All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- New command line flag
-headerto add optional headers to requests - More domain takeover fingerprints
- New
url_tls_checkeragent that check TLS/SSL version of secure web-servers
- Do not follow redirects by default (changed command-line flag
-no-redirectto-follow-redirect) - Colors/styles of report tags are now look cooler
- Debug mode has been replaced with a debug log inside output directory
- BigCartel domain takeover detection
- New command line flags
-filter-stringto filter hosts by string in response body
- Some new default HTTP request headers
- Wappalyzergo for web technology fingerprinting
- Client-side Prototype Pollution vulnerability detection (affects scanning result)
- Client-side Prototype Pollution vulnerability detection
- New command line flags
-match-codes|-filter-codesto filter hosts by HTTP status codes - New command line flags
-screenshot-delayto set delay between screenshots - New command line flags
-thumbnail-sizeto select screenshot thumbnail size - New command line flags
-full-pageto do full page screenshotting - New command line flags
-no-redirectto not follow redirects - New command line flags
-offlineto use local JS files, able to view Aquatone reports without Internet - New command line flags
-input-fileto load targets from file - New command line flags
-similarityto set similarity rate for screenshots clustering - Support for port range
- More subdomain-takeover fingerprints
- Changed screenshot technology from backend to headless chromedp
- New
session:startandsession:endevents have been introduced in the event bus to allow agents to perform bootstrap and cleanup tasks if needed - A temporary user directory is now created for the Chrome/Chromium process and additional command line flags have been added to increase compartmentalization
- Production versions of Vue.js and Vue Router are now used in the HTML report for increased performance
- List of user agents have been updated to current list of most common user agents
- The pagination logic in the new HTML report would skip the page or cluster at index 0 as the
v-forfunction on an integer value in Vue.js starts from 1 and not 0
- Session data will now be written to output directory as
aquatone_session.json - New
url_hostname_resolveragent that resolves page's hostnames to IP addresses - New
url_page_title_extractorthat extracts HTML page titles from responsive pages - New command line flag
-template-pathto specify a custom template to use for the HTML report - New command line flag
-sessionto load a previous Aquatone session file and generate a report on its data - Aquatone is now compiled for ARM64 in
build.sh
- Bigger refactoring of session and pages
- New Vue.js powered HTML report with lots of new cool stuff:
- New look and feel
- Pages can now be viewed in different modes:
- By Similarity: Pages are displayed in clusters by their HTML structure similarity
- By Hostname: Pages are displayed in clusters by their hostname
- Single Pages: Pages are shown one-by-one with bigger screenshots and response headers (oldschool Aquatone style)
- Vis.js powered network graph view to see relations between pages, IP addresses and technologies
- Page clusters are now rendered in a paginated carousel view instead of horizontally scrollable lanes
- Clusters and pages are paginated to improve performance on large reports
- Page titles are now shown for pages
url_loggeragent (no longer needed)
- The Nmap/Masscan XML report parser did not ignore closed/filtered ports. It now only works on ports with state
open.
- Support for processing of multiple URLs on the same host by appending hash of URL path and fragment to file names
- Support for defining default output directory in
AQUATONE_OUT_PATHenvironment variable
- Automatic SSL/TLS detection on non-standard ports
- URL Screenshotter agent now takes extra steps to ensure that the browser process is killed after use
- Version flag to output current version (woah!!!)
- Packages and other dependencies have been updated to latest versions
- User-Agent list has been updated to current most common agents
- Wappalyzer technology fingerprints have been updated
- The Sub Resource Integrity attribute on the external CSS resource in the HTML report caused it to not load as the file had changed. Removed SRI on external CSS resource
- Responsive URLs are now written to
aquatone_urls.txt. Thanks eur0pa! - A warning is printed when older versions of Chromium is detected which has known problems with screenshotting HTTPS URLs
- Aquatone had trouble processing a single or very few targets. A small delay has been added to give agents time to emit all their events
- List of User-Agents have been updated with most recent list of common User-Agents
- Random User-Agent and other spoofing request headers were not set correctly when requesting URLs. Thanks to eur0pa for pointing it out!
- Passive fingerprinting of web technology in use on websites with Wappalyzer fingerprints
- Detection of domain takeover vulnerabilities across 20 different services
Complete rewrite and simplification of Aquatone. Now written in Go and focused on reporting and screenshotting.
- Extraction of hosts, IPs and URLs from arbitrary data piped to Aquatone
- Parsing of Nmap/Masscan XML files
- Clustering of websites with similar structure in HTML report
- Domain discovery (
aquatone-discover) - Domain takeover discovery (
aquatone-takeover)