JAXEN

JAXEN is a stateful Go recon framework. Shodan integration with a local SQLite ledger, AI/LLM hunting modes, Menlo gateway enumeration, continuous diffing between scans, and deep TLS forensics for direct-IP cert attribution.

What it does

• Shodan-driven discovery with persistent state
• AI/LLM hunting modes (Ollama, vLLM, MCP, vector DBs, gateways)
• Menlo Security gateway enumeration
• Continuous diff between scans, surface changes over time
• Direct-IP TLS probe (no SNI), surfaces customer OV/EV certs on vendor infra
• SQLite-backed ledger so every scan is queryable later

Why this exists

Field engagements are stateful. The same target gets re-checked weeks later, and what changed between scans matters more than the snapshot. JAXEN holds that state and surfaces deltas.