The Panthera(P.)uncia of Cybersecurity

Official CLI utility for Subdomain Center & Exploit Observer

Puncia utilizes two of our intelligent APIs to gather the results -

• Subdomain Center - The World's Fastest Growing Subdomain & Shadow IT Intelligence Database
  
• Exploit Observer - The World's Largest Exploit & Vulnerability Intelligence Database

Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities.

Installation

1. From PyPi - pip3 install puncia
2. From Source - pip3 install .
   

Usage

1. Subdomain - puncia subdomain <domain> <output-file>
2. Exploit - puncia exploit <eoidentifier> <output-file>
3. Bulk - puncia exploit <jsonfile> <output-directory>
   

Bulk Input JSON Format

{
    "subdomain": [
        "domainA.com",
        "domainB.com"
    ],
    "exploit": [
        "eoidentifierA",
        "eoidentifierB"
    ]
}

Supported EOIdentifiers

1. A.R.P. Syndicate Vulnerability & Exploit Data Aggregation System (VEDAS) - puncia exploit VEDAS:OBLIVIONHAWK
2. Common Vulnerabilities and Exposures (CVE) - puncia exploit CVE-2021-3450
3. Russian Data Bank of Information Security Threats (BDU) - puncia exploit BDU:2024-00390
4. China National Vulnerability Database (CNVD) - puncia exploit CNVD-2024-02713
5. China National Vulnerability Database of Information Security (CNNVD) - puncia exploit CNNVD-202312-2255
6. Japan Vulnerability Notes iPedia (JVNDB) - puncia exploit JVNDB-2023-006199
7. GitHub Security Advisories (GHSA) - puncia exploit GHSA-wfh5-x68w-hvw2
8. GitHub Commits (GHCOMMIT) - puncia exploit GHCOMMIT-102448040d5132460e3b0013e03ebedec0677e00
9. Veracode SourceClear Vulnerability Database (SRCCLR-SID) - puncia exploit SRCCLR-SID-3173
10. Snyk Vulnerability Database (SNYK) - puncia exploit SNYK-JAVA-ORGCLOJURE-5740378
11. OffSec Exploit Database (EDB) - puncia exploit EDB-10102
12. 0Day Today (0DAY-ID) - puncia exploit 0DAY-ID-24705
13. Knownsec Seebug (SSVID) - puncia exploit SSVID-99817
14. Trend Micro Zero Day Initiative (ZDI) - puncia exploit ZDI-23-1714
15. Packet Storm Security (PSS) - puncia exploit PSS-170615
16. CXSecurity World Laboratory of Bugtraq (WLB) - puncia exploit WLB-2024010058
17. Rapid7 Metasploit Framework (MSF) - puncia exploit MSF/auxiliary_admin/2wire/xslt_password_reset
18. ProjectDiscovery Nuclei (PD) - puncia exploit PD/http/cves/2020/CVE-2020-12720
19. Hackerone Hacktivity (H1) - puncia exploit H1-2230915
20. Cisco Talos (TALOS) - puncia exploit TALOS-2023-1896
21. ProtectAI Huntr (HUNTR) - puncia exploit HUNTR-001d1c29-805a-4035-93bb-71a0e81da3e5
22. WP Engine WPScan (WPSCAN) - puncia exploit WPSCAN-52568abd-c509-411e-8391-c75e7613eb42
23. Defiant Wordfence (WORDFENCE) - puncia exploit WORDFENCE-00086b84-c1ec-447a-a536-1c73eac1cc85
24. YouTube (YT) - puncia exploit YT/ccqjhUmwLCk
25. Zero Science Lab (ZSL) - puncia exploit ZSL-2022-5743
26. VARIoT Exploits (VAR-E) - puncia exploit VAR-E-201704-0525
27. VARIoT Vulnerabilities (VAR) - puncia exploit VAR-202404-0085
28. Russian VIDs with no associated CVEs (^RU_NON_CVE) - puncia exploit ^RU_NON_CVE
    
29. Chinese VIDs with no associated CVEs (^CN_NON_CVE) - puncia exploit ^CN_NON_CVE
    
30. Vendor/Product (No Prefix) - puncia exploit grafana
    
31. Vendor/Product + Version (No Prefix) - puncia exploit [email protected]
    

Noteworthy Mentions

• Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or Russia didn’t.
• Utilizing GitHub Actions for gathering Subdomain & Exploit Intelligence
• Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
• PUNCIA — The Panthera(P.)uncia of Cybersecurity
• Subdomain Enumeration Tool Face-off - 2023 Edition

More from A.R.P. Syndicate

• Attack Surface Management
• Open Source Intelligence
• Free Vulnerability Assessment Report