πŸ”΅ BluePhoenix - Complete Module Documentation

Detailed specifications for all 32 modules in the BluePhoenix Security Suite. Every tool, function, and capability documented.

πŸ“– Documentation Scope

This page contains complete specifications for every BluePhoenix module.
Each module is documented with: Purpose, Inputs, Outputs, Technical Details, and Example Usage.

🌐 CORE RECONNAISSANCE TOOLS (17 Modules)

πŸ” 01. IP Coannler

Purpose: Scans for active channels/ports across IP ranges with customizable parameters
Input: IP range/CIDR, port range, timeout, threads
Output: List of active IP:port combinations with service banners
Technology: Multithreaded socket connections, TCP handshake analysis
Example Command: coannler 192.168.1.0/24 -p 80,443,22 -t 5

πŸ”Œ 02. IP Port Scanner

Purpose: Comprehensive port scanning with service detection and version fingerprinting
Input: Single IP or hostname, port list, scan type (SYN, CONNECT, UDP)
Output: Detailed port status table with service names, versions, and banners
Technology: Raw socket programming, TCP flag manipulation, service fingerprint database
Example Output: 
PORT     STATE    SERVICE        VERSION
22/tcp   open     ssh            OpenSSH 8.2p1
80/tcp   open     http           Apache 2.4.46
443/tcp  open     ssl/http       nginx 1.18.0
3306/tcp filtered mysql

πŸ“‘ 03. IP Pinger

Purpose: Network host discovery and latency measurement using ICMP echo requests
Input: IP range, count of packets, timeout, packet size
Output: Live ping statistics: reachability, response times, packet loss percentage
Technology: ICMP protocol implementation, TTL tracking, statistical analysis
Metrics: Min/Avg/Max latency, jitter, packet loss %, successful responses

πŸ•΅οΈ 04. Dox Tracker

Purpose: Aggregates publicly available information about individuals from multiple sources
Input: Name, username, email, phone number, or other identifiers
Output: Consolidated profile: social media accounts, forum activity, data breaches
Sources: Social media APIs, public records, breach databases, web scraping
Data Points: Name variations, addresses, phone numbers, emails, usernames, photos, employment

πŸ“Έ 05. Image EXIF Data Extractor

Purpose: Extracts and analyzes metadata from image files for forensic investigation
Input: Image file path or URL (JPG, PNG, TIFF, RAW formats)
Output: Structured metadata: GPS coordinates, camera settings, timestamps, editing history
EXIF Tags: Make/Model, DateTime, GPS Lat/Lon, Altitude, Software, Artist, Copyright
Analysis: Geolocation mapping, timeline reconstruction, device identification

πŸ”Ž 06. Google Dorking Assistant

Purpose: Advanced Google search operators to find sensitive information and vulnerabilities
Input: Target domain, file types, search operators, custom dorks
Output: Curated search results: exposed files, directories, credentials, admin panels
Dork Types: Filetype searches, intitle/inurl, cache viewing, site-specific, login pages
Example Dorks: site:target.com filetype:pdf
inurl:admin login
intitle:"index of" "parent directory"

πŸ‘€ 07. Username Tracker

Purpose: Checks username availability across 100+ social media and forum platforms
Input: Username to search, platform selection (all or specific)
Output: Matrix of platform availability with profile URLs and activity indicators
Platforms: Twitter, Instagram, GitHub, Reddit, TikTok, Steam, eBay, etc.
Detection Methods: HTTP status codes, page content analysis, API queries, error message patterns

πŸ“§ 08. Email Tracker

Purpose: Analyzes email addresses for validity, associated accounts, and breach history
Input: Email address, verification depth level
Output: Email analysis: valid format, MX records, disposable status, breach counts
Checks: Syntax validation, domain existence, SMTP verification, role account detection
Breach Data: Number of breaches, dates, types of data exposed (passwords, IPs, etc.)

πŸ“¨ 09. Email Lookup

Purpose: Reverse email search to find associated names, profiles, and online presence
Input: Email address for reverse lookup
Output: Person profiles: real names, social accounts, employment, location data
Sources: Data brokers, social media APIs, professional networks, public records
Privacy Levels: Varies by source - some require opt-in, others aggregate public data only

πŸ“± 10. Phone Number Lookup

Purpose: Identifies phone number details: carrier, location, line type, and possible owner
Input: Phone number with country code
Output: Carrier info, geographic location, number type (mobile/landline/VoIP), validity
Databases: Number portability databases, carrier lookups, public directories
Accuracy: Varies by country and carrier; mobile numbers more accurate than landlines

🌍 11. IP Lookup

Purpose: Comprehensive IP address intelligence: geolocation, ISP, threat reputation
Input: IPv4 or IPv6 address
Output: Country, city, coordinates, ISP, organization, AS number, threat score
Data Sources: MaxMind GeoIP, IP2Location, abuse databases, RIR records
Threat Intel: VirusTotal scans, abuse reports, proxy/VPN detection, botnet associations

🚨 12. Vulnerability Scanner

Purpose: Automated security vulnerability detection in web applications and networks
Input: Target URL or IP, scan depth, vulnerability types to check
Output: Vulnerability report with CVSS scores, proof-of-concept, remediation advice
Test Types: SQL injection, XSS, CSRF, file inclusion, command injection, misconfigurations
Status: 🚧 WORK IN PROGRESS - Core framework complete, adding exploit modules

πŸ” 13. Hash Identifier

Purpose: Identifies cryptographic hash algorithms from hash strings
Input: Hash string (MD5, SHA1, SHA256, bcrypt, etc.)
Output: Algorithm name, hash length, salt detection, possible hash type
Algorithms: 40+ hash types: MD family, SHA family, bcrypt, scrypt, NTLM, LM, etc.
Detection Method: Pattern matching, length analysis, character set, prefix/suffix patterns

πŸ’₯ 14. Breach Checker

Purpose: Checks if email/username appears in known data breaches
Input: Email address or username
Output: List of breaches with dates, data types exposed, and severity ratings
Sources: HaveIBeenPwned API, DeHashed, breach notification databases
Data Exposed: Emails, passwords, IPs, names, phone numbers, credit cards, addresses

πŸ“Ά 15. WiFi Analyzer

Purpose: Wireless network discovery, signal analysis, and security assessment
Input: Wireless interface, scan duration, channel selection
Output: WiFi networks: SSID, BSSID, channel, signal strength, encryption, clients
Capabilities: Channel interference analysis, signal heatmaps, rogue AP detection
Status: 🚧 WORK IN PROGRESS - Requires platform-specific wireless libraries

🎣 16. Phishing Assistant

Purpose: Educational tool for phishing awareness and security training
Input: URL or email content to analyze, training scenario selection
Output: Phishing indicators: suspicious links, domain age, SSL issues, content analysis
Detection Methods: URL analysis, domain reputation, email header inspection, content patterns
Training Mode: Simulated phishing tests with educational feedback and prevention tips

πŸ‘Ή 17. Threat Actor Profile Lookup

Purpose: Research tool for gathering intelligence on known threat actors and APT groups
Input: Threat actor name, alias, or associated indicators (IPs, domains, hashes)
Output: Threat profile: aliases, tactics, techniques, tools, targets, timelines
Sources: MITRE ATT&CK, threat intelligence feeds, security vendor reports
Data Points: Country of origin, motivation, target sectors, malware families, C2 infrastructure

πŸ’» IT ADMINISTRATION TOOLS (9 Modules)

πŸ—ΊοΈ 18. Network Mapper

Purpose: Discovers and maps network topology, devices, and connections
Input: Network range, discovery methods (ARP, ICMP, SNMP), OS detection
Output: Network diagram with devices, IPs, MACs, OS types, and relationships
Techniques: ARP scanning, traceroute, SNMP walking, MAC vendor lookup
Visualization: ASCII diagrams, Graphviz exports, interactive HTML maps

βš™οΈ 19. Service Scanner

Purpose: Detects and analyzes running services on network hosts
Input: Target IP/hostname, port range, banner grabbing, service fingerprinting
Output: Service inventory: name, version, configuration, vulnerabilities
Service DB: 500+ service signatures: HTTP, FTP, SSH, databases, industrial control
Analysis: Version comparison, EOL detection, known vulnerabilities, patch status

🌐 20. DNS Analyzer

Purpose: Comprehensive DNS record analysis and enumeration
Input: Domain name, record types, DNS server, brute-force wordlist
Output: DNS records: A, AAAA, MX, TXT, CNAME, NS, SOA, PTR, SRV
Features: Zone transfers, reverse DNS, subdomain enumeration, DNS security checks
Security Checks: DNSSEC validation, SPF/DKIM/DMARC records, open resolvers, cache poisoning

πŸ”’ 21. SSL Certificate Checker

Purpose: Analyzes SSL/TLS certificates for security and configuration issues
Input: Hostname:port (usually 443), protocol versions, cipher suites
Output: Certificate details, expiry, issuer, validation, vulnerabilities
Checks: Expiration, chain validation, weak ciphers, HSTS, OCSP stapling
Vulnerabilities: Heartbleed, POODLE, BEAST, CRIME, BREACH, FREAK, Logjam

πŸ’» 22. System Information

Purpose: Comprehensive system diagnostics and hardware/software inventory
Input: Local system or remote host (with credentials)
Output: Detailed system profile: OS, hardware, network, users, processes, services
Hardware Details: CPU, RAM, disks, GPU, motherboard, BIOS, temperatures, fan speeds
Software Details: OS version, installed programs, updates, patches, security settings

🎯 23. Exploit Finder

Purpose: Searches exploit databases for vulnerabilities in specific software/hardware
Input: Software name, version, CVE ID, or platform
Output: Matching exploits with descriptions, platforms, authors, and verification
Databases: Exploit-DB, Metasploit, CVE databases, GitHub, security advisories
Filtering: By platform, type (remote/local), difficulty, verified status, publication date

🦠 24. Malware Scanner

Purpose: Detects malicious files and processes using signature and behavioral analysis
Input: File path, directory, or process ID to scan
Output: Malware detection report: threats found, severity, removal recommendations
Detection Methods: Hash matching, YARA rules, heuristic analysis, sandboxing, API monitoring
Threat Types: Viruses, trojans, ransomware, spyware, rootkits, worms, adware, PUPs

πŸ“‹ 25. Log Analyzer

Purpose: Parses and analyzes system and application logs for troubleshooting and security
Input: Log file(s), log type (syslog, Apache, Windows Event, firewall, etc.)
Output: Statistical analysis, patterns, anomalies, errors, security events, trends
Analysis: Time series, IP frequency, error rates, correlation, alert generation
Log Types: System logs, web server, database, firewall, IDS/IPS, application, audit

πŸ”„ 26. Port Forwarding

Purpose: Manages port forwarding rules for routers and firewalls
Input: Router IP, credentials, forwarding rules (external:internal ports)
Output: Configuration status, active rules, verification tests, security warnings
Router Support: Consumer routers (Netgear, Linksys, TP-Link), pfSense, Ubiquiti
Security Features: Rule validation, conflict detection, exposure assessment, recommendation engine

πŸ›‘οΈ CYBERSECURITY TOOLS (6 Modules)

πŸ”‘ 27. Password Auditor

Purpose: Assesses password strength and security policies
Input: Password(s) to test, policy requirements, wordlists for cracking
Output: Strength score, entropy, crack time estimates, policy compliance
Testing Methods: Dictionary attacks, brute force, pattern analysis, common password checks
Metrics: Entropy bits, crack time (online/offline), strength classification, recommendations

πŸ›‘οΈ 28. Network Defender

Purpose: Network security monitoring and intrusion detection system
Input: Network interface, rule sets, alert thresholds, monitoring duration
Output: Security alerts, traffic analysis, anomaly detection, incident reports
Detection: Port scans, DoS attempts, malware C2, data exfiltration, policy violations
Response: Alert notifications, traffic blocking, logging, reporting, integration with firewalls

πŸ“Š 29. Threat Intelligence Feeds

Purpose: Aggregates and analyzes threat intelligence from multiple sources
Input: Feed URLs, API keys, update intervals, filtering criteria
Output: Threat indicators: IPs, domains, URLs, file hashes, with context and severity
Sources: AlienVault OTX, Abuse.ch, ThreatConnect, VirusTotal, CISA, commercial feeds
Integration: Automatic updates, local database, export formats (STIX/TAXII), alerting

πŸ€ 30. RAT Server

Purpose: Remote Administration Tool for legitimate system management and testing
Input: Server configuration, client connections, commands to execute
Output: Remote system control, file transfer, screen capture, keylogging (ethical)
Features: Encrypted communication, multi-client support, persistence, stealth mode
Status: 🚧 WORK IN PROGRESS - Core server/client communication established

πŸ“¦ 31. Packet Sniffer

Purpose: Captures and analyzes network traffic at the packet level
Input: Network interface, filter expression, capture duration, packet count
Output: Packet capture file, protocol analysis, traffic statistics, anomalies
Protocols: Ethernet, IP, TCP, UDP, HTTP, DNS, DHCP, ARP, ICMP, TLS/SSL
Analysis: Conversation tracking, flow analysis, payload inspection, pattern matching

πŸ•ΈοΈ 32. Web Scraper

Purpose: Extracts data from websites for analysis, monitoring, and intelligence
Input: URL(s), extraction rules, depth, rate limiting, authentication
Output: Structured data: text, images, links, tables, metadata in various formats
Techniques: HTML parsing, CSS selectors, XPath, regex, AJAX handling, JavaScript rendering
Output Formats: CSV, JSON, XML, SQL database, Excel, PDF reports

πŸ“Š Module Statistics Summary

Category Modules Ready WIP Lines of Code (est.)
Core Reconnaissance 17 15 2 ~8,500
IT Administration 9 9 0 ~6,200
Cybersecurity 6 5 1 ~4,800
TOTALS 32 29 3 ~19,500
← Back to Wiki