Aort
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Whatweb | 4,727 | 6 months ago | 46 | gpl-2.0 | Ruby | |||||
| Next generation web scanner | ||||||||||
| Reconftw | 4,700 | 4 days ago | 25 | mit | HTML | |||||
| reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities | ||||||||||
| Webhackersweapons | 3,397 | 9 days ago | 1 | mit | Ruby | |||||
| ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting | ||||||||||
| Pentest Tools | 2,652 | 9 months ago | 1 | Python | ||||||
| A collection of custom security tools for quick needs. | ||||||||||
| Reconspider | 1,729 | 5 days ago | 1 | August 24, 2020 | 22 | gpl-3.0 | Python | |||
| 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations. | ||||||||||
| Redteam Offensivesecurity | 1,630 | 10 months ago | mit | Python | ||||||
| Tools & Interesting Things for RedTeam Ops | ||||||||||
| Sn0int | 1,604 |  | 1 | 2 | 15 days ago | 13 | September 08, 2021 | 44 | gpl-3.0 | Rust |
| Semi-automatic OSINT framework and package manager | ||||||||||
| Urlhunter | 1,353 | 4 months ago | 2 | September 24, 2022 | 3 | mit | Go | |||
| a recon tool that allows searching on URLs that are exposed via shortener services | ||||||||||
| Sx | 1,317 | 4 months ago | 13 | September 04, 2022 | 14 | mit | Go | |||
| :vulcan_salute: Fast, modern, easy-to-use network scanner | ||||||||||
| X8 | 1,255 | 15 days ago | 32 | June 30, 2023 | 8 | gpl-3.0 | Rust | |||
| Hidden parameters discovery suite | ||||||||||
All in One Recon Tool
An easy-to-use python tool to perform subdomain enumeration, endpoints recon and much more
The purpouse of this tool is helping bug hunters and pentesters during reconnaissance
If you want to know more about the tool you can read my own post in my blog (written in spanish)
Installation:
It can be used in any system with python3
You can easily install AORT using pip:
pip3 install aort
To use it just type "aort" into your terminal
If you want to install it from source:
git clone https://github.com/D3Ext/AORT
cd AORT
pip3 install -r requirements.txt
Help Panel:
AORT - All in One Recon Tool
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
domain to search its subdomains
-o OUTPUT, --output OUTPUT
file to store the scan output
-t TOKEN, --token TOKEN
api token of hunter.io to discover mail accounts and employees
-p, --portscan perform a fast and stealthy scan of the most common ports
-a, --axfr try a domain zone transfer attack
-m, --mail try to enumerate mail servers
-e, --extra look for extra dns information
-n, --nameservers try to enumerate the name servers
-i, --ip it reports the ip or ips of the domain
-6, --ipv6 enumerate the ipv6 of the domain
-w, --waf discover the WAF of the domain main page
-b, --backups discover common backups files in the web page
-s, --subtakeover check if any of the subdomains are vulnerable to Subdomain Takeover
-r, --repos try to discover valid repositories and s3 servers of the domain (still improving it)
-c, --check check active subdomains and store them into a file
--secrets crawl the web page to find secrets and api keys (e.g. Google Maps API Key)
--enum stealthily enumerate and identify common technologies
--whois perform a whois query to the domain
--wayback find useful information about the domain and his different endpoints using The Wayback Machine and other services
--all perform all the enumeration at once (best choice)
--quiet don't print the banner
--version display the script version
Usage:
- A list of examples to use the tool in different ways
Most basic usage to dump all the subdomains
python3 AORT.py -d example.com
Enumerate subdomains and store them in a file
python3 AORT.py -d example.com --output domains.txt
Don't show banner
python3 AORT.py -d example.com --quiet
Enumerate specifics things using parameters
python3 AORT.py -d example.com -n -p -w -b --whois --enum # You can use other parameters, see help panel
Perform all the recon functions (recommended)
python3 AORT.py -d domain.com --all
Features:
☑️ Enumerate subdomains using passive techniques (like subfinder)
☑️ A lot of extra queries to enumerate the DNS
☑️ Domain Zone transfer attack
☑️ WAF type detection
☑️ Common enumeration (CMSs, reverse proxies, jquery...)
☑️ Whois target domain
☑️ Subdomain Takeover checker
☑️ Scan common open ports
☑️ Check active subdomains (like httprobe)
☑️ Wayback machine support to enumerate endpoints (like waybackurls)
☑️ Email harvesting
Todo:
- Compare results with other tools such as subfinder, gau, httprobe...
- Improve code and existings functions
Demo:
Simple query to find valid subdomains
Third part
The tool uses different services to get subdomains in different ways
The WAF detector was modified and adapted from CRLFSuite concept <3
All DNS queries use dns-python at 100%, no dig or any extra tool needed
Email harvesting functions is done using Hunter.io API with personal token (free signup)
Extra
If you consider this project useful, I would really appreciate supporting me by giving this repo a star or buying me a coffee.
Copyright 2022, D3Ext
