{"id":41257981,"url":"https://github.com/analog-substance/arsenic","last_synced_at":"2026-01-23T01:54:43.967Z","repository":{"id":37254332,"uuid":"350730020","full_name":"analog-substance/arsenic","owner":"analog-substance","description":"Pentesting tool to automate common op tasks and organize discovered data.","archived":false,"fork":false,"pushed_at":"2025-05-17T17:05:21.000Z","size":15828,"stargazers_count":8,"open_issues_count":10,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-17T17:28:23.511Z","etag":null,"topics":["cybersecurity","hacktoberfest","pentesting","pentesting-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/analog-substance.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-23T13:49:32.000Z","updated_at":"2025-05-17T17:05:24.000Z","dependencies_parsed_at":"2023-02-17T01:46:34.254Z","dependency_job_id":"1f3b519d-87eb-487b-b0d0-1508779e0846","html_url":"https://github.com/analog-substance/arsenic","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/analog-substance/arsenic","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analog-substance%2Farsenic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analog-substance%2Farsenic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analog-substance%2Farsenic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analog-substance%2Farsenic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/analog-substance","download_url":"https://codeload.github.com/analog-substance/arsenic/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analog-substance%2Farsenic/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28677714,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T01:00:35.747Z","status":"ssl_error","status_checked_at":"2026-01-23T01:00:19.529Z","response_time":144,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","hacktoberfest","pentesting","pentesting-tools"],"created_at":"2026-01-23T01:54:43.910Z","updated_at":"2026-01-23T01:54:43.962Z","avatar_url":"https://github.com/analog-substance.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\ntitle: Arsenic\nlinkTitle: Docs\nmenu: {main: {weight: 20}}\n---\n\u003e Conventions and automation for offensive operations.\n\u003e https://analog-substance.github.io/arsenic/\n\n## Purpose\n\nArsenic aims to set conventions around how pentest data is stored. It is nothing more than a directory structure and file naming conventions. By itself it is nothing fancy, but when combined with things like [arsenic-hugo](https://github.com/analog-substance/arsenic-hugo), it should make operations fun again!\n\nAn example operation directory structure would look like.\n```\n├── apps\n├── bin\n├── hosts\n│   └── localhost\n│       ├── README.md (optional)\n│       ├── 00_metadata.md\n│       └── recon\n│       \t├── hostnames.txt\n│       \t└── ip-addresses.txt\n├── recon\n│   ├── domains\n│   └── leads\n├── notes\n│   └── example_note.md\n├── report\n│   ├── findings\n│   │   └── first-finding\n│   │       ├── 00-metadata.md\n│   │       ├── 01-summary.md\n│   │       ├── 02-affected_assets.md\n│   │       ├── 03-recommendations.md\n│   │       ├── 04-references.md\n│   │       └── 05-steps_to_reproduce.md\n│   ├── sections\n│   │   └── README.md\n│   ├── social\n│   │   └── sample-campaign.md\n│   └── static\n├── README.md -\u003e report/sections/README.md\n├── config.toml\n├── arsenic.yaml\n└── Makefile\n```\n\n## Operation Directory Layout Definitions\n\n### apps/\n\nA free form place to store applications. So far no magic here. Open to suggestions\n\n### bin/\n\nEvery operation is different; use this directory for one off operation scripts.\n\n### hosts/\n\nThis is where hosts information is stored. Host directories will typically be named after the host's hostname or IPv4/IPv6 address if no hostname exists.\n\n#### hosts/recon\n\nThe host recon directory will contain all the recon files for that host only.\n\n### recon/\n\nThe recon directory in the operation root will contain all the recon for the operation as a whole.\n\n### report/\n\nEvery operation should have findings! This is where to store that information.\n\n## Getting Started\n\n### Prerequisites\n\nTo use arsenic, the following are required:\n- go v1.16+ (https://go.dev/doc/install or https://github.com/NoF0rte/go-updater)\n- aquatone\n- nmap\n- exploitdb (searchsploit)\n- ffuf\n- nuclei\n- fast-resolv (https://github.com/defektive/fast-resolv)\n\n#### note on nmap\n\nmost scans will require nmap to be run as root or have the appropriate capabilities set on the nmap binary.\n\n```bash\nsudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap\n```\n\n#### Optional Prerequisites\n\nTo get the best out of arsenic, the following are recommended to be installed:\n- hugo (https://gohugo.io/getting-started/installing/)\n- npm (https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)\n\n### Installation\n\nThough you are be able to install the arsenic binary by running `go install github.com/analog-substance/arsenic@latest`, you would be missing some key files that have not yet been included in the binary itself. To get the best out of arsenic, run the following:\n\n```bash\ngit clone https://github.com/analog-substance/arsenic\ncd arsenic\ngo install\n```\n**Note**: Arsenic is intended to be checked out along side other similarly purposed tools in an `opt/` directory like `$HOME/opt` or `/opt`.\n\nNext, add the following to your shell's rc file:\n```bash\nsource {path_to_arsenic}/arsenic.rc\n```\nThe `arsenic.rc` file automatically adds the `bin/` directory of sibling directories (eg: `opt/arsenic/bin`, `opt/xe/bin`) to your `$PATH`\n\n### Starting an Op\n\nTo start an op, run the following:\n\n```bash\narsenic init op_name\n```\n![Arsenic Init Example](/docs/examples/arsenic-init.gif)\n\n#### Customization\n\nIf you want to customize the op creation process for whatever reason, there are two ways to do so. The first is by adding custom scripts to the `scripts.init` section of the config file located in your home directory. Refer to the \"[Adding Custom Scripts](docs/docs/config.md#adding-custom-scripts)\" section of the config documentation for more information.\n\nThe second way is by creating an init hook script. The `arsenic init` command will run `as-init-op.sh` scripts located at `opt/*/scripts`, where the opt directory is where the Arsenic repository is located. Assuming the Arsenic repository is located at `$HOME/opt/arsenic`, create a script at `$HOME/opt/custom-arsenic/scripts/as-init-op.sh`. Anything in this script will execute when running `arsenic init`.\n\n### Running an Op\n\nWith the op initialized, we must fill out the `scope-domains.txt` and `scope-ips.txt` files with the op's scope. These files contain the hosts that will be used to discover new domains and IPs and will always be regarded as in scope.\n\n```bash\n# TODO: Update when scopious replaces scope command\necho example.com \u003e\u003e scope-domains.txt\necho 127.0.0.1 \u003e\u003e scope-ips.txt\n```\n\nAfter the scope has been filled out, we can now run `arsenic discover` which will use the scope to discover subdomains and IP addresses using various tools/services.\n\n![Arsenic Discover](docs/example/arsenic-discover.gif)\n\nTo see everything that was discovered, run `arsenic scope`\n\n![Arsenic Discover Scope](docs/example/arsenic-discover-scope.gif)\n\nThere may be subdomains and IPs that were discovered but that are not in scope. Refer to the [blacklist](docs/docs/config.md#blacklist) section of the config documentation for more information on how to update the blacklisted domains and IPs. If you do want to re-run the `discover` command after updating the blacklist, remove the `scope-domains-*` and `scope-ips-*` files along with the `recon/domains/*` and `recon/ips/*` directories.\n\nNow that we have discovered more subdomains and IPs, we can use Arsenic to analyze the data and group the hosts by common IP.\n\n```bash\narsenic analyze -c\n```\n\n![Arsenic Analyze](docs/example/arsenic-analyze.gif)\n\nThis will create your directories in `hosts/`. Now you can run.\n\n```bash\narsenic recon\n```\n\nThis will probably take a while... but when its done you should have port scans, content discovery, and screen shots.\n\n******\n\n### Config\n\nRefer to the [config](docs/docs/config.md) documentation for more information.\n\n### Tengo Scripting\nCurrently some of the arsenic scripts are written in the [tengo](https://github.com/d5/tengo) scripting language. These scripts use tengo builtin functions and modules along with custom functions and modules only available to arsenic scripts.\n\n#### References\n- [Standard Library](docs/docs/tengo/stdlib.md)\n- [Builtin Functions](docs/docs/tengo/builtin.md)\n- [Scripting with Arsenic](docs/docs/tengo/scripting.md)\n\n## Collaboration\n\nWorking with friends? Not a problem. [arsenic-hugo](https://github.com/analog-substance/arsenic-hugo) should make it easier to see the big picture.\n\n\u003c!-- ### Reviewing Hosts\n\n```bash\nexport REVIEWER='defektive'\n\narsenic hosts -u\n```\n***** --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanalog-substance%2Farsenic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanalog-substance%2Farsenic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanalog-substance%2Farsenic/lists"}