Feed a list of subdomains into Aquatone to screenshot every live web service and spot patterns or misconfigurations across hundreds of sites.
Pipe Nmap port-scan output into Aquatone to automatically screenshot all discovered web interfaces across a target network.
Use Aquatone during a security assessment to quickly survey the web-facing attack surface of an organization.
| michenriksen/aquatone | go-flutter-desktop/go-flutter | fnproject/fn | |
|---|---|---|---|
| Stars | 5,931 | 5,933 | 5,935 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 2/5 | 3/5 | 4/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires Chrome or Chromium installed on the system for headless screenshot capture.
Aquatone is a command-line security tool for getting a quick visual picture of all the websites running across a set of hosts or domains. You give it a list of targets, it checks which web ports are open on each one, visits every discovered web address using a headless browser (Chrome or Chromium running without a visible window), takes a screenshot, and saves the response headers and HTML. The end result is an HTML report that shows all the screenshots grouped by visual similarity, making it easy to spot patterns across a large number of sites at once. The tool is designed to fit into existing security workflows. You can pipe in output from nearly any other tool: DNS enumeration tools like Amass or Sublist3r, port scanners like Nmap or Masscan, or just a plain text file of hostnames and IP addresses. Aquatone figures out what it is looking at using pattern matching, so it does not require a specific input format. Port scanning uses a short default list of common web ports (80, 443, 8000, 8080, 8443), but you can specify your own list or use built-in presets ranging from a small two-port scan to an extra-large list of dozens of ports. If your input already contains full URLs, those are treated as live and skipped directly to the screenshot phase. Output files land in a directory you choose and include the HTML report, a list of all responsive URLs (useful as input for further tools), a JSON session file for automation, raw response headers, response bodies, and PNG screenshots. The session file can be reloaded later to regenerate the report without re-scanning. Aquatone is primarily used in security assessments and reconnaissance to quickly survey the web-facing attack surface of a target organization. The license terms are not stated in the README.
Aquatone is a command-line security tool that visits a list of websites or hosts, takes screenshots using a headless browser, and produces an HTML report grouped by visual similarity for fast reconnaissance.
Mainly Go. The stack also includes Go.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.