Nemo is an automated information gathering platform designed for internal and internet asset discovery, aiming to boost efficiency in vulnerability assessment and penetration testing. It targets security professionals and researchers by integrating various tools for comprehensive asset intelligence.

How It Works

Nemo v3 features a modular task architecture with a streamlined execution flow for improved efficiency. It utilizes MongoDB for flexible data storage, allowing historical task data retention and querying. Asset management is centralized, supporting semantic queries for IP and domain assets. Fingerprint identification relies on Httpx and ChainReactor, while PoC validation is primarily handled by Nuclei. It also integrates LLM APIs for domain information retrieval and ChinaZ for reliable enterprise filing information.

Quick Start & Requirements

• Installation typically involves cloning the repository and following setup instructions.
• Requires Go, Python 3.x, MongoDB, and potentially API keys for services like Fofa, Quake, Kimi, Qwen, and Deepseek.
• Refer to the Nemo v3 Installation Manual for detailed setup.

Highlighted Details

• Integrates Masscan, Nmap, Subfinder, Massdns, and Whois for asset discovery.
• Supports HTTP fingerprinting via Httpx and ChainReactor, and non-HTTP fingerprints with Fingerprintx.
• Includes PoC validation using Nuclei and Nuclei-Templates.
• Offers distributed and asynchronous task execution with support for team collaboration features like multi-user, multi-workspace, and asset memoization.

Maintenance & Community

• The project acknowledges contributions from several open-source projects including Machinery, Beego, and ProjectDiscovery.
• Further community and roadmap details are not explicitly provided in the README.

Licensing & Compatibility

• The project is licensed under the Apache License 2.0.
• This license is generally permissive for commercial use and integration with closed-source projects.

Limitations & Caveats

The project is actively under development with several features planned for future versions, including optimizations for fingerprinting, PoC validation, asset management, and large-scale distributed node management. The LLM API integration may produce "hallucinations."