Files
god-eye/CHANGELOG.md
T
Vyntral 05e837fa4c docs(v2): full documentation rewrite + CHANGELOG + live benchmark
Eight documents polished for v2.0 release:

- README.md: hero + 30-sec quickstart + feature matrix + competitive
  landscape + wizard/live/AI GIF demos
- AI_SETUP.md: 3 AI profiles + cascade + auto-pull + end-of-scan brief
  + model comparison + troubleshooting + privacy model
- EXAMPLES.md: 14 practical recipes from zero-flag wizard to routing
  via Tor / Burp / mitmproxy
- BENCHMARK.md: cross-tool comparison matrix + methodology + caveats
- BENCHMARK-SCANME.md (new): reproducible live benchmark on Nmap's
  authorized test host, documents three bugs fixed mid-test
- FEATURE_ANALYSIS.md: per-feature status across all 6 phases
- SECURITY.md: ethical guidelines + disclosure + compliance
- CHANGELOG.md (new): complete v2.0.0-rc1 release notes
2026-04-18 16:49:04 +02:00

137 lines
8.6 KiB
Markdown

# Changelog
All notable changes to God's Eye are documented here.
Format inspired by [Keep a Changelog](https://keepachangelog.com/).
Versioning follows [SemVer](https://semver.org/) — major bumps mean breaking CLI/config changes.
---
## [v2.0.0-rc1] — 2026-04-18
The first full rewrite since v0.1. This is a **new shape of tool**, not a patch. Promoted to `v2.0.0` after ~1 week of RC bake-in barring showstoppers.
### ✨ Added
**Core architecture**
- Event-driven pipeline replacing the v0.1 monolithic `scanner.Run` — see `internal/pipeline/`.
- Typed event bus (`internal/eventbus`) — 20 event types, race-safe pub/sub, drop counter, panic recovery.
- Thread-safe host store (`internal/store`) with per-host locking and deep-copy reads.
- Module registry (`internal/module`) — 26 auto-registered modules across 6 phases.
- YAML config (`internal/config`) with auto-discovery at `~/.god-eye/config.yaml`.
- Five built-in scan profiles: `quick`, `bugbounty`, `pentest`, `asm-continuous`, `stealth-max`.
**Interactive wizard** (`internal/wizard/`)
- Auto-launches when `./god-eye` is run with no `-d` flag in a TTY.
- Walks through AI tier selection, Ollama model check + download, target validation, scan profile, live view, output format.
- Force with `--wizard` even when `-d` is set.
**AI layer** (`internal/ai/` + `internal/modules/ai/`)
- Three tuned profiles: `lean` (16 GB RAM), `balanced` (32 GB + MoE), `heavy` (64 GB+).
- Six event-driven handlers: CVE correlation, JS file indexing, HTTP response analysis, secret validation, multi-agent vulnerability enrichment, end-of-scan anomaly detection + executive report.
- Content-hash cache dedups queries — a tech detected on 10 hosts fires **one** Ollama call.
- Auto-pull of missing Ollama models via `/api/pull` with streaming progress.
- `--ai-verbose` flag to stream every query on stderr.
- Full local inference via Ollama — no API keys, no cloud.
- End-of-scan **AI SCAN BRIEF** — framed terminal summary with severity totals, top exploitable chains, AI-generated executive prose, and recommended next actions.
**Nuclei compatibility layer** (`internal/nucleitpl/`)
- Executes ~13,000 community nuclei-templates.
- Auto-downloads the official ZIP from GitHub into `~/.god-eye/nuclei-templates/` on first use.
- `./god-eye nuclei-update` subcommand to refresh the cache.
- Supports HTTP templates with `word` / `regex` / `status` / `size` matchers, `and` / `or` conditions, `part=header|body|response`, negative matching.
- Scope filter rejects off-host templates (OSINT user lookups on third-party services) to eliminate false positives.
**Discovery expansion** (26 passive sources — up from 20 in v0.1)
- `BufferOver`, `DNSDumpster`, `Omnisint`, `HudsonRock`, `WebArchiveCDX`, `Digitorus` added.
- Six active techniques: AXFR zone-transfer, GitHub code dorks (honors `GITHUB_TOKEN`), CT live polling, DNS permutation (alterx-style), reverse DNS ±16 sweep, virtual host discovery, ASN/CIDR expansion, supply-chain recon (npm + PyPI).
**Continuous monitoring** (ASM)
- `--monitor-interval 24h` schedules re-scans.
- Diff engine (9 change kinds: `new_host`, `removed_host`, `new_ip`, `removed_ip`, `status_change`, `tech_change`, `new_vuln`, `cleared_vuln`, `cert_change`, `new_takeover`).
- Webhook alerter (generic JSON POST) + stdout alerter.
**Native vulnerability scanners** (new in v2)
- GraphQL introspection + mutation-enabled flag.
- JWT analyzer (`alg=none`, excessive expiry, kid-injection, weak-HMAC crack).
- Security header audit (OWASP Secure Headers Project aligned).
- HTTP request smuggling timing probe (CL.TE / TE.CL, opt-in).
**Operational**
- `--proxy` flag for HTTP / HTTPS / SOCKS5 / SOCKS5h routing. Full Burp / mitmproxy / Tor support. (Fixes [#1](https://github.com/Vyntral/god-eye/issues/1) from @who0xac.)
- `--live` colorized event stream with 3 verbosity levels.
- `--ai-profile {lean,balanced,heavy}` preset for AI tier.
- `--ai-auto-pull` (default true) for Ollama model management.
- `--nuclei-auto-download` (default true) for nuclei-templates cache.
- Context-aware cancellation on SIGINT / SIGTERM.
**Testing**
- 185 unit tests across 15 packages, all race-detector clean.
- Live reproducible benchmark against `scanme.nmap.org` in [BENCHMARK-SCANME.md](BENCHMARK-SCANME.md).
- Parity tool (`tools/parity/`) to diff v1 vs v2 outputs on the same target.
### 🔧 Changed
- **AI default models**: `deepseek-r1:1.5b` + `qwen2.5-coder:7b``qwen3:1.7b` + `qwen2.5-coder:14b` (lean tier). Balanced tier adds `qwen3-coder:30b` MoE.
- **Banner**: dropped legacy organisation reference; version bumped to `2.0-dev`.
- **Go version**: bumped to 1.21.
- **Output format**: now uses `internal/store.Host` internally; legacy `config.SubdomainResult` kept for JSON backward compatibility.
### 🐛 Fixed
- **Issue [#1](https://github.com/Vyntral/god-eye/issues/1)** — SOCKS5 / Tor compatibility. Native `--proxy socks5h://127.0.0.1:9050` replaces reliance on `torsocks`.
- **Duplicate CVE emissions** — dedup by `(tech, version)` pair instead of `(host, tech, version)`. `cloudflare` on 8 hosts now fires 1 AI query instead of 8.
- **CDN / WAF false positives** — `cloudflare`, `cloudfront`, `akamai`, `fastly`, `imperva`, `aws`, `azure`, `gcp`, `heroku`, `netlify`, `vercel` skipped from CVE matching when version unknown (previously generated 10+ bogus CVE chains per scan).
- **JS secret regex noise** — deterministic deny-list for Google Fonts / Googleapis / UI strings like "Change Password" removed 60-70% of false positives.
- **Off-host Nuclei OSINT templates** — templates with absolute URLs to third-party services (`https://www.mastodon.social/api/...`) no longer fire during targeted scans. Added `TargetsCurrentHost()` check.
- **Module registration race** — `ai.cascade` and `vuln.nuclei-compat` now `DefaultEnabled() = true` so registry always selects them; opt-in happens in `Run()` via config check.
- **Pipeline deadlock** — resolution / analysis modules subscribed too late to upstream events; switched to "drain store first, subscribe for late events" pattern across all consumers.
- **Nuclei template-dir resolution** — preferred `~/.god-eye/nuclei-templates/` over `~/nuclei-templates/` (which may be permission-denied from a previous nuclei CLI install).
### 🔒 Security
- **No real secrets in documentation** — live-scan output in `BENCHMARK-SCANME.md` is redacted with `AIzaSy***REDACTED***` even though the target (scanme.nmap.org) is public.
- **Gitignore covers**: `/god-eye` binary, `gods-eye-*.json`, `.god-eye/`, `god-eye.yaml`, `.claude/`, `CLAUDE.md`, `*.log`, `/tmp/`.
- **Proxy auth redaction** — `Humanize()` strips `user:pass@` from proxy URLs in console output; only the scheme + host appears.
### 📚 Documentation
Eight thoroughly-rewritten documents:
- **[README.md](README.md)** — hero + quickstart + feature matrix + competitive landscape + GIF demos.
- **[AI_SETUP.md](AI_SETUP.md)** — 5-minute install, cascade diagram, 3 profiles comparison, wizard walk-through, troubleshooting, performance reference.
- **[EXAMPLES.md](EXAMPLES.md)** — 14 practical recipes from zero-flag launch to route-through-Tor.
- **[BENCHMARK.md](BENCHMARK.md)** — cross-tool comparison matrix, methodology, honest caveats.
- **[BENCHMARK-SCANME.md](BENCHMARK-SCANME.md)** — reproducible live benchmark on `scanme.nmap.org` with exact runtimes + three bugs-fixed-mid-test story.
- **[FEATURE_ANALYSIS.md](FEATURE_ANALYSIS.md)** — per-feature status across all 6 development phases.
- **[SECURITY.md](SECURITY.md)** — ethical guidelines, disclosure process, compliance references.
- **CHANGELOG.md** — this file.
### 🎬 Media
- Three GIF demos in `assets/`, captured live against `scanme.nmap.org`:
- `wizard-demo.gif` — interactive setup walkthrough
- `live-scan.gif` — colorized event stream
- `ai-verbose.gif` — full AI cascade + end-of-scan brief
- Legacy v0.1 GIFs (`demo.gif`, `demo-ai.gif`) removed.
### 💔 Breaking
- The `scanner.Run()` call path is still present for backward compatibility but is considered **legacy**. New workflows should use `--pipeline` which becomes the default in v2.0 final.
- AI default model changed: if you had automation relying on `deepseek-r1:1.5b` being pulled by default, set `--ai-fast-model deepseek-r1:1.5b` explicitly or stick to v0.1.
### 📦 Dependencies
Added:
- `gopkg.in/yaml.v3` — for YAML config loading.
- `golang.org/x/net` (promoted from indirect) — for SOCKS5 proxy support.
- `github.com/mattn/go-isatty` (promoted from indirect) — for wizard TTY detection.
No new cgo dependencies. Single static binary on every supported platform.
---
## [v0.1] — earlier
Legacy monolithic scanner. Preserved in-tree for parity testing; superseded by v2.