__ _______________________ _________._________________________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

aquatone Cheatsheet

← Back to cheatsheets

← Home

Aquatone is a tool for visual inspection of websites across a large number of hosts. It takes screenshots of web pages and creates an HTML report for easy browsing and analysis.

Basic Usage

  • cat hosts.txt | aquatone - Screenshot hosts from file
  • echo "example.com" | aquatone - Screenshot single host

Input Methods

  • Pipe hostnames/URLs via stdin
  • One target per line
  • Accepts hostnames, IPs, or full URLs

Options

  • -out <dir> - Output directory (default: ./aquatone)
  • -ports <ports> - Ports to scan (see below)
  • -threads <num> - Concurrent threads (default: 8)
  • -timeout <ms> - Screenshot timeout in ms (default: 30000)
  • -http-timeout <ms> - HTTP request timeout (default: 10000)
  • -scan-timeout <ms> - Port scan timeout (default: 3000)
  • -screenshot-timeout <ms> - Screenshot timeout (default: 30000)
  • -silent - Suppress output
  • -nmap - Parse nmap XML file
  • -chrome-path <path> - Path to Chrome/Chromium
  • -proxy <url> - HTTP proxy

Port Presets

  • -ports small - 80, 443
  • -ports medium - 80, 443, 8000, 8080, 8443
  • -ports large - 80, 81, 443, 591, 2082, 2087, 2095, 2096, 3000, 8000, 8001, 8008, 8080, 8083, 8443, 8834, 8888
  • -ports xlarge - Extended list of common web ports
  • -ports <custom> - Comma-separated list (e.g., 80,443,8080)

Output Files

  • aquatone_report.html - Main HTML report
  • aquatone_urls.txt - Discovered URLs
  • aquatone_session.json - Session data
  • headers/ - Response headers
  • html/ - Response bodies
  • screenshots/ - Screenshot images

Common Examples

Basic Screenshot

cat subdomains.txt | aquatone

Screenshot all subdomains.

Custom Output Directory

cat hosts.txt | aquatone -out ./results

Save to specific directory.

Extended Port Scan

cat hosts.txt | aquatone -ports large

Check more common web ports.

Custom Ports

cat hosts.txt | aquatone -ports 80,443,8080,8443

Specify exact ports to check.

Faster Scanning

cat hosts.txt | aquatone -threads 20

Increase concurrent threads.

With Nmap Results

cat nmap_scan.xml | aquatone -nmap

Parse nmap XML output for targets.

Pipeline with Subfinder

subfinder -d example.com -silent | aquatone

Combine with subdomain discovery.

Full Pipeline

subfinder -d example.com -silent | httpx -silent | aquatone

Discover, probe, and screenshot.

Through Proxy

cat hosts.txt | aquatone -proxy http://127.0.0.1:8080

Route through Burp Suite.

Tips

  • Use httpx first to filter live hosts
  • Increase threads for large target lists
  • Use -ports large for thorough scanning
  • Check the HTML report for visual analysis
  • Screenshots help identify interesting targets
  • Headers can reveal server info and security configs
  • Requires Chrome/Chromium for screenshots
  • Consider gowitness as an alternative
  • Always get authorization before scanning

← Back to cheatsheets

← Home