Skip to content

Commit

Permalink
puncia[0.15]
Browse files Browse the repository at this point in the history
  • Loading branch information
@g147
g147 committed Mar 19, 2024
1 parent 055a17d commit e5d2373
Show file tree
Hide file tree
Showing 4 changed files with 180 additions and 57 deletions.
55 changes: 36 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,39 @@
# The Panthera(P.)uncia of Cybersecurity
### Subdomain & Exploit Hunter powered by AI
### Official CLI utility for Subdomain Center & Exploit Observer

[![Downloads](https://pepy.tech/badge/puncia)](https://pepy.tech/project/puncia)
<img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat">
<img alt="GitHub stars" src="https://img.shields.io/github/stars/ARPSyndicate/puncia">
<br>
<img src="https://raw.githubusercontent.com/ARPSyndicate/puncia/master/puncia.png" width=25%>
<br>
Puncia utilizes two of our intelligent APIs - [Subdomain Center](https://subdomain.center) & [Exploit Observer](https://exploit.observer), to gather the results.
Puncia utilizes two of our intelligent APIs to gather the results - <br>
- [Subdomain Center - The World's Fastest Growing Subdomain & Shadow IT Intelligence Database](https://subdomain.center)<br>
- [Exploit Observer - The World's Largest Exploit & Vulnerability Intelligence Database](https://exploit.observer)

**Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities.**

## Installation
1. From PyPi - `pip3 install puncia`
2. From Source - `pip3 install .`<br>

## Usage
1. Subdomain - `puncia subdomain <domain> <output>`
2. Exploit - `puncia exploit <eoidentifier> <output>`<br>
1. Subdomain - `puncia subdomain <domain> <output-file>`
2. Exploit - `puncia exploit <eoidentifier> <output-file>`
3. Bulk - `puncia exploit <jsonfile> <output-directory>`<br>
### Bulk Input JSON Format
```
{
"subdomain": [
"domainA.com",
"domainB.com"
],
"exploit": [
"eoidentifierA",
"eoidentifierA"
]
}
```

## Supported EOIdentifiers
1. Common Vulnerabilities and Exposures (CVE) - [`puncia exploit CVE-2021-3450`](https://api.exploit.observer/?keyword=CVE-2021-3450)
Expand All @@ -27,18 +44,19 @@ Puncia utilizes two of our intelligent APIs - [Subdomain Center](https://subdoma
6. GitHub Security Advisories (GHSA) - [`puncia exploit GHSA-wfh5-x68w-hvw2`](https://api.exploit.observer/?keyword=GHSA-wfh5-x68w-hvw2)
7. CSA Global Security Database (GSD) - [`puncia exploit GSD-2021-3450`](https://api.exploit.observer/?keyword=GSD-2021-3450)
8. OffSec Exploit Database (EDB) - [`puncia exploit EDB-10102`](https://api.exploit.observer/?keyword=EDB-10102)
9. Trend Micro Zero Day Initiative (ZDI) - [`puncia exploit ZDI-23-1714`](https://api.exploit.observer/?keyword=ZDI-23-1714)
10. Packet Storm Security (PSS) - [`puncia exploit PSS-170615`](https://api.exploit.observer/?keyword=PSS-170615)
11. CXSecurity World Laboratory of Bugtraq (WLB) - [`puncia exploit WLB-2024010058`](https://api.exploit.observer/?keyword=WLB-2024010058)
12. Rapid7 Metasploit Framework (MSF) - [`puncia exploit MSF/auxiliary_admin/2wire/xslt_password_reset`](https://api.exploit.observer/?keyword=MSF/auxiliary_admin/2wire/xslt_password_reset)
13. ProjectDiscovery Nuclei (PD) - [`puncia exploit PD/http/cves/2020/CVE-2020-12720`](https://api.exploit.observer/?keyword=PD/http/cves/2020/CVE-2020-12720)
14. Hackerone Hacktivity (H1) - [`puncia exploit H1-2230915`](https://api.exploit.observer/?keyword=H1-2230915)
15. Cisco Talos (TALOS) - [`puncia exploit TALOS-2023-1896`](https://api.exploit.observer/?keyword=TALOS-2023-1896)
16. ProtectAI Huntr (HUNTR) - [`puncia exploit HUNTR-001d1c29-805a-4035-93bb-71a0e81da3e5`](https://api.exploit.observer/?keyword=HUNTR-001d1c29-805a-4035-93bb-71a0e81da3e5)
17. WP Engine WPScan (WPSCAN) - [`puncia exploit WPSCAN-52568abd-c509-411e-8391-c75e7613eb42`](https://api.exploit.observer/?keyword=WPSCAN-52568abd-c509-411e-8391-c75e7613eb42)
18. Defiant Wordfence (WORDFENCE) - [`puncia exploit WORDFENCE-00086b84-c1ec-447a-a536-1c73eac1cc85`](https://api.exploit.observer/?keyword=WORDFENCE-00086b84-c1ec-447a-a536-1c73eac1cc85)
19. YouTube (YT) - [`puncia exploit YT/ccqjhUmwLCk`](https://api.exploit.observer/?keyword=YT/ccqjhUmwLCk)
20. Technologies/Keywords (No Prefix) - [`puncia exploit grafana`](https://api.exploit.observer/?keyword=grafana)<br>
9. Knownsec Seebug (SSVID) - [`puncia exploit SSVID-99817`](https://api.exploit.observer/?keyword=SSVID-99817)
10. Trend Micro Zero Day Initiative (ZDI) - [`puncia exploit ZDI-23-1714`](https://api.exploit.observer/?keyword=ZDI-23-1714)
11. Packet Storm Security (PSS) - [`puncia exploit PSS-170615`](https://api.exploit.observer/?keyword=PSS-170615)
12. CXSecurity World Laboratory of Bugtraq (WLB) - [`puncia exploit WLB-2024010058`](https://api.exploit.observer/?keyword=WLB-2024010058)
13. Rapid7 Metasploit Framework (MSF) - [`puncia exploit MSF/auxiliary_admin/2wire/xslt_password_reset`](https://api.exploit.observer/?keyword=MSF/auxiliary_admin/2wire/xslt_password_reset)
14. ProjectDiscovery Nuclei (PD) - [`puncia exploit PD/http/cves/2020/CVE-2020-12720`](https://api.exploit.observer/?keyword=PD/http/cves/2020/CVE-2020-12720)
15. Hackerone Hacktivity (H1) - [`puncia exploit H1-2230915`](https://api.exploit.observer/?keyword=H1-2230915)
16. Cisco Talos (TALOS) - [`puncia exploit TALOS-2023-1896`](https://api.exploit.observer/?keyword=TALOS-2023-1896)
17. ProtectAI Huntr (HUNTR) - [`puncia exploit HUNTR-001d1c29-805a-4035-93bb-71a0e81da3e5`](https://api.exploit.observer/?keyword=HUNTR-001d1c29-805a-4035-93bb-71a0e81da3e5)
18. WP Engine WPScan (WPSCAN) - [`puncia exploit WPSCAN-52568abd-c509-411e-8391-c75e7613eb42`](https://api.exploit.observer/?keyword=WPSCAN-52568abd-c509-411e-8391-c75e7613eb42)
19. Defiant Wordfence (WORDFENCE) - [`puncia exploit WORDFENCE-00086b84-c1ec-447a-a536-1c73eac1cc85`](https://api.exploit.observer/?keyword=WORDFENCE-00086b84-c1ec-447a-a536-1c73eac1cc85)
20. YouTube (YT) - [`puncia exploit YT/ccqjhUmwLCk`](https://api.exploit.observer/?keyword=YT/ccqjhUmwLCk)
21. Technologies/Keywords (No Prefix) - [`puncia exploit grafana`](https://api.exploit.observer/?keyword=grafana)<br>


## Noteworthy Mentions
Expand All @@ -48,6 +66,5 @@ Puncia utilizes two of our intelligent APIs - [Subdomain Center](https://subdoma

## More from [A.R.P. Syndicate](https://www.arpsyndicate.io)
- [Attack Surface Management](https://asm.arpsyndicate.io)
- [OSINT Resources](https://asm.arpsyndicate.io/intelligence.html)
- [Subdomain Center](https://subdomain.center)
- [Exploit Observer](https://exploit.observer)
- [Open Source Intelligence](https://asm.arpsyndicate.io/intelligence.html)
- [Free Vulnerability Assessment Report](https://asm.arpsyndicate.io/free-vulnerability-scanning.html)
37 changes: 37 additions & 0 deletions puncia-actions.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: puncia-actions

on:
schedule:
- cron: '0 0 * * *'
push:
branches:
- main
pull_request:
branches:
- main

jobs:
puncia:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.9'

- name: Install Puncia
run: |
pip3 install puncia
- name: Run Puncia
run: |
puncia bulk ${{ github.workspace }}/inputs.json ${{ github.workspace }}/
- name: Commit and push changes
run: |
git config --local user.email "[email protected]"
git config --local user.name "Puncia Actions"
git add .
git commit -m "$(date)"
git push
141 changes: 105 additions & 36 deletions puncia/__main__.py
View file
Original file line number Diff line number Diff line change
@@ -1,49 +1,118 @@
import os
import requests
import sys
import json
import time
import re

API_URLS = {
"subdomain": "http://api.subdomain.center/?domain=",
"exploit": "http://api.exploit.observer/?keyword=",
}


def query_api(mode, query, output_file=None):
time.sleep(3)
url = API_URLS.get(mode)
if not url:
sys.exit("Invalid Mode")

response = requests.get(url + query).json()
if not response:
print("Null response from the API")
return
result = json.dumps(response, indent=4, sort_keys=True)
print(result)

if output_file:
existing_data = {}
if os.path.isfile(output_file):
with open(output_file, "r") as f:
existing_data = json.load(f)

if mode == "subdomain":
if len(existing_data) == 0:
existing_data = []
existing_data.extend(response)
existing_data = list(set(existing_data))
elif mode == "exploit":
if "entries" in existing_data and len(existing_data["entries"]) > 0:
for lang in existing_data["entries"]:
response_entries = response.get("entries", {}).get(lang, [])
existing_data_entries = existing_data["entries"].get(lang, [])
existing_data["entries"][lang] = list(
set(existing_data_entries + response_entries)
)
existing_data["entries"][lang].sort()
else:
existing_data = response
total_entries = 0
for lang in existing_data["entries"]:
total_entries = len(existing_data["entries"][lang]) + total_entries
if len(existing_data["description"]) > 0:
if "description" in response and len(response["description"]) > 0:
existing_data["description"] = response["description"]
existing_data["description"] = re.sub(
r"\b(\d+)\s+(?:entries in)\b",
str(total_entries) + " entries in",
existing_data["description"],
)
existing_data["description"] = re.sub(
r"\b(\d+)\s+(?:file formats)\b",
str(len(existing_data["entries"])) + " file formats",
existing_data["description"],
)
with open(output_file, "w") as f:
json.dump(existing_data, f, indent=4, sort_keys=True)


def main():
try:
print(
"Panthera(P.)uncia [v0.14]\nSubdomain & Exploit Hunter powered by AI\n[https://www.arpsyndicate.io]\n---------"
)
if len(sys.argv) < 2:
sys.exit("additional command required (subdomain/exploit)")
print("---------")
print("Panthera(P.)uncia [v0.15]")
print("A.R.P. Syndicate [https://arpsyndicate.io]")
print("Subdomain Center [https://subdomain.center]")
print("Exploit Observer [https://exploit.observer]")
print("---------")

if len(sys.argv) < 3:
sys.exit("additional input required")
if len(sys.argv) > 4:
sys.exit("refer usage at - https://github.com/ARPSyndicate/puncia#usage")
time.sleep(2)
if sys.argv[1] == "subdomain":
response = requests.get(
"http://api.subdomain.center/?domain=" + sys.argv[2]
).json()
if len(response) > 0:
result = json.dumps(response, indent=4, sort_keys=True)
else:
sys.exit("Null Response")
print(result)
if len(sys.argv) == 4:
with open(sys.argv[3], "w") as f:
f.write(result)
elif sys.argv[1] == "exploit":
response = requests.get(
"http://api.exploit.observer/?keyword=" + sys.argv[2]
).json()
if "entries" in response:
result = json.dumps(response, indent=4, sort_keys=True)
else:
sys.exit("Null Response")
print(result)
if len(sys.argv) == 4:
with open(sys.argv[3], "w") as f:
f.write(result)
sys.exit(
"usage: puncia <mode:subdomain/exploit/bulk> <query:domain/eoidentifier/jsonfile> [output_file/output_directory]\nrefer: https://github.com/ARPSyndicate/puncia#usage"
)

mode = sys.argv[1]
query = sys.argv[2]
output_file = sys.argv[3] if len(sys.argv) == 4 else None

if mode not in API_URLS and mode != "bulk":
sys.exit("Invalid Mode")

if mode == "bulk":
if not os.path.isfile(query):
sys.exit("jsonfile as query input required for bulk mode")
if output_file:
os.makedirs(output_file + "/subdomain/", exist_ok=True)
os.makedirs(output_file + "/exploit/", exist_ok=True)
with open(query, "r") as f:
input_file = json.load(f)
if "subdomain" in input_file:
for bulk_query in input_file["subdomain"]:
query_api(
"subdomain",
bulk_query,
output_file + "/subdomain/" + bulk_query + ".json",
)
if "exploit" in input_file:
for bulk_query in input_file["exploit"]:
query_api(
"exploit",
bulk_query,
output_file + "/exploit/" + bulk_query + ".json",
)
else:
sys.exit("refer usage at - https://github.com/ARPSyndicate/puncia#usage")
except Exception as exception:
sys.exit(exception.__class__.__name__ + ": " + str(exception))
query_api(mode, query, output_file)
except Exception as e:
sys.exit(f"Error: {str(e)}")


if __name__ == "__main__":
Expand Down
4 changes: 2 additions & 2 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

setup(
name="puncia",
version="0.14",
version="0.15",
author="A.R.P. Syndicate",
author_email="[email protected]",
keywords="subdomains subdomain exploits exploit arpsyndicate panthera uncia puncia snow leopard",
Expand All @@ -14,7 +14,7 @@
},
long_description=open("README.md").read(),
long_description_content_type="text/markdown",
description="The Panthera(P.)uncia of Cybersecurity - Subdomain & Exploit Hunter powered by AI",
description="The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer",
packages=find_packages(),
install_requires=[
"requests",
Expand Down

0 comments on commit e5d2373

Please sign in to comment.