Puncia utilizes two of our intelligent APIs to gather the results -
- Subdomain Center - The World's Largest Subdomain & Shadow IT Intelligence Database
- Exploit Observer - The World's Largest Exploit & Vulnerability Intelligence Database
Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities.
Aggressive rate-limits can be avoided with an API key: https://www.arpsyndicate.io/pricing.html
- From PyPi -
pip3 install puncia
- From Source -
pip3 install .
-
Store an API key (storekey) -
puncia storekey <api-key>
-
Query Domains (subdomain) -
puncia subdomain <domain> <output-file>
-
Query Exploit & Vulnerability Identifiers (exploit)
- Russian VIDs with no associated CVEs (^RU_NON_CVE) -
puncia exploit ^RU_NON_CVE <output-file>
- Chinese VIDs with no associated CVEs (^CN_NON_CVE) -
puncia exploit ^CN_NON_CVE <output-file>
- Vulnerability & Exploit Identifers Watchlist (^WATCHLIST_IDES) -
puncia exploit ^WATCHLIST_IDES <output-file>
- Vulnerable Technologies Watchlist (^WATCHLIST_TECH) -
puncia exploit ^WATCHLIST_TECH <output-file>
- Supported Vulnerability Identifiers -
puncia exploit <eoidentifier> <output-file>
- Russian VIDs with no associated CVEs (^RU_NON_CVE) -
-
Enrich CVE/GHSA Identifiers (enrich) -
puncia enrich <cve-id/ghsa-id> <output-file>
-
Multiple Queries (bulk/sbom)
- Bulk Input JSON File Format -
puncia bulk <json-file> <output-directory>
{ "subdomain": [ "domainA.com", "domainB.com" ], "exploit": [ "eoidentifierA", "eoidentifierB" ], "enrich": [ "eoidentifierA", "eoidentifierB" ] }
- SBOM Input JSON File Format -
puncia sbom <json-file> <output-directory>
- Bulk Input JSON File Format -
-
External Import
import puncia # Without API Key print(puncia.query_api("exploit","CVE-2021-3450")) print(puncia.query_api("subdomain","arpsyndicate.io")) # With API Key puncia.store_key("ARPS-xxxxxxxxxx") print(puncia.query_api("subdomain","arpsyndicate.io", apikey=puncia.read_key())) print(puncia.query_api("exploit","CVE-2021-3450", apikey=puncia.read_key()))
- Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or Russia didn’t.
- Utilizing GitHub Actions for gathering Subdomain & Exploit Intelligence
- Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
- PUNCIA — The Panthera(P.)uncia of Cybersecurity
- Subdomain Enumeration Tool Face-off - 2023 Edition