I’m continuing my quest to move my open source tools from Ruby to Go. Earlier this year, I released the Go rewrite of Gitrob and now I’m happy to announce the release of a new and streamlined version of Aquatone!
Quite a lot has changed in the new version. The two major themes of the rewrite is simplification and ease-of-use:
Yes, Aquatone is now completely focused on screenshotting and reporting. I know a lot of people used Aquatone for its DNS enumeration capabilities and it was definitely very good at that when it was released. Now other tools are doing a much better job of this, so I decided to leave it out of the new Aquatone, and instead make it easy to use it with your tool of choice.
Because Aquatone is now focused on one thing, it is now a single aquatone command. No more aquatone-discover, aquatone-scan and aquatone-gather.
The old version used Nightmare for taking screenshots. This was very unreliable and introduced a big dependency with Node.js. The new version uses either Google Chrome or Chromium in headless mode to take screenshots, which is much more reliable.
Aquatone works by having input piped to it. It doesn’t care about what this data looks like as IPs, hostnames, domains and URLs will be extracted from the input with regular expression matching. The output of all your tools can be piped to Aquatone and it should work fine, but you can of course clean it up with the usual terminal commands if needed.
Sometimes it could be quite painful to scroll through the HTML report from the old Aquatone to find that unusual, vulnerable-looking page. The new Aquatone will now cluster pages with similar HTML structure together to make it much easier to digest the report and find the interesting stuff.
Installing Aquatone is super easy. Simply head over to the project on Github and download a pre-compiled binary for your operating system.
Read more about installation and setup in the project README.