AORT - All in One Recon Tool for Bug Bounty
Installation:
It can be used in any system with python3
You can easily install AORT using pip:
pip3 install aortTo use it just type "aort" into your terminal
If you want to install it from source:
git clone https://github.com/D3Ext/AORT
cd AORT
pip3 install -r requirements.txtHelp Panel:
AORT - All in One Recon Tool
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
domain to search its subdomains
-o OUTPUT, --output OUTPUT
file to store the scan output
-t TOKEN, --token TOKEN
api token of hunter.io to discover mail accounts and employees
-p, --portscan perform a fast and stealthy scan of the most common ports
-a, --axfr try a domain zone transfer attack
-m, --mail try to enumerate mail servers
-e, --extra look for extra dns information
-n, --nameservers try to enumerate the name servers
-i, --ip it reports the ip or ips of the domain
-6, --ipv6 enumerate the ipv6 of the domain
-w, --waf discover the WAF of the domain main page
-b, --backups discover common backups files in the web page
-s, --subtakeover check if any of the subdomains are vulnerable to Subdomain Takeover
-r, --repos try to discover valid repositories and s3 servers of the domain (still improving it)
-c, --check check active subdomains and store them into a file
--secrets crawl the web page to find secrets and api keys (e.g. Google Maps API Key)
--enum stealthily enumerate and identify common technologies
--whois perform a whois query to the domain
--wayback find useful information about the domain and his different endpoints using The Wayback Machine and other services
--all perform all the enumeration at once (best choice)
--quiet don't print the banner
--version display the script version
Usage:
- A list of examples to use the tool in different ways
Most basic usage to dump all the subdomains
python3 AORT.py -d example.comEnumerate subdomains and store them in a file
python3 AORT.py -d example.com --output domains.txtDon't show banner
python3 AORT.py -d example.com --quietEnumerate specifics things using parameters
python3 AORT.py -d example.com -n -p -w -b --whois --enum # You can use other parameters, see help panelPerform all the recon functions (recommended)
python3 AORT.py -d domain.com --allFeatures:
☑️ Whois target domain
Todo:
- Compare results with other tools such as subfinder, gau, httprobe...
- Improve code and existing functions
Demo:
Simple query to find valid subdomains
Third part
The tool uses different services to get subdomains in different ways
The WAF detector was modified and adapted from CRLFSuite concept <3
All DNS queries use dns-python at 100%, no dig or any extra tool needed
Email harvesting functions is done using Hunter.io API with personal token (free signup)
Download AORT
Danial Zahoor
Professional Ethical Hacker and Cybersecurity Researcher with a proven track record in dismantling online threats. Successfully neutralized 4 scammer networks, thwarted 13 phishing schemes, and disrupted 4 kidnapper networks. Committed to ensuring online safety and security, I leverage my expertise to protect individuals and organizations from digital threats. Passionate about cybersecurity education and empowering others to stay safe online.
