Multi-source AI infrastructure discovery for government networks.
VisorGoose discovers exposed AI services (Ollama, Open WebUI) on government TLDs using three parallel intake sources: certificate transparency logs, Shodan, and DNS resolution. Inspired by CISA's Untitled Goose Tool — repurposed for AI infrastructure OSINT.
Part of the NuClide AI-LLM-Infrastructure-OSINT toolkit.
Claude Code can drive VisorGoose scans, interpret probe results, and chain discoveries into disclosure reports or exploitation paths.
Run `visorgoose scan --tld go.id --vpn-country id` and analyze the output. For each node flagged with TAKEOVER or CVE-2025-63389, describe the full exploitation chain: what an attacker can do, what evidence to capture as proof, and what the disclosure should include.
I have a visorgoose-state.json with 40 nodes. Group them by sector and org_country. For government nodes with account_takeover == true, draft a disclosure email to ID-CERT with a structured finding summary.
| Source | Method | Gap It Fills |
|---|---|---|
| CT logs (crt.sh) | %.go.id cert transparency queries |
Finds gov subdomains Shodan never scanned |
| Shodan | port:11434 hostname:".go.id" |
Live, indexed Ollama instances |
| DNS | A-record resolution of CT hostnames | Bridges hostnames → IPs |
After collection, each IP is probed for:
- Ollama (port 11434): models, system prompts, CVE-2025-63389, cloud proxy takeovers
- Tags:
TAKEOVER,CVE-2025-63389,CLOUD,RAG,DISTILLED
go install github.com/Nicholas-Kloster/visorgoose@latestOr build from source:
git clone https://github.com/Nicholas-Kloster/visorgoose
cd visorgoose
go build -o visorgoose .export SHODAN_API_KEY=your_key
visorgoose densityvisorgoose scan --shodan-key $SHODAN_API_KEY --report report.mdvisorgoose scan --tld .go.id --rotate-every 5visorgoose probe 103.107.245.11 103.156.110.80
visorgoose probe 16.64.116.67 --jsonvisorgoose diff --prev visorgoose-state-2026-04-01.jsonvisorgoose report --out findings.mdVPN is enforced by default. VisorGoose checks Mullvad status before scanning and optionally rotates the exit relay between probe batches.
# auto-connect if Mullvad is down
visorgoose scan --auto-vpn
# rotate exit relay every 5 probes
visorgoose scan --rotate-every 5
# bypass VPN check (not recommended)
visorgoose scan --no-vpnRouting uses attribution-break exits: US targets route via NL/Amsterdam, CN via SE/Stockholm, etc.
25 patterns across: .gov .mil .go.id .gov.br .gov.tw .gouv.fr .gob.mx .go.jp .gov.in .gov.au .gov.uk .gc.ca .gob.es .gov.cn .gov.za .go.kr .gov.sg .go.th .gob.ar .gov.my .gov.ph .gov.pk .gov.vn .gov.ng .gov.eg
State is persisted as JSON (visorgoose-state.json) with first-seen/last-seen timestamps for longitudinal tracking. Reports are Markdown with a findings table and per-node detail.
- aimap — deep AI service fingerprinter (36 services, 26 enumerators)
- AI-LLM-Infrastructure-OSINT — case study repository
VisorGoose is a passive-first discovery tool. CT log queries and DNS resolution are passive. Ollama probing (reading /api/tags, /api/version) is read-only enumeration of publicly exposed services.
Active exploitation (CVE-2025-63389 system prompt injection, cloud account takeover) requires explicit written authorization. VisorGoose tests for these but does not exploit them.
Findings should be disclosed to the affected organization and their national CERT.
NuClide Research · nuclide-research.com