🚀 ENV-FUCKER: Fast exposure recon for "authorized" infrastructure.

What it is
One binary: TUI wizard, CLI batch, streaming crawler, or timed auto loop. Same scanner, same artifacts everywhere.

Core scanning
- ~1.7k effective paths per host with encoding tricks.
- Three transports: HTTP, HTTPS, DNS-smart HTTPS for correct virtual hosts.
- Strong validator: size/content-type gates, binary/HTML-noise handling, dedupe, caps, resumable checkpoints, optional diff vs. previous run.
- Worker presets: 256 up to ~2k goroutines.

Discovery
- Sources: File/stdin lists, CT roots, CIDR expansion, or crawler mode (multi-source BFS + TLS-name feedback).
- Shodan: Free InternetDB mixed in; paid membership seeding requires a key/credit budget.

CVE layer
- 75 built-in fingerprints, 122 mapped CVE IDs.
- KEV + live FIRST EPSS, version-aware applicability, junk-aware saves.

Outputs & Ops
- Logs: Stable run/finding IDs, critical mirror, secrets table, AI aggregate, per-vendor key extracts.
- Extras: Live verification, webhooks, HTML/CSV reports, Nuclei-style URL feed, Prometheus metrics, cross-host dedupe, run bundle with manifest.
- Networking: Rotating proxy pool, preflight checks, error visibility, output profiles, legacy mode.

@half to reserve a spot.

Another update just landed 🚀

Expansions 📦:

• New pattern: anthropic-admin-key (`sk-ant-admin…`)
• Base64 body expansion — keys hidden in K8s/CI blobs now surface automatically 🔍
• Anchor-gated decoder: max 8 windows × 4 KiB, 256 KiB budget
• Cross-view dedupe so the same secret never double-scores 🛡️
• Added stringData: sk-proj-, sk-or-, hf_, "api_key": expansion anchors 🔑
• 17 new corpus paths (Bun, Deno, Wrangler .dev.vars, ArgoCD, Netlify, ORM configs)

CVE Expansion + New Discovery 🔎

• 4 new CVE catalog YAML files (~33 fingerprints):
apache.yaml — httpd, Tomcat, Struts, Solr, Druid, Superset, NiFi, OFBiz
nginx.yaml — nginx, NGINX Unit, OpenResty, ingress-controller, NPM
web-apps.yaml — Laravel, Django, Rails, WordPress, Joomla, Moodle, Drupal, Magento, PrestaShop, TYPO3, OpenCart
middleware.yaml — JBoss, WebLogic, ColdFusion, Exchange OWA (ProxyLogon), SharePoint
*Covers 20+ KEV entries (CISA Known Exploited)* 🚨
• 8 new signal patterns: github_pat_ (fine-grained PATs), glpat- (GitLab PAT), glcbt- (GitLab CI token), CLOUDFLARE_API_TOKEN, FlyV1 ([Fly.io](http://Fly.io/)), pscale_tkn_ (PlanetScale), [dp.st](http://dp.st/) (Doppler service), HUBSPOT_API_KEY
• signalCategory coverage test — fails loudly when a new pattern skips the 4-file checklist ⚠️
• 3 opt-in discovery sources (activate via env var, zero cost otherwise):
GITHUB_TOKEN → GitHub Code Search
VT_API_KEY → VirusTotal passive DNS
NETLAS_API_KEY → [Netlas.io](http://Netlas.io/)
• 33 pre-existing signalCategory gaps fixed (`openai-session`, xai-key, firebase, azure-openai, npm-auth-token, square, plaid, etc.)

NEW FUNCTIONS ⚙️
• HTML report now fully interactive (vanilla JS, no CDN):
— Live search/filter across all hits 🔍
— Clickable sort on Bucket and Score columns 📊
— CSV export button (visible rows only) 📥
• Smart (auto) TUI preset — reads input file line count, picks:
≤100 hosts → Targeted | ≤10K → Fast & Loose
≤500K → Mass Scan | >500K → Beast 🦍

New Update:

- 67 more Shodan presets (was 27) 🔍
- 24 new CVE fingerprints 🛡️
- Cross run dedupe (re-running same output directory skips already scanned hosts) ⚡
- Stability Fixes 🛠️

🛠 Working on the biggest and hopefully last update of the program (still updating weekly with new CVE's)! After this update, I'll release 1 KEY PER WEEK. ⚠️ The price will increase every time a key is sold! 🚀

Little recap on the tool: 🔍

Probes authorized targets across 3 transport modes (HTTP, HTTPS, HTTPS+DNS) against a corpus of 943 paths — .env files, cloud credentials, Terraform state, Spring Boot actuators, CI configs and more. Up to 1,000 goroutines running simultaneously, ~**2,800 probes** per host. ⚡

Discovers targets from 13 sources — crt.sh, CertSpotter, urlscan, OTX, CommonCrawl, Shodan, RapidDNS, bufferover, subdomain.center, brute-DNS, GitHub codesearch, VirusTotal, Netlas. Optional ASN expansion, permutation, archive.org. 🌐

Detects & live-verifies secrets from 80 providers: AWS, GitHub, OpenAI, Anthropic, Stripe, Slack, 24+ AI/LLM APIs (Groq, Mistral, Replicate, Together, Perplexity…), BaaS platforms, deployment services and more — hitting vendor endpoints directly to confirm if keys are still active. 🔐

CVE correlation on 129 fingerprinted products (Confluence, GitLab, Jenkins, Spring, Kubernetes…) covering 230 CVEs enriched with CISA KEV flags and EPSS exploit probability scores. 🛡️

Output: streaming JSONL, CSV, self-contained HTML report, per-provider key files, Nuclei feed, Discord/Slack webhook — everything written atomically with crash-resume support. 📤

1st key sold, next drop next friday

Im currently merging envfucker with my automatic audit tool. No market equivalent exists. Interested? Weekly price: xx.xxx. DM me. Access includes my personal RAG (X4 A40 Nvidia + 150GB RAM server) with constant ingestion and manual auditing.

In the meanwhile im leaving 5 spots for envfucker 2k$/month , needs at least 12GB of VRAM + at least 32GB of RAM

also needs shodan api key ( enterprise one if you want to use it at its fully capacity , costs around ~150$ ) + proxies ( datacenter runs good )

@half for more infos and to purchase