Puncia utilizes two of our intelligent APIs to gather the results -

• Subdomain Center - The World's Fastest Growing Subdomain & Shadow IT Intelligence Database
  
• Exploit Observer - The World's Largest Exploit & Vulnerability Intelligence Database

Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities.

Aggressive rate-limits can be avoided with an API key: https://arpsyndicate.io/pricing.html

1. From PyPi - pip3 install puncia
2. From Source - pip3 install .
   

1. Query Domains - puncia subdomain <domain> <output-file>
2. Query Exploit & Vulnerability Identifiers - puncia exploit <eoidentifier> <output-file>
   • Russian VIDs with no associated CVEs (^RU_NON_CVE)
   • Chinese VIDs with no associated CVEs (^CN_NON_CVE)
   • Supported Vulnerability Identifiers
3. Bulk Queries - puncia exploit <json-file> <output-directory>
   
4. Store an API key - puncia storekey <api-key>
   

{
    "subdomain": [
        "domainA.com",
        "domainB.com"
    ],
    "exploit": [
        "eoidentifierA",
        "eoidentifierB"
    ]
}

• Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or Russia didn’t.
• Utilizing GitHub Actions for gathering Subdomain & Exploit Intelligence
• Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
• PUNCIA — The Panthera(P.)uncia of Cybersecurity
• Subdomain Enumeration Tool Face-off - 2023 Edition

• Attack Surface Management
• Open Source Intelligence
• Free Vulnerability Assessment Report