Mastering Subdomain Visualization: Using Aquatone for Effective Reconnaissanc

1 month ago 51
BOOK THIS SPACE FOR AD
ARTICLE AD

Rutvik Kalkumbe

As a security enthusiast, I’ve spent a lot of time exploring various tools that can help streamline the process of web application testing. One such tool is Aquatone, a powerful utility that takes screenshots of websites and subdomains for quick reconnaissance. After testing it locally, I decided to install Aquatone on a DigitalOcean Droplet. In this article, I’ll walk you through the entire process and share the challenges I faced along the way.

Aquatone is a reconnaissance tool designed to take screenshots of websites and subdomains. It’s often used during penetration testing or bug bounty hunting to quickly visualize different subdomains and identify any issues or vulnerabilities. Aquatone can be integrated with other tools like Amass and Sublist3r to automate the discovery of subdomains, which it then captures as screenshots using Chromium. The output is an HTML report containing the images, helping you assess the sites more efficiently.

Before installing Aquatone, you need a DigitalOcean Droplet. If you don’t have one yet, here’s how to create it:

Log in to DigitalOcean and create a new Droplet.Choose an image (Ubuntu 20.04 is a safe option).Select the appropriate plan based on your needs.Choose a data center region.Add SSH keys for secure access.Finally, create the Droplet.

Once your Droplet is up and running, SSH into it using the following command:

ssh root@your_droplet_ip

It’s a good idea to start by updating your Droplet to ensure all the software is up-to-date. Run the following commands:

sudo apt update && sudo apt upgrade -y

This will refresh the package lists and upgrade any outdated packages.

Aquatone requires Go, Chromium, and Git to function. Let’s install them one by one.

Install Go (Golang)

Aquatone is written in Go, so we need to install it first. Run the following command:

sudo apt install -y golang

After installation, verify that Go is correctly installed by checking its version:

go version

You should see something like:
go version go1.18 linux/amd64

Install Chromium

Chromium is used by Aquatone to take screenshots of web pages. Install it with:

sudo apt install -y chromium-browser

Once installed, you can verify the installation with:

chromium-browser --version

Install Git

Git is essential for cloning repositories. Install it using:

sudo apt install -y git

Now that we have all the necessary dependencies, it’s time to install Aquatone.

Set Up Go Environment

Before installing Aquatone, you need to set up your GOPATH. Add the following to your .bashrc file :

echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc
source ~/.bashrc

Install Aquatone

With Go configured, we can now install Aquatone. Run the following command:

go install github.com/michenriksen/aquatone@latest

This will download and install Aquatone directly from GitHub.

Verify Installation

Once the installation is complete, verify that Aquatone is installed by checking the help menu:

aquatone -h

If you see Aquatone’s help menu, the installation was successful.

Now that Aquatone is installed, it’s time to use it. Aquatone works by taking screenshots of websites, so you need a list of subdomains to analyze. Here’s how to get started.

Create a File with Subdomains

First, create a file with the subdomains you want to scan. For example, create a file called domains.txt:

echo "example.com" > domains.txt

You can add more domains or subdomains to the file as needed.

Run Aquatone

Once your subdomains are ready, you can pipe them into Aquatone to start the process:

cat domains.txt | aquatone

Aquatone will now process the subdomains and generate screenshots of the websites. It will save an HTML report in your current directory, containing the screenshots and information about the sites.

While Aquatone does a great job of visualizing websites, you’ll need to gather subdomains to make the most of it. Here are a few tools you can use for subdomain enumeration:

Amass

Amass is a powerful tool for discovering subdomains. You can install it with:

sudo apt install -y amass

Once installed, run Amass to find subdomains:

amass enum -d example.com > domains.txt

Sublist3r

Sublist3r is another great subdomain enumeration tool. Clone it and install the dependencies:

git clone https://github.com/aboul3la/Sublist3r.git cd Sublist3r sudo pip install -r requirements.txt

Then run it to gather subdomains:

python sublist3r.py -d example.com -o domains.txt

While the setup was mostly smooth, I ran into a couple of issues along the way, primarily related to Chromium compatibility and GOPATH configurations. If you face any errors, check for the following:

Chromium Dependencies: Ensure that your version of Chromium is compatible with Aquatone. You might need to install additional libraries depending on your Ubuntu version.Environment Variables: Double-check your GOPATH and PATH variables to ensure Aquatone runs properly.

Installing Aquatone on a DigitalOcean Droplet wasn’t as straightforward as I initially thought, but it was definitely worth the effort. Once set up, Aquatone made the process of visualizing subdomains incredibly efficient, allowing me to quickly assess security risks and identify vulnerabilities.

With the ability to integrate Aquatone with subdomain enumeration tools like Amass and Sublist3r, it becomes a powerful addition to any security tester’s toolkit. Despite a few hurdles, the value it offers for web application security assessments is undeniable.

So, if you’re ready to dive into subdomain enumeration and visualization, Aquatone on DigitalOcean is a great choice. Happy hunting!

Read Entire Article