whatisgithub

What is aquatone?

michenriksen/aquatone — explained in plain English

Analysis updated 2026-06-26

5,931GoAudience · ops devopsComplexity · 2/5Setup · moderate

In one sentence

Aquatone is a command-line security tool that visits a list of websites or hosts, takes screenshots using a headless browser, and produces an HTML report grouped by visual similarity for fast reconnaissance.

Mindmap

mindmap
  root((aquatone))
    What It Does
      Screenshot websites
      Detect open web ports
      Group by appearance
    Input Formats
      DNS tool output
      Nmap Masscan output
      Plain hostnames file
    Output Files
      HTML visual report
      Responsive URL list
      JSON session file
    Audience
      Security testers
      Pentesters
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Feed a list of subdomains into Aquatone to screenshot every live web service and spot patterns or misconfigurations across hundreds of sites.

USE CASE 2

Pipe Nmap port-scan output into Aquatone to automatically screenshot all discovered web interfaces across a target network.

USE CASE 3

Use Aquatone during a security assessment to quickly survey the web-facing attack surface of an organization.

What is it built with?

Go

How does it compare?

michenriksen/aquatonego-flutter-desktop/go-flutterfnproject/fn
Stars5,9315,9335,935
LanguageGoGoGo
Setup difficultymoderatemoderatemoderate
Complexity2/53/54/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Chrome or Chromium installed on the system for headless screenshot capture.

So what is it?

Aquatone is a command-line security tool for getting a quick visual picture of all the websites running across a set of hosts or domains. You give it a list of targets, it checks which web ports are open on each one, visits every discovered web address using a headless browser (Chrome or Chromium running without a visible window), takes a screenshot, and saves the response headers and HTML. The end result is an HTML report that shows all the screenshots grouped by visual similarity, making it easy to spot patterns across a large number of sites at once. The tool is designed to fit into existing security workflows. You can pipe in output from nearly any other tool: DNS enumeration tools like Amass or Sublist3r, port scanners like Nmap or Masscan, or just a plain text file of hostnames and IP addresses. Aquatone figures out what it is looking at using pattern matching, so it does not require a specific input format. Port scanning uses a short default list of common web ports (80, 443, 8000, 8080, 8443), but you can specify your own list or use built-in presets ranging from a small two-port scan to an extra-large list of dozens of ports. If your input already contains full URLs, those are treated as live and skipped directly to the screenshot phase. Output files land in a directory you choose and include the HTML report, a list of all responsive URLs (useful as input for further tools), a JSON session file for automation, raw response headers, response bodies, and PNG screenshots. The session file can be reloaded later to regenerate the report without re-scanning. Aquatone is primarily used in security assessments and reconnaissance to quickly survey the web-facing attack surface of a target organization. The license terms are not stated in the README.

Copy-paste prompts

Prompt 1
I have a file with 500 subdomains from Amass. How do I pipe it into Aquatone to screenshot all live sites and get a grouped HTML report?
Prompt 2
Show me how to pipe Nmap XML output into Aquatone so it automatically screenshots every discovered web port on my target hosts.
Prompt 3
How do I configure Aquatone to scan a custom list of non-standard web ports like 8080 and 8443 across a set of hosts?

Frequently asked questions

What is aquatone?

Aquatone is a command-line security tool that visits a list of websites or hosts, takes screenshots using a headless browser, and produces an HTML report grouped by visual similarity for fast reconnaissance.

What language is aquatone written in?

Mainly Go. The stack also includes Go.

How hard is aquatone to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is aquatone for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.