All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- The Sub Resource Integrity attribute on the external CSS resource in the HTML report caused it to not load as the file had changed. Removed SRI on external CSS resource
- Responsive URLs are now written to
aquatone_urls.txt. Thanks eur0pa! - A warning is printed when older versions of Chromium is detected which has known problems with screenshotting HTTPS URLs
- Aquatone had trouble processing a single or very few targets. A small delay has been added to give agents time to emit all their events
- List of User-Agents have been updated with most recent list of common User-Agents
- Random User-Agent and other spoofing request headers were not set correctly when requesting URLs. Thanks to eur0pa for pointing it out!
- Passive fingerprinting of web technology in use on websites with Wappalyzer fingerprints
- Detection of domain takeover vulnerabilities across 20 different services
Complete rewrite and simplification of Aquatone. Now written in Go and focused on reporting and screenshotting.
- Extraction of hosts, IPs and URLs from arbitrary data piped to Aquatone
- Parsing of Nmap/Masscan XML files
- Clustering of websites with similar structure in HTML report
- Domain discovery (
aquatone-discover) - Domain takeover discovery (
aquatone-takeover)