An easy-to-use python tool to perform dns recon, subdomain enumeration and much more
The purpouse of this tool is helping bug hunters and pentesters during reconnaissance
If you want to know more about the tool you can read my own post in my blog (written in spanish)
It can be used in any system with python3
You can easily install AORT using pip:
pip3 install aort
If you want to install it from source:
git clone https://github.com/D3Ext/AORT
cd AORT
pip3 install -r requirements.txt
One-liner
git clone https://github.com/D3Ext/AORT && cd AORT && pip3 install -r requirements.txt && python3 AORT.py
- Common usages
If installed with pip3:
aort
To see the help panel and other parameters
python3 AORT.py -h
Main usage of the tool to dump the valid domains
python3 AORT.py -d example.com
Perform all the recon
python3 AORT.py -d domain.com --all
☑️ Enumerate subdomains using passive techniques (like subfinder)
☑️ A lot of extra queries to enumerate the DNS
☑️ Domain Zone transfer attack
☑️ WAF type detection
☑️ Common enumeration (CMSs, reverse proxies, jquery...)
☑️ Whois target domain
☑️ Subdomain Takeover checker
☑️ Scan common ports
☑️ Check active subdomains (like httprobe)
☑️ Wayback machine support to enumerate endpoints (like waybackurls)
☑️ Email harvesting
- Compare results with other tools such as subfinder, gau, httprobe...
Simple query to find valid subdomains
The tool uses different services to get subdomains in different ways
The WAF detector was modified and addapted from CRLFSuite concept
All DNS queries are scripted in python at 100%
Email harvesting using Hunter.io API with personal token (free signup)
If you consider this project has been useful, I would really appreciate supporting me by giving this repo a star or buying me a coffee.
Copyright © 2022, D3Ext