CalvinBackup/god-eye
1
0
Fork 0
mirror of https://github.com/Vyntral/god-eye.git synced 2026-05-16 05:29:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b6042bd5df3c2d6654869a5d0df050a36c936c42
god-eye/internal/module/module.go
T
Vyntral 3a4c230aa7 feat: v2.0 full rewrite — event-driven pipeline, AI + Nuclei + proxy 
Complete architectural overhaul. Replaces the v0.1 monolithic scanner
with an event-driven pipeline of auto-registered modules.

Foundation (internal/):
- eventbus: typed pub/sub, 20 event types, race-safe, drop counter
- module: registry with phase-based selection
- store: thread-safe host store with per-host locks + deep-copy reads
- pipeline: coordinator with phase barriers + panic recovery
- config: 5 scan profiles + 3 AI tiers + YAML loader + auto-discovery

Modules (26 auto-registered across 6 phases):
- Discovery: passive (26 sources), bruteforce, recursive, AXFR, GitHub
  dorks, CT streaming, permutation, reverse DNS, vhost, ASN, supply
  chain (npm + PyPI)
- Enrichment: HTTP probe + tech fingerprint + TLS appliance ID, ports
- Analysis: security checks, takeover (110+ sigs), cloud, JavaScript,
  GraphQL, JWT, headers (OWASP), HTTP smuggling, AI cascade, Nuclei
- Reporting: TXT/JSON/CSV writer + AI scan brief

AI layer (internal/ai/ + internal/modules/ai/):
- Three profiles: lean (16 GB), balanced (32 GB MoE), heavy (64 GB)
- Six event-driven handlers: CVE, JS file, HTTP response, secret
  filter, multi-agent vuln enrichment, anomaly + executive report
- Content-hash cache dedups Ollama calls across hosts
- Auto-pull of missing models via /api/pull with streaming progress
- End-of-scan AI SCAN BRIEF in terminal with top chains + next actions

Nuclei compat layer (internal/nucleitpl/):
- Executes ~13k community templates (HTTP subset)
- Auto-download of nuclei-templates ZIP to ~/.god-eye/nuclei-templates
- Scope filter rejects off-host templates (eliminates OSINT FPs)

Operations:
- Interactive wizard (internal/wizard/) — zero-flag launch
- LivePrinter (internal/tui/) — colorized event stream
- Diff engine + scheduler (internal/diff, internal/scheduler) for
  continuous ASM monitoring with webhook alerts
- Proxy support (internal/proxyconf/): http / https / socks5 / socks5h
  + basic auth

Fixes #1 — native SOCKS5 / Tor compatibility via --proxy flag.

185 unit tests across 15 packages, all race-detector clean.
2026-04-18 16:48:41 +02:00

102 lines
4.2 KiB
Go
Raw Blame History

// Package module defines the Module interface and Registry used by God's Eye v2
// to organize discovery, enrichment, analysis, and reporting units of work.
//
// A Module is any unit of the pipeline that subscribes to zero-or-more event
// types, produces zero-or-more event types, and optionally performs a bounded
// amount of work on startup (e.g. a passive source fetches once and publishes).
//
// Modules are decoupled: they do not call each other directly. Ordering emerges
// from the event-driven dependency graph, not from phase barriers. The Phase
// label is metadata used for grouping in progress UIs and logs, not a scheduling
// primitive.
package module
import (
"context"
"god-eye/internal/eventbus"
"god-eye/internal/store"
)
// Phase groups modules at similar pipeline stages for presentation. Modules at
// different phases may still run concurrently; the scanner does not enforce
// phase barriers.
type Phase string
const (
PhaseSetup Phase = "setup" // load DBs, wordlists, validate config
PhaseDiscovery Phase = "discovery" // subdomain sources (passive, CT, brute, recursive)
PhaseResolution Phase = "resolution" // DNS resolve, CNAME, PTR, IP info, wildcard filter
PhaseEnrichment Phase = "enrichment" // HTTP probe, tech fingerprint, TLS analyze
PhaseAnalysis Phase = "analysis" // security checks, takeover, secrets, AI, CVE match
PhaseReporting Phase = "reporting" // output writers, report generation
)
// Context bundles everything a module needs to run.
//
// The Ctx field carries cancellation — every long-running module must select
// on Ctx.Done() to exit cleanly when the user interrupts.
type Context struct {
Ctx context.Context
Bus *eventbus.Bus
Store store.Store
Config ConfigView
Target string // primary target domain
Profile string // active profile name (bugbounty, pentest, stealth-max, ...)
}
// ConfigView is a narrow read-only interface over the scan config, exposed to
// modules so they cannot mutate global state. Implementations live in the
// config package.
type ConfigView interface {
// Profile returns the active profile name ("" when none is selected).
Profile() string
// Bool reads a boolean config key, returning fallback if unset.
Bool(key string, fallback bool) bool
// Int reads an int key, returning fallback if unset.
Int(key string, fallback int) int
// String reads a string key, returning fallback if unset.
String(key string, fallback string) string
// Strings reads a string-slice key.
Strings(key string) []string
// ModuleEnabled lets the user disable a module by name. Registry honors
// this during selection.
ModuleEnabled(moduleName string) bool
}
// Module is the unit of work registered in the pipeline.
//
// Implementations should:
// - be cheap to construct (no I/O in the Module value itself)
// - do all setup/teardown inside Run so lifecycle is explicit
// - subscribe to events via mctx.Bus.Subscribe in Run
// - return promptly when mctx.Ctx is canceled OR when their work is complete
type Module interface {
// Name uniquely identifies the module. Use dotted notation grouping by
// concern: "sources.crtsh", "dns.resolver", "http.probe", "security.cors",
// "ai.cascade". The registry rejects duplicate names.
Name() string
// Phase groups the module in pipeline UIs. See Phase constants.
Phase() Phase
// Consumes lists event types the module subscribes to. Empty means the
// module is a pure producer (e.g. a passive source). Used by tooling to
// visualize the event graph; the bus itself is queried via Subscribe.
Consumes() []eventbus.EventType
// Produces lists event types the module publishes. Empty means the module
// only side-effects (e.g. reporting). Used for tooling and dep docs.
Produces() []eventbus.EventType
// DefaultEnabled returns whether this module runs when config does not
// explicitly enable/disable it. Passive sources typically default true;
// aggressive/experimental modules typically default false.
DefaultEnabled() bool
// Run executes the module. Must be non-blocking on setup and must return
// when its work is complete OR mctx.Ctx is canceled. Errors returned are
// logged via ModuleError events by the scanner.
Run(mctx Context) error
}
Reference in New Issue View Git Blame Copy Permalink