Puncia utilizes three of our intelligent APIs to gather the results -
- Subdomain Center - The World's Largest Subdomain & Shadow IT Intelligence Database
- Exploit Observer - The World's Largest Exploit & Vulnerability Intelligence Database
- Osprey Vision - The World's Most Bleeding Edge AI for Information Discovery
Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities.
Aggressive rate-limits can be avoided with an API key: https://www.arpsyndicate.io/pricing.html
- Mapping External Attack Surfaces
Identify and monitor exposed subdomains and infrastructure components across the internet. - Advanced Vulnerability Research & Monitoring
Discover and track known and emerging threats, including obscure or unlisted vulnerabilities. - Contextual Enrichment of CVE/GHSA Data
Add depth and actionable intelligence to known vulnerabilities for better prioritization. - LLM-Driven Summarization & Prompt Execution
Leverage AI to summarize web content or generate code and analysis based on natural language prompts. - Automated Vulnerability Advisory Creation
Instantly generate detailed, multilingual security advisories for discovered vulnerabilities. - Vulnerability Detection in Software Bill of Materials (SBOM)
Analyze software components for known exploits and security issues using structured SBOM data. - Seamless Integration with CI/CD & Threat Intel Workflows
Automate intelligence gathering and vulnerability checks within development or security pipelines. - Monitoring Nation-State Exploit Trends
Stay ahead of threats by tracking vulnerabilities flagged by foreign actors but not yet recognized by mainstream databases. - Replica Domain Detection & Brand Protection
Identify replica or lookalike domains that could be used in phishing or impersonation attacks. - Bulk Threat Intelligence Processing
Run batch queries (domains, vulnerabilities, etc.) for scalable analysis across large datasets or enterprise asset inventories. - Passive Reconnaissance for Red Teams
Conduct stealthy reconnaissance by using passive data sources (no direct interaction with targets). - Open Source Intelligence (OSINT) Collection
Combine subdomain, exploit, and content summarization features to enhance OSINT investigations. - Security Blog & Research Digest Automation
Automatically summarize technical blog posts and reports into actionable briefs. - Cross-Language Security Intelligence Delivery
Translate advisories or technical content into other languages for global teams and multilingual incident response. - Compliance & Risk Management Support
Enrich vulnerability data to support compliance audits (e.g., ISO 27001, SOC 2) with deeper context.
- From PyPi -
pip3 install puncia - From Source -
pip3 install .
-
(PAID) Store an API key (storekey) -
puncia storekey <api-key> -
(FREEMIUM) Interact with the LLM (chat) -
puncia chat "<prompt>" <output-file> -
(PAID) Summarize Webpages with the LLM (summarize) -
puncia summarize "<links>" <output-file> -
(FREEMIUM) Query Domains (subdomain) -
puncia subdomain <domain> <output-file> -
(FREEMIUM) Query Replica Domains (replica) -
puncia replica <domain> <output-file> -
Query Exploit & Vulnerability Identifiers (exploit)
- (FREE) Russian VIDs with no associated CVEs (^RU_NON_CVE) -
puncia exploit ^RU_NON_CVE <output-file> - (FREE) Chinese VIDs with no associated CVEs (^CN_NON_CVE) -
puncia exploit ^CN_NON_CVE <output-file> - (FREE) Vulnerability & Exploit Identifers Watchlist (^WATCHLIST_IDES) -
puncia exploit ^WATCHLIST_IDES <output-file> - (FREE) Vulnerability & Exploit Identifers Watchlist with Descriptions (^WATCHLIST_INFO) -
puncia exploit ^WATCHLIST_INFO <output-file> - (FREE) Vulnerable Technologies Watchlist (^WATCHLIST_TECH) -
puncia exploit ^WATCHLIST_TECH <output-file> - (FREEMIUM) Supported Vulnerability Identifiers -
puncia exploit <eoidentifier> <output-file>
- (FREE) Russian VIDs with no associated CVEs (^RU_NON_CVE) -
-
(PAID) Generate Vulnerability Advisory with the LLM (advisory) -
puncia advisory "<eoidentifier>|<language>" <output-file> -
(FREEMIUM) Enrich CVE/GHSA Identifiers (enrich) -
puncia enrich <cve-id/ghsa-id> <output-file> -
Multiple Queries (bulk/sbom)
- (FREEMIUM) Bulk Input JSON File Format -
puncia bulk <json-file> <output-directory>{ "subdomain": [ "domainA.com", "domainB.com" ], "replica": [ "domainA.com", "domainB.com" ], "exploit": [ "eoidentifierA", "eoidentifierB" ], "enrich": [ "eoidentifierA", "eoidentifierB" ], "advisory": [ "eoidentifierA", "eoidentifierB|GERMAN" ] } - (FREEMIUM) SBOM Input JSON File Format -
puncia sbom <json-file> <output-directory>
- (FREEMIUM) Bulk Input JSON File Format -
-
(FREEMIUM) External Import
import puncia
import asyncio
async def main():
# Without API Key
print(await puncia.query_api("exploit", "CVE-2021-3450"))
print(await puncia.query_api("subdomain", "arpsyndicate.io"))
print(await puncia.query_api("chat", "write a xss fuzzer in python"))
# With API Key
await puncia.store_key("ARPS-xxxxxxxxxx")
api_key = await puncia.read_key()
print(await puncia.query_api("subdomain", "arpsyndicate.io", apikey=api_key))
print(await puncia.query_api("exploit", "CVE-2021-3450", apikey=api_key))
print(await puncia.query_api("chat", "write a xss fuzzer in python", apikey=api_key))
print(await puncia.query_api("summarize", "https://www.osintteam.com/combating-the-darkest-depths-of-cyber-intelligence-the-pall-mall-process/", apikey=api_key))
print(await puncia.query_api("advisory", "CVE-2025-31324", apikey=api_key))
print(await puncia.query_api("advisory", "CVE-2025-31324|FRENCH", apikey=api_key))
# Run the main async function
asyncio.run(main())
- Passive Subdomain Enumeration: Uncovering More Subdomains than Subfinder & Amass
- Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or Russia didn’t.
- Utilizing GitHub Actions for gathering Subdomain & Exploit Intelligence
- Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
- PUNCIA — The Panthera(P.)uncia of Cybersecurity
- Subdomain Enumeration Tool Face-off - 2023 Edition
