Pius - Organizational Asset Discovery Tool

Pius is an open-source Go tool that discovers domains and IP ranges owned by any organization. It uses certificate transparency logs, passive DNS, WHOIS, RDAP, and all five Regional Internet Registries (ARIN, RIPE, APNIC, AFRINIC, LACNIC) to map an organization's full external attack surface.

Pius is built for security professionals who need production-grade asset discovery with concurrent plugin execution, multi-tier caching, confidence scoring, and passive-first defaults.

What does Pius do?

Given a company name and optional domain or ASN hints, Pius discovers:

Domains from certificate transparency, passive DNS, reverse WHOIS, GitHub organization pages, GLEIF corporate registries, and Wikidata
IP ranges (CIDRs) from all five Regional Internet Registries via RDAP and RPSL, plus BGP table lookups and Shodan

Key features

Feature	Description
23 Discovery Plugins	14 domain + 9 CIDR plugins covering certificate transparency, passive DNS, WHOIS, RDAP, RPSL, BGP, favicon hashing, and subdomain permutation
All 5 RIRs	ARIN, RIPE, APNIC, AFRINIC, LACNIC
Three-Phase Pipeline	Phase 0 runs independently; Phase 1 discovers RIR org handles; Phase 2 resolves handles to CIDRs
Confidence Scoring	Ambiguous matches are scored and flagged for review
Multi-Tier Cache	API responses cached 24h as JSON; RPSL databases cached 24h locally
Passive by Default	Only OSINT sources queried unless active mode is enabled
Flexible Output	Terminal table, JSON, and NDJSON formats
Single Binary	One portable Go executable with no runtime dependencies

How does Pius compare to other asset discovery tools?

Feature	Pius	amass	subfinder
RIR CIDR discovery	All 5 RIRs	Partial	No
Phase pipeline	Yes (handle -> CIDR)	No	No
Confidence scoring	Yes	No	No
Passive mode default	Yes	Yes	Yes
Built-in cache	Yes (24h)	No	No
Single binary	Yes	Yes	Yes

Get started

Installation - Install Pius via go install or build from source
Quick Start Guide - Run your first asset discovery in under a minute
Plugins - Browse all 23 discovery plugins
Architecture - Understand the three-phase pipeline
Configuration - Environment variables, cache settings, and CLI flags
FAQ - Answers to common questions
Troubleshooting - Fix common issues
Contributing - Add new plugins or contribute to Pius

Pius Wiki

Built by Praetorian | Apache 2.0 License | Report Issues