional security tool terms - see LICENSE file

## 🙏 Credits
Built with ❤️ by Vyntral for Orizon
Powered by Go, Ollama, and the security community

---

🤖 Generated with Claude Code
https://claude.com/claude-code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-20 10:41:05 +01:00

130 lines
3.6 KiB
Markdown
Raw Permalink Blame History

# Security Policy
## Responsible Use
God's Eye is a powerful security reconnaissance tool. With great power comes great responsibility.
### Ethical Guidelines
**DO:**
- Use for authorized penetration testing
- Participate in bug bounty programs
- Conduct security research on your own systems
- Help improve security through responsible disclosure
- Follow coordinated vulnerability disclosure processes
**DO NOT:**
- Scan systems without explicit permission
- Use for malicious purposes
- Violate terms of service
- Attempt unauthorized access
- Sell or distribute scan results without authorization
## Reporting Security Issues
### Vulnerability Disclosure
If you discover a security vulnerability in God's Eye itself, please report it responsibly:
1. **DO NOT** open a public issue
2. Email the maintainers privately (see GitHub profile for contact)
3. Provide detailed information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
### Response Timeline
- **Acknowledgment**: Within 48 hours
- **Initial Assessment**: Within 7 days
- **Fix Development**: Depends on severity
- **Public Disclosure**: After fix is released
## Security Best Practices
### For Users
1. **Always verify authorization** before scanning
2. **Keep the tool updated** to latest version
3. **Use in controlled environments** when testing
4. **Respect rate limits** to avoid service disruption
5. **Secure your scan results** - they may contain sensitive data
### For Developers
1. **Review code changes** for security implications
2. **Follow secure coding practices**
3. **Test thoroughly** before releasing
4. **Document security-relevant changes**
5. **Never commit credentials** or sensitive data
## Compliance
### Legal Requirements
Users must comply with:
- **United States**: Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030
- **European Union**: GDPR, ePrivacy Directive, NIS2 Directive
- **United Kingdom**: Computer Misuse Act 1990
- **International**: Budapest Convention on Cybercrime
- **Local laws**: All applicable regional regulations
### Bug Bounty Programs
When using God's Eye for bug bounty hunting:
1. ✅ Read and follow program rules
2. ✅ Respect scope limitations
3. ✅ Avoid testing production systems unless explicitly allowed
4. ✅ Report findings through proper channels
5. ✅ Do not publicly disclose before program authorization
## Data Protection
### Handling Scan Results
Scan results may contain sensitive information:
- Private IP addresses
- Technology stack details
- Potential vulnerabilities
- Configuration information
**Your Responsibilities:**
1. Store results securely
2. Encrypt sensitive data
3. Delete when no longer needed
4. Do not share without authorization
5. Comply with GDPR and data protection laws
## Disclaimer
**NO WARRANTY**: This software is provided "AS IS" without warranty of any kind.
**NO LIABILITY**: The authors are not responsible for:
- Misuse of this tool
- Unauthorized access attempts
- Legal consequences of improper use
- Data breaches or security incidents
- Any damages arising from use
**USER RESPONSIBILITY**: You are solely responsible for ensuring:
- You have proper authorization
- Your use complies with all laws
- You accept all risks
- You will not hold authors liable
## Contact
For security-related questions:
- Check the [LICENSE](LICENSE) file for legal terms
- Review the [README](README.md) for usage guidelines
- Contact maintainers through GitHub for private security reports
---
**Remember: Unauthorized computer access is illegal. Always get permission first.**
Reference in New Issue View Git Blame Copy Permalink