EN
ENNA

Aquatone

MIT

๐Ÿ•ธ Web Scanning ยท Go

Aquatone is a tool for visual inspection of websites across a large number of hosts, designed to help quickly identify interesting targets in a sea of web servers. Given a list of URLs or domains, Aquatone visits each one, takes a screenshot, collects HTTP headers and response bodies, and generates an interactive HTML report that lets you visually browse through all discovered web services. This visual approach is much faster than manually visiting hundreds of URLs - you can quickly spot login panels, default pages, interesting applications, and potential targets by scanning through the screenshot gallery. Aquatone is commonly used after subdomain enumeration to triage discovered assets, identifying which subdomains host web applications worth deeper investigation. It runs headless Chrome for rendering and supports customizable viewport sizes, timeouts, and concurrent connections.

5.9kstars
912forks
106issues
Updated 3y ago
View on GitHubOfficial Website

Installation

Go

$ go install github.com/michenriksen/aquatone@latest

Download

$ Download pre-built binary from GitHub releases

Use Cases

  • Triaging hundreds of discovered subdomains by visual inspection of screenshots
  • Generating browsable HTML reports of web services across an attack surface
  • Identifying login panels, admin interfaces, and default pages at scale
  • Visual diffing of web services between assessment periods to spot changes
  • Screening web servers for interesting applications after reconnaissance

Tags

screenshotsvisual-reconweb-discoverytriagehtml-reportchrome-headlesschromiumgolangosintreconnaissancesecurity

Details

Category
๐Ÿ•ธ Web Scanning
Language
Go
License
MIT
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/michenriksen/aquatone

Official Website

michenriksen.com/blog/aquatone-now-in-go

Releases

github.com/michenriksen/aquatone/releases

Issues

github.com/michenriksen/aquatone/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

Compare Aquatone vs httpx

Katana

Go

Next-gen crawling and spidering framework. Headless browser and standard mode with automatic form fill.

Compare Aquatone vs Katana

EyeWitness

Python

Web screenshot and categorization tool. Captures screenshots of web pages, RDP, and VNC services with auto-categorization.

Compare Aquatone vs EyeWitness

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast