AORT: An All in One Recon Program

The purpose of AORT is to assist bughunters and pentesters in identifying their targets. It is an open source program, written in python, where it is the first move to discover important information about the target you want to attack.

It is fast enough, easy to use and fully automated even for novice users, giving the best possible results.



The installation is done in two simple ways. The first way we recommend is through the python repositories by running the following command in your terminal:

pip3 install aort

or alternatively, by running the following commands:

git clone
cd AORT pip3 install -r requirements.txt

Program options

AORT - All in One Recon Tool

  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        domain to search its subdomains
  -o OUTPUT, --output OUTPUT
                        file to store the scan output
  -t TOKEN, --token TOKEN
                        api token of to discover mail accounts and employees
  -p, --portscan        perform a fast and stealthy scan of the most common ports
  -a, --axfr            try a domain zone transfer attack
  -m, --mail            try to enumerate mail servers
  -e, --extra           look for extra dns information
  -n, --nameservers     try to enumerate the name servers
  -i, --ip              it reports the ip or ips of the domain
  -6, --ipv6            enumerate the ipv6 of the domain
  -w, --waf             discover the WAF of the domain main page
  -b, --backups         discover common backups files in the web page
  -s, --subtakeover     check if any of the subdomains are vulnerable to Subdomain Takeover
  -r, --repos           try to discover valid repositories and s3 servers of the domain (still improving it)
  -c, --check           check active subdomains and store them into a file
  --secrets             crawl the web page to find secrets and api keys (e.g. Google Maps API Key)
  --enum                stealthily enumerate and identify common technologies
  --whois               perform a whois query to the domain
  --wayback             find useful information about the domain and his different endpoints using The Wayback Machine and other services
  --all                 perform all the enumeration at once (best choice)
  --quiet               don't print the banner
  --version             display the script version


A list of examples for using the tool in different ways

The most basic of these is finding subdomains

python3 -d

Find subdomains and save them to a file

python3 -d --output domains.txt

Display specific information using different parameters

python3 -d -n -p -w -b --whois --enum # You can use other parameters, see help panel

Perform all functions together

python3 -d --all


ballot_box_with_check Enumerate subdomains using passive techniques (like subfinder)

ballot_box_with_check A lot of extra queries to enumerate the DNS

ballot_box_with_check Domain Zone transfer attack

ballot_box_with_check WAF type detection

ballot_box_with_check Common enumeration (CMSs, reverse proxies, jquery…)

ballot_box_with_check Whois target domain

ballot_box_with_check Subdomain Takeover checker

ballot_box_with_check Scan common open ports

ballot_box_with_check Check active subdomains (like httprobe)

ballot_box_with_check Wayback machine support to enumerate endpoints (like waybackurls)

ballot_box_with_check Email harvesting

You can download the program from here. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

AORT, Recon

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).