Skip to content

D4-project/Plum-Island

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

165 Commits
documentation
documentation
 
 
nse
nse
 
 
tools
tools
 
 
webapp
webapp
 
 
.gitignore
.gitignore
 
 
.pylintrc
.pylintrc
 
 
LICENSE
LICENSE
 
 
readme.md
readme.md
 
 
release_note.md
release_note.md
 
 
requirements.txt
requirements.txt
 
 
setup.sh
setup.sh
 
 

Repository files navigation

d4-Plum-Island

Proactive Land Uncovering & Monitoring

d4-Plum-Island overview

Beta version

Description

Plum Island is an orchestrator for proactive surface-exposure discovery. It assigns scan jobs to distributed agents, collects their results, stores scan history, and makes the collected data searchable through indexed technical indicators.

The project is designed for repeated monitoring rather than one-shot scans: targets can be linked to scan profiles, jobs are queued by priority, results are kept over time, and reports can summarize what changed during a period.

Main features

  • Distributed scan orchestration with agents and server-side job queues.
  • Target and scan profile management.
  • Per-profile scan tracking for each target.
  • Indexed search over IPs, networks, ports, DNS names, HTTP metadata, favicons, TLS certificates, banners, and computed tags.
  • Structured query syntax with exact, prefix, substring, AND, OR, and date-range filtering.
  • Tag rules that automatically add tags to matching scan documents.
  • Favicon-based tagging using MD5, SHA-256, and mmhash indicators.
  • Scheduled Markdown reports from the same search syntax used by the UI.
  • CSV/JSON export workflows for search results.

Search options

The search index supports fields such as:

  • ip, net, port
  • fqdn, fqdn_requested, domain, domain_requested, host, tld
  • http_title, http_cookiename, http_etag, http_server
  • http_favicon_path, http_favicon_mmhash, http_favicon_md5, http_favicon_sha256
  • banner
  • x509_issuer, x509_subject, x509_san, x509_md5, x509_sha1, x509_sha256
  • tag

Example:

domain.begin:"circl.lu" port:443 http_server.lk:nginx

See Search documentation for the full field list, modifiers, examples, and date-range behavior.

Tagging

Tag rules are stored as YAML definitions and can also be managed from the web UI. Each rule contains a description, a search query, a list of tags, and a version timestamp.

Example:

description: HashiCorp Vault
query: http_favicon_mmhash:747250914 AND http_title.bg:Vault
tags:
- soft:hashicorp-vault
version: 20260428T170756Z

See Tagging documentation for YAML format, import/export tooling, version handling, and reindexing.

Reports

Reports use the same structured search syntax as the interactive search page. They generate Markdown summaries for a reporting interval and can be previewed, run manually, or sent on a schedule.

See Reports documentation for report configuration, interval handling, Markdown content, and SMTP delivery.

Documentation

Technical requirements

  • Python 3.10+
  • Flask AppBuilder 4.8
  • Meilisearch 1.22.2+
  • Kvrocks unstable build 8f04af34+, with RocksDB 10.4.2+

About

Proactive Land Uncovering & Monitoring

Topics

network-scanning

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

9 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

Plum Island - MarmotUp Release - v0.2604.0 Latest Latest
Apr 29, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages