README.md

The Panthera(P.)uncia of Cybersecurity

Official CLI utility for Subdomain Center & Exploit Observer

Puncia utilizes two of our intelligent APIs to gather the results -

• Subdomain Center - The World's Fastest Growing Subdomain & Shadow IT Intelligence Database
  
• Exploit Observer - The World's Largest Exploit & Vulnerability Intelligence Database

Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities.

Aggressive rate-limits can be avoided with an API key: https://www.arpsyndicate.io/pricing.html

Installation

1. From PyPi - pip3 install puncia
2. From Source - pip3 install .
   

Usage

1. Store an API key (storekey) - puncia storekey <api-key>
2. Query Domains (subdomain) - puncia subdomain <domain> <output-file>
3. Query Exploit & Vulnerability Identifiers (exploit)
   • Russian VIDs with no associated CVEs (^RU_NON_CVE) - puncia exploit ^RU_NON_CVE <output-file>
   • Chinese VIDs with no associated CVEs (^CN_NON_CVE) - puncia exploit ^CN_NON_CVE <output-file>
   • Vulnerability & Exploit Identifers Watchlist (^WATCHLIST_IDES) - puncia exploit ^WATCHLIST_IDES <output-file>
   • Vulnerable Technologies Watchlist (^WATCHLIST_TECH) - puncia exploit ^WATCHLIST_TECH <output-file>
   • Supported Vulnerability Identifiers - puncia exploit <eoidentifier> <output-file>
4. Enrich CVE/GHSA Identifiers (enrich) - puncia enrich <cve-id/ghsa-id> <output-file>
5. Multiple Queries (bulk/sbom)
   • Bulk Input JSON File Format - puncia bulk <json-file> <output-directory>

     {
         "subdomain": [
             "domainA.com",
             "domainB.com"
         ],
         "exploit": [
             "eoidentifierA",
             "eoidentifierB"
         ],
         "enrich": [
             "eoidentifierA",
             "eoidentifierB"
         ]
     }
     

   • SBOM Input JSON File Format - puncia sbom <json-file> <output-directory>

Noteworthy Mentions

• Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or Russia didn’t.
• Utilizing GitHub Actions for gathering Subdomain & Exploit Intelligence
• Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
• PUNCIA — The Panthera(P.)uncia of Cybersecurity
• Subdomain Enumeration Tool Face-off - 2023 Edition

More from A.R.P. Syndicate

• Open Source Intelligence
• Attack Surface Management
• Vulnerability Advisories AI
• Free Vulnerability Assessment Report