Developer · Network recon
Recon tools
Run server-side OSINT and recon tools against targets allowed in your Grond configuration.
About active vs. passive tools and analyst id
Active — Nmap and Ncrack hit live systems. Use them inside written scope and your own policy.
Passive — theHarvester, Tavily, EDGAR, OSINTMap, metadata extraction, and steganography analysis query public data or analyst-supplied files.
Analyst id — matches Intel; stored in this browser's localStorage for API audit fields.
GROND_AUTHORIZED_SCAN_TARGETS.Nmap
Server-side scan
Endpoint POST /api/v1/tools/nmap. The API invokes Nmap on the application host. Requires the nmap binary and python-nmap. Only use targets covered by your authorization settings.
This field only sets the target sent to the API — it does not grant permission. The server runs Nmap only if that host/IP matches an authorization record.
Audit session —
Result
Response JSON from POST /api/v1/tools/nmap appears here after a successful run.
Ncrack
Integration status
Endpoint POST /api/v1/tools/ncrack. Ncrack support is not implemented in this release. The API responds with HTTP 501 and a JSON payload.
Npcap
Workstation reference
Metadata from GET /api/v1/tools/npcap/info. Npcap is a Windows packet capture driver installed on analyst workstations. It is not bundled with or executed by the Grond API.
Loading reference…
theHarvester
Email & host harvesting
Endpoint POST /api/v1/tools/harvester. Passive-first theHarvester wrapper. Searches for emails, hosts, and subdomains.
Result
Results appear here after a successful run.
SEC EDGAR
Regulatory filings search
Endpoint POST /api/v1/tools/edgar. SEC EDGAR full-text search via Bellingcat edgar-tool. Passive public regulatory filings index — no API key required.
Result
SEC filing results appear here after a successful search.
OSINTMap
Regional OSINT links
Endpoint POST /api/v1/tools/osintmap. Lookup regional entries in cipher387's worldwide curated public OSINT link table. Passive — no API key required.
Result
OSINT link results appear here after a successful search.
Tavily Search
Web intelligence search
Endpoint POST /api/v1/tools/tavily. Direct Tavily web intelligence — returns search-result snippets as Evidence.
Result
Tavily search results appear here after a successful run.
Tavily Extract
URL content extraction
Endpoint POST /api/v1/tools/tavily/extract. Clean markdown/text from URLs — batch up to 20. Returns extracted Evidence per URL.
Result
Extracted content appears here after a successful run.
File Metadata
ExifTool / Exiv2 extraction
Endpoint POST /api/v1/tools/metadata. File metadata via ExifTool (broad formats) and/or Exiv2 (image Exif/IPTC/XMP). Passive — analyst must only upload material they are authorized to hold.
Result
File metadata appears here after a successful extraction.
Steganography Analysis
stegoVeritas / LSB detection
Endpoint POST /api/v1/tools/stego. Detect hidden data via stegoVeritas (multi-method: LSB, color map, StegHide, carving) or pure-Python LSB fallback. Passive — analyst must only upload material they are authorized to analyze. Extracted payloads require analyst review.
Result
Steganography analysis results appear here after a successful scan.
Local build (repo)
Vendored sources
Optional: build pinned Nmap and Ncrack from the recon/ directory in this repository. Npcap is distributed separately for Windows (npcap.com).
./recon/build.sh all-install