A Tool for Domain Flyovers
session:start
and session:end
events have been introduced in the event bus to allow agents to perform bootstrap and cleanup tasks if neededNOTE: This is a pre-release! The HTML report has been completely changed and is now powered by the Vue.js Javascript framework and has lots of great new features. Please try it out and report any bugs or issues. Thanks! Are you a vis.js wizard? If so, I would love to hear if you have any recommendations for improving the network graph!
aquatone_session.json
url_hostname_resolver
agent that resolves page's hostnames to IP addressesurl_page_title_extractor
that extracts HTML page titles from responsive pages-template-path
to specify a custom template to use for the HTML report-session
to load a previous Aquatone session file and generate a report on its databuild.sh
url_logger
agent (no longer needed)NOTE: This release changes the base file names for screenshots, headers and HTML files to include a partial hash of the URL path and fragment in order to support multiple URLs on the same host. Beware of this if you do any automation with files generated by Aquatone!
open
.AQUATONE_OUT_PATH
environment variableThe Sub Resource Integrity check on the external CSS resource caused it to not load as the file had unexpectedly changed. This broke the HTML report generated by Aquatone. This version removes the SRI attribute to make sure the resource is always loaded.
aquatone_urls.txt
. Thanks eur0pa!Fixes a bug where the random User-Agent and other spoofing request headers where not properly set when requesting URLs.
Web technology in use on websites are now detected and displayed in reports. Detection of domain takeover vulnerabilities is now also detected across 20 different services. 💣
Aquatone has been simplified and rewritten in Golang. Read about it here.