Aquatone: An HTTP-Based Attack Surface Visual Inspection Tool
SecurityTrails Blog - A podcast by SecurityTrails
 
   Categories:
Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. Attack surface management has become one of the most critical aspects of any website on the public internet. Simply knowing your attack surface is no longer enough— and effectively managing it with tools like Aquatone has become the norm. Combining Aquatone with popular tools like Owasp Amass helps improve and streamline website attack surface management even further. What is Aquatone? Aquatone is a free-to-use, open-source project aimed at making visual inspection of websites an easy task. This valuable tool also supports looking up websites in bulk, which can make the task of information gathering for your website's attack surface surprisingly easy. Aquatone works with the help of a web browser like Chrome or Chromium to perform the visual inspection of any website being looked up. Aquatone can be further combined with tools like Nmap to gain even more insight about a website's attack surface. Installation To install Aquatone, grab the latest release of the project's GitHub page for the operating system you run on. Aquatone has released versions for Linux (amd64 and arm64), MacOS, and Windows, which makes it a very handy tool no matter what platform you're on. In our example, we'll take a look at both the Linux and Windows options. For Linux, grab the amd64 build or arm64 build. If in doubt, grab the amd64 build: And then unzip the archive. Now let's run the command for the first time. The help command will show a list of command arguments, features and flags supported by Aquatone. Next, for Aquatone to perform visual lookups of websites, you'll need Chromium or Google Chrome installed on your system. If you are running any Debian-based distro, you can install this package by just running the following command. Similarly, for Windows, download the "windows_amd64.zip" build, and extract the archive. This should result in the following files. Fire up the command prompt with WIN + R and then enter CMD. Navigate to the folder where you extracted the files and run. Which should then result in the following output. As seen with Linux, you'll need either Google Chrome or Chromium installed on your system to aid Aquatone to perform the website visual lookups. Aquatone phases and usage examples. Basic usage. To begin using Aquatone, let's look at scanning websites with basic flags/options available. First, create a text file called "websites.txt" inside the same folder as the Aquatone executable. And inside that, add the websites you wish to scan, ensuring you have only one website per line. Run the command: Which should net you the following output. From the output above, we're able to gather a few important facts. Aquatone is FAST! Using this tool, we were able to gather information about two websites in only five seconds. As for the output returned, Aquatone gives us an HTML report, an HTTP code and a screenshot of the website. Aquatone targets port 80, 443, 8000, 8080 and 8443 by default if no arguments or specific ports are passed into the command. Scanning specific ports. At times you may need to scan only specific ports, or the most commonly used ports (such as 80 and 443). This can be done by using the ports flag. For example: Should return to you the following output. Using Aquatone with Owasp Amass. Another excellent feature of Aquatone is that it can be combined with other tools like Owasp Amass. This extends what Aquatone can achieve even further. Amass is a great tool for DNS enumeration, as it helps find and list subdomains belonging to a domain. With larger organizations having hundreds, if not thousands, of subdomains active at any time, using Amass helps speed up the process, gathering information from multiple 3rd-party sources. Amass carries builds for Linux, Windows and Mac OS, as well as FreeBSD. To begin, grab the latest release of Amass from its GitHub Releases page by executing. And then unzip ...
