All in One Recon Tool
An easy-to-use python tool to perform dns recon, subdomain enumeration and much more
The purpouse of this tool is helping bug hunters and pentesters during reconnaissance
If you want to know more about the tool you can read my own post in my blog (written in spanish)
Installation:
It can be used in any system with python3
You can easily install AORT using pip:
pip3 install aort
If you want to install it from source:
git clone https://github.com/D3Ext/AORT cd AORT pip3 install -r requirements.txt
One-liner
git clone https://github.com/D3Ext/AORT && cd AORT && pip3 install -r requirements.txt && python3 AORT.py
Usage:
- Common usages
If installed with pip3:
aort
To see the help panel and other parameters
python3 AORT.py -h
Main usage of the tool to dump the valid domains
python3 AORT.py -d example.com
Perform all the recon
python3 AORT.py -d domain.com --all
Features:
Enumerate subdomains using passive techniques (like subfinder)
A lot of extra queries to enumerate the DNS
Domain Zone transfer attack
WAF type detection
Subdomain Takeover checker
Scan common ports
Check active subdomains (like httprobe)
Wayback machine support to enumerate endpoints (like waybackurls)
Email harvesting
Demo:
Simple query to find valid subdomains
Third part
The tool uses different services to get subdomains in different ways
The WAF detector was modified and addapted from CRLFSuite concept
All DNS queries are scripted in python at 100%
Email harvesting using Proxycrawl API with personal token (you can register a free account with 100 uses)