NuClide Research
Most recent
navigate open esc close Corpus index built 2026-06-07 23:58 UTC

← Toolchain

Featured Instrument

VisorGraph

Bill Rondell, Nick Adams & Dade Murphy — featured instrument — 1 min read — 134 words
Phase
hunt
Language
Go

High-performance infrastructure mapping with native gVisor sandboxing

§ Workflow phase

  1. 01 hunt
  2. 02 analyze
  3. 03 enrich
  4. 04 report
  5. 05 instrument

Discovery. Finds what is exposed.

VisorGraph is a typed-provenance infrastructure mapper. 14 packages, ~6.7 MB static binary. Native gVisor sandboxing for safe probing of untrusted targets, Go Vuln DB integration, built-in Prometheus and debug endpoint probes.

What it does

  • Typed-provenance graph output, every node carries the rule that produced it
  • Rule-based exposure classification with confidence scoring
  • Fixed-point passive saturation, then active probes gated on budget
  • Sandbox-MITM detection, downgrades L7 conclusions when running inside an intercepting environment
  • Prometheus and debug endpoint probes built in
  • Go Vuln DB integration for CVE matching against discovered services

Why this exists

Recon outputs are often a flat list of findings stripped from their derivation. VisorGraph keeps the derivation: every finding carries the chain of probes that produced it, so you can replay the reasoning and audit it.

Source

github.com/nuclide-research/VisorGraph

§ Used in

Used in

SURVEYS · 06

FIELD CASES · 06

§ hunt layer

Same phase