{"id":29543968,"url":"https://github.com/exfil0/ironveil","last_synced_at":"2025-07-17T14:13:23.400Z","repository":{"id":304229735,"uuid":"1018177195","full_name":"exfil0/IronVeil","owner":"exfil0","description":"Iron Veil is a comprehensive, militarized subdomain enumeration and verification tool built in Python.","archived":false,"fork":false,"pushed_at":"2025-07-11T20:34:23.000Z","size":28,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-11T20:34:41.337Z","etag":null,"topics":["active-discovery","live-verification","passive-reconnaissance","port-scanner","python","recursion","scalable","stealth","subdomain-enumeration","subdomain-scanner","wildcard-filtering"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/exfil0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-11T18:36:12.000Z","updated_at":"2025-07-11T20:34:26.000Z","dependencies_parsed_at":"2025-07-11T20:34:43.683Z","dependency_job_id":"cdc4aa33-52dd-444b-bc4f-bbccf8aef7a7","html_url":"https://github.com/exfil0/IronVeil","commit_stats":null,"previous_names":["exfil0/ironvell"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/exfil0/IronVeil","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2FIronVeil","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2FIronVeil/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2FIronVeil/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2FIronVeil/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/exfil0","download_url":"https://codeload.github.com/exfil0/IronVeil/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2FIronVeil/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265614678,"owners_count":23798492,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-discovery","live-verification","passive-reconnaissance","port-scanner","python","recursion","scalable","stealth","subdomain-enumeration","subdomain-scanner","wildcard-filtering"],"created_at":"2025-07-17T14:13:19.500Z","updated_at":"2025-07-17T14:13:23.395Z","avatar_url":"https://github.com/exfil0.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Operation Iron Veil: Hardened \u0026 Sharpened Subdomain Enumerator\n\n**Operation Iron Veil** is a comprehensive, militarized subdomain enumeration and verification tool built in Python. It combines passive reconnaissance from multiple OSINT sources, active DNS brute-forcing and permutation generation, HTTP/S probing for live verification, certificate SAN extraction for additional discovery, basic port scanning, and recursive sub-subdomain enumeration. Designed for security researchers, penetration testers, and bug bounty hunters, it maximizes subdomain discovery while minimizing false positives through smart wildcard filtering (IP and content-based).\n\nThe tool is multi-threaded for efficiency, resilient with backoff retries, and configurable via CLI flags. It supports proxy rotation for stealth, rate limiting to avoid detection, and outputs in TXT (live subdomains), JSONL (detailed data), and CSV (structured export).\n\n**Key Goals:**\n- Discover as many subdomains as possible \"without missing any\" (though complete enumeration is impossible due to private DNS, etc.).\n- Verify live hosts with HTTP/S probes and extract fingerprints (titles, servers, certs).\n- Ethical use only: Always obtain permission before scanning.\n\n## Features\n\n- **Passive Recon Sources:** crt.sh, HackerTarget, VirusTotal (API key optional), Wayback Machine, BufferOver.run, AlienVault OTX, DNSdumpster.\n- **Active Discovery:** Brute-force with wordlists, permutation generation (prefix/suffix, typos, numbers), zone transfer attempts.\n- **Wildcard Filtering:** IP and content/title hashing to reduce false positives from wildcard DNS configs.\n- **Live Verification:** HTTP/S probing for status, redirects, titles, headers, content hashes, and TLS cert SANs/CN (discovers more subs).\n- **Port Scanning:** Optional quick check on common ports for live hosts.\n- **Recursion:** Depth-limited sub-subdomain enumeration based on CNAME/NS or multi-level subs.\n- **Resilience \u0026 Stealth:** Proxy support, UA rotation, resolver rotation, backoff retries with jitter, configurable rate limiting.\n- **Outputs:** TXT (live subs), JSONL (incremental detailed data), CSV (structured with all fields).\n- **Thread Safety:** Locks for shared data, efficient concurrency.\n\n## Installation\n\nClone the repository:\n```\ngit clone https://github.com/exfil0/IronVeil.git\ncd IronVeil\n```\n\nInstall dependencies:\n```\npip install -r requirements.txt\n```\n\nFor CLI usage (install as package):\n```\npip install -e .\n```\nThis allows running as `ironveil [options]` instead of `python -m src.cli [options]`.\n\n## Dependencies\n\n- **requests:** For HTTP/S probing and API calls.\n- **dnspython:** For DNS resolution and zone transfers.\n- **backoff:** For exponential backoff retries.\n- **cryptography:** For TLS cert parsing (SAN/CN extraction).\n\nStandard libraries (no install needed): re, time, json, random, collections, sys, threading, urllib.parse, os, hashlib, socket, logging, ssl, csv.\n\nNote: No internet access required beyond APIs/web; no additional pip installs during runtime.\n\n## Usage\n\nAfter installation, run via `ironveil [options]` (or `python -m src.cli [options]` without `-e` install). Required: `--domain`.\n\n### CLI Options\n```\nusage: ironveil [-h] -d DOMAIN [-w WORDLIST] [-o OUTPUT] [-t THREADS] [--timeout TIMEOUT] [-v] [-r RECURSION] [-p PROXIES] [--no-probe] [--port-scan] [--rate-limit RATE_LIMIT]\n\nMilitarized Subdomain Enumerator and Verifier (Operation Iron Veil: Hardened \u0026 Sharpened)\n\noptions:\n  -h, --help            show this help message and exit\n  -d DOMAIN, --domain DOMAIN\n                        Target domain (e.g., example.com)\n  -w WORDLIST, --wordlist WORDLIST\n                        Path to wordlist for brute-force. If not provided, a small default will be created.\n  -o OUTPUT, --output OUTPUT\n                        Base path for output files (e.g., 'results.txt' will create 'results.jsonl' and 'results.csv').\n  -t THREADS, --threads THREADS\n                        Number of concurrent threads (default: 20).\n  --timeout TIMEOUT     Request timeout in seconds for HTTP/S and DNS (default: 10).\n  -v, --verbose         Enable verbose logging (display debug messages).\n  -r RECURSION, --recursion RECURSION\n                        Recursion depth for sub-subdomains (0 for none, max 2 recommended). Caution: can significantly increase scan time and network load.\n  -p PROXIES, --proxies PROXIES\n                        Path to a file containing proxies (e.g., http://user:pass@ip:port), one per line.\n  --no-probe            Disable HTTP/S probing and verification of resolved subdomains.\n  --port-scan           Enable basic port scanning on live HTTP/S subdomains for common ports.\n  --rate-limit RATE_LIMIT\n                        Add a delay between requests *per thread* in seconds (e.g., 0.1 for 100ms delay). Helps avoid rate limiting.\n```\n\n### Examples\n\n1. **Basic Scan (Passive + Brute-Force):**\n   ```\n   ironveil -d example.com -w subdomains.txt -v\n   ```\n   - Uses default wordlist if not provided.\n   - Verbose mode for detailed logs.\n\n2. **Full Scan with Probing, Port Scan, and Recursion:**\n   ```\n   ironveil -d example.com -w subdomains-top1million.txt -o results.txt -r 1 --port-scan --rate-limit 0.2 -p proxies.txt\n   ```\n   - Enables recursion (depth 1), port scanning, 200ms delay per thread, proxies.\n   - Outputs: results.txt (live subs), results.jsonl (detailed), results.csv (structured).\n\n3. **Passive-Only (No Active/Probe):**\n   ```\n   ironveil -d example.com --no-probe\n   ```\n   - Quick, stealthy recon from OSINT sources.\n\n4. **With VirusTotal API (Set Env Var):**\n   ```\n   export VEIL_VT_API_KEY=your_key_here\n   ironveil -d example.com\n   ```\n\n## Project Structure\n```\nIronVeil/\n├── src/                  # Core source code\n│   ├── ironveil/         # Package namespace\n│   │   ├── __init__.py\n│   │   ├── config.py     # Constants, logger, API keys\n│   │   ├── enumerator.py # Main class\n│   │   ├── phases/       # Modular phases (passive, active, etc.)\n│   │   └── utils/        # Helpers (DNS, HTTP, output)\n│   └── cli.py            # CLI entry point\n├── tests/                # Unit tests\n├── docs/                 # Additional docs\n├── examples/             # Samples (wordlists, proxies)\n├── .gitignore\n├── LICENSE\n├── README.md\n├── requirements.txt\n├── setup.py\n└── pyproject.toml\n```\n\n## API Keys\nSet environment variables for optional APIs:\n- `VEIL_VT_API_KEY`: VirusTotal (passive_virustotal).\n\nAdd more in `src/ironveil/config.py` if extending sources.\n\n## Ethical Considerations\n- **Legal Use Only:** Subdomain enumeration can be seen as reconnaissance. Obtain explicit permission before scanning third-party domains. Active probing/port scanning may trigger alerts or violate terms.\n- **Rate Limiting:** Use `--rate-limit` to respect API/DNS limits.\n- **Proxies:** For anonymity, but ensure ethical sourcing.\n\n## Contributing\n- Fork the repo and create a PR.\n- Add new passive sources in `phases/passive.py` and call in `phase_passive_recon`.\n- Run tests: `pytest tests/`.\n- Follow PEP8; add docs/tests for changes.\n\n## Limitations \u0026 Future Improvements\n- IPv6 probing/port scan not fully supported (focuses on IPv4 primary IP).\n- No tech fingerprinting/vuln checks (e.g., Wappalyzer, CVE lookup).\n- Extend passive sources (e.g., Shodan with key).\n- Screenshots or advanced media analysis not included.\n\nContributions welcome! Report issues or suggest features.\n\n## License\nMIT License. Use at your own risk.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexfil0%2Fironveil","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexfil0%2Fironveil","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexfil0%2Fironveil/lists"}