Skip to content

Latest commit

 

History

History
101 lines (67 loc) · 4.45 KB

File metadata and controls

101 lines (67 loc) · 4.45 KB

dio-lookup · disclose.io

dio-lookup

Pipe internet assets into lookup.disclose.io and get security-disclosure contacts back — Unix-style, from your terminal.

license lookup lookup.disclose.io use in%20the%20CLI PRs welcome

Part of the disclose.io Project — the open, vendor-neutral infrastructure for vulnerability disclosure. Browse the ecosystem →


dio-lookup

Pipe internet assets to lookup.disclose.io and get the right security-disclosure contact for each — as JSONL, built for recon pipelines.

Give it a domain, IP, ASN, URL, email, package, repo, container, cloud resource, mobile app, hardware, browser extension, or org name; get back the owner and where to report a vulnerability (security.txt, bug bounty program, VDP, PSIRT, national CERT).

subfinder -d example.com | httpx -silent | dio-lookup > contacts.jsonl
cat hosts.txt | dio-lookup -c 8
dio-lookup cloudflare.com npm:express gh:facebook/react

Install

With Bun (run from source):

bun install -g dio-lookup        # or: git clone + bun link

Prebuilt binary (no runtime needed) — grab the right asset from Releases, then:

chmod +x dio-lookup && sudo mv dio-lookup /usr/local/bin/

Usage

dio-lookup [options] [asset ...]
cat hosts.txt | dio-lookup [options]

  -c, --concurrency N   parallel requests (default 5)
  -k, --key KEY         API key (raises rate limits); or set DIO_API_KEY
      --api URL         API endpoint (default https://lookup.disclose.io/api/lookup)
      --full            emit the full LookupResult instead of the compact summary
      --nuclei          read `nuclei -jsonl` on stdin: extract & de-duplicate the
                        scanned hosts, then enrich each one
  -V, --version         print version
  -h, --help            help

One JSON object per asset on stdout. Compact form:

{"input":"cloudflare.com","assetType":"domain","status":"complete","organization":"Cloudflare","jurisdiction":"US","contacts":[{"type":"security_txt","value":"https://www.cloudflare.com/.well-known/security.txt","confidence":"high"}]}

Pull just the reporting channels with jq:

cat hosts.txt | dio-lookup | jq -r 'select(.status=="complete") | "\(.input)\t\(.contacts[0].value)"'

Nuclei

Close the loop from "found something" to "here's who to tell." Pipe a Nuclei scan straight into dio-lookup and get the disclosure contact for every host it touched:

nuclei -u example.com -jsonl | dio-lookup --nuclei

--nuclei reads Nuclei's JSONL (one finding object per line — not bare hosts), pulls the scanned host from each finding, and de-duplicates before looking anything up. That dedupe matters: a scan can emit hundreds of findings across the same handful of hosts, and collapsing them to one lookup per unique host keeps you well under the API rate limit. For large scans, pass an API key (-k / DIO_API_KEY).

Prefer no extra flag? This bridge is equivalent and works with any dio-lookup:

nuclei -u example.com -jsonl | jq -r '.host' | sort -u | dio-lookup

Heads-up: each scanned host is sent to lookup.disclose.io (which logs requests). For target lists under NDA, use the deduped form and mind the egress.

Notes

  • Free and anonymous. A free API key only raises rate limits — request one by emailing hello@disclose.io. Pass it with -k or DIO_API_KEY.
  • Honors the API's Retry-After on 429 and retries transient failures.
  • --full emits the complete LookupResult (attribution, contacts, resolution chain, data sources) — see the OpenAPI spec.

A disclose.io project. MIT licensed.