aquatone - A Tool for Domain Flyovers

  •        26

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface. AQUATONE depends on Node.js and NPM package manager for its web page screenshotting capabilities. Follow this guide for Installation instructions.

http://michenriksen.com/blog/aquatone-tool-for-domain-flyovers/
https://github.com/michenriksen/aquatone

Tags
Implementation
License
Platform

   




Related Projects

gitrob - Reconnaissance tool for GitHub organizations

  •    Ruby

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.

birdwatcher - Data analysis and OSINT framework for Twitter

  •    Ruby

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be envoked to further enrich collected data or work with it, e.g. Retrieving user's Klout score, generating social graphs between users and weighted word clouds based on their Tweets. Birdwatcher is written in Ruby and requires at least version 1.9.3 or above. To check which version of Ruby you have installed, simply run ruby --version in a terminal.

subfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites

  •    Go

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.

  •    Go

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration).

OSINT-Framework - OSINT Framework

  •    Javascript

OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost. Feedback or new tool suggestions are extremely welcome! Please feel free to submit a pull request or open an issue on github or reach out on Twitter.


Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

awesome-osint - :scream: A curated list of amazingly awesome OSINT

  •    

Please read CONTRIBUTING if you wish to add tools or resources. This list was taken directly from i-inteligence's OSINT Tools and Resources Handbook. I-intelligence is dedicated to helping you improve your ability to collect, analyze, manage, share and communicate information, whether in support of government policy or in pursuit of competitive advantage.

NodeJsScan - NodeJsScan is a static security code scanner for Node.js applications.

  •    Python

Static security code scanner (SAST) for Node.js applications. The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.

creepy - A geolocation OSINT tool

  •    Python

Geolocation OSINT tool. Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.

trape - People tracker on the Internet: Learn to track the world, to avoid being traced.

  •    CSS

People tracker on the Internet: Learn to track the world, to avoid being traced. Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.

  •    Python

NOTE: For installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway. TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.

inspec - InSpec: Auditing and Testing Framework

  •    Ruby

InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

inspec - InSpec: Auditing and Testing Framework

  •    Ruby

InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

  •    Javascript

Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.

anchore - Legacy Anchore container analysis, inspection and control toolset

  •    Python

Anchore is a set of tools that provides visibility, transparency, and control of your container environment. With anchore, users can analyze, inspect, perform security scans, and apply custom policies to container images within a CI/CD build system, or used/integrated directly into your container environment. This repository contains the anchore analysis scanner tool (with a basic CLI interface), which can be appropriate for lower-level integrations - for new users and current users who have been looking to deploy Anchore as a centralized service with an API, an open source project called the Anchore Engine has been released (with its own light-weight client CLI) which extends the capabilities of anchore beyond what usage of this scanner tool alone can provide. The project page links are below, which include installation/quickstart instructions, API documents and usage guides.

uber-cli - πŸš—Uber, at your fingertips

  •    Javascript

Clearly, I'm a lazy person (just look at what this tool does - it helps me figure out if I should order a car to pick me up and drive me to where I want to go). That being said, as a lazy person it pains me everytime open my phone, open the Uber app, type my destination, and see the estimated price, only for my inner, responsible, cost-cutting, fiduciary-self to end up taking the bus all the way home.

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  •    Ruby

This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

theHarvester - E-mails, subdomains and names Harvester - OSINT

  •    Python

E-mails, subdomains and names Harvester - OSINT