🛡️ The Swiss Army Knife of Threat Hunting
One URL. Thirty modules. Infinite insights.
Features • Quick Start • Modules • Screenshots • Configuration
Stop wasting hours running 20 different tools. AEGIS combines passive OSINT, active reconnaissance, and threat intelligence into one beautiful interface.
| Traditional Approach | With AEGIS |
|---|---|
| 🔧 Run nmap, then dig, then curl, then... | ⚡ One click, all modules |
| 📝 Manual note-taking across tools | 📊 Auto-generated reports |
| 🤔 "Did I check the SSL cert?" | ✅ Comprehensive checklists |
| 😴 Hours of repetitive work | ☕ Results in under 60 seconds |
| Module | Description |
|---|---|
| 🔬 Entropy Scanner | Find secrets using Shannon entropy analysis |
| 📝 Wordlist Generator | Auto-generate bruteforce wordlists from target content |
| 🔐 Password Policy Detector | Detect password requirements from login forms |
| 📈 Technology Timeline | Track tech stack evolution via Archive.org |
| 📊 Scan Diff Analyzer | Compare scans and highlight changes |
| 🗺️ Attack Surface Mapper | Visualize discovered assets as network graph |
| 📋 Report Narratives | Generate management-friendly reports |
| ⏰ Delta Alerts | Get notified when significant changes occur |
💡 All v4.0 features work 100% locally - no API keys required!
🛡️ Advanced Security (10 modules)
| Module | Description |
|---|---|
| 💰 Crypto Scanner | Detect BTC, ETH, Monero wallet addresses |
| 🕵️ Privacy Detector | Find trackers, fingerprinting, analytics pixels |
| 🗄️ DB Leak Detector | Catch database errors & info exposure |
| 🔓 JS Deobfuscator | Analyze obfuscated malicious JavaScript |
| 🎭 Homoglyph Scanner | Find typosquatting domain variants |
| 👻 Ghost Finder | Discover hidden paths & admin panels |
| 🍯 Honeypot Detector | Identify decoy/canary systems |
| 🌍 Geo-Block Detector | Detect geographic restrictions |
| ✅ Compliance Checker | Quick GDPR/CCPA/PCI-DSS audit |
| 🔮 Vuln Predictor | Predict risks from tech stack |
🧪 Intelligence & Experimental (11 modules)
| Module | Description |
|---|---|
| 📹 Media Scanner | Find video, audio, document files |
| 📱 Mobile Detector | Find app store links & deep links |
| 📧 Email Harvester | Extract newsletter forms & services |
| 🎨 Brand Extractor | Extract logos, colors, fonts |
| 🧬 Website DNA | Generate unique site fingerprint |
| ⏱️ Timing Analyzer | Response timing fingerprinting |
| 🔌 API Fuzzer | Discover REST/GraphQL endpoints |
| 🔗 Link Graph | Map internal/external links |
| 📁 Subdomain Cluster | Group subdomains by purpose |
| 💎 Site Value | Estimate website complexity |
| 🍪 Cookie Consent | Analyze cookie compliance |
🔥 v5.0 brings 21 NEW modules - all working 100% offline!
📊 Intelligent Risk Analysis (3 modules)
| Module | Description |
|---|---|
| 🎯 Security Posture Scorer | 0-100 score with A-F grade and risk breakdown |
| 🛤️ Attack Vector Mapper | Map findings to MITRE ATT&CK attack chains |
| ✨ Smart Summary Generator | Executive summary with top 5 action items |
🔍 Deep Content Analysis (4 modules)
| Module | Description |
|---|---|
| 🔎 HTTP Response Fingerprinter | Detect server, framework, and default pages |
| 📝 Input Validation Analyzer | Find form validation weaknesses |
| 🛡️ CSP Analysis | Deep Content-Security-Policy audit |
| 📋 Form Security Analyzer | CSRF, file upload, hidden field checks |
🕵️ Response & Session Analysis (6 modules)
| Module | Description |
|---|---|
| 🎭 Recon Pattern Detector | Detect bot protection and honeypots |
| 📜 JS Complexity Analyzer | Find dangerous functions and DOM sinks |
| 🔐 Session Analyzer | Cookie entropy, JWT analysis |
| ⏱️ Rate Limit Detector | Identify rate limiting headers |
| 📦 Cache Analyzer | Find cache security issues |
| 🏷️ Meta Tag Analyzer | Audit robots, referrer, OG data |
🧠 v6.1 adds intelligent analysis with risk scoring, attack mapping, and smart summaries!
|
🔍 Discovery & Fingerprinting
|
🌐 DNS & Domain Intel
|
|
🛡️ Security Analysis
|
🎭 Threat Intelligence
|
- Glassmorphism design with animated gradients
- Floating particles for that premium feel
- Real-time progress with module-by-module status
- One-click exports: PDF, JSON, CSV, STIX
- Scheduled scans - Set it and forget it
- Slack alerts - Get notified when risk scores spike
- Ticket webhooks - Auto-create Jira/ServiceNow issues
- Delta detection - "What changed since last scan?"
# Clone the repo
git clone https://github.com/Masriyan/Aegis.git
cd Aegis
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\Activate.ps1
# Install dependencies
pip install Flask requests beautifulsoup4 dnspython python-whois python-dotenv
# Optional: Enable all features
pip install weasyprint pyppeteer playwright boto3
playwright install chromium
# Configure API keys
cp .env.example .env
nano .env
# Launch! 🚀
python aegis.pyOpen http://127.0.0.1:8080 and start hunting!
┌─────────────────────────────────────────────────────────────┐
│ ⚔️ AEGIS — Automated Enrichment & Global Intelligence │
│ │
│ [═══════════════════════] Enter target URL │
│ │
│ 🔍 Discovery 🌐 DNS Intel 🛡️ Security 🎭 Threat │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ ☑ Crawl │ │ ☑ DNS │ │ ☑ SSL/TLS│ │ ☑ VT │ │
│ │ ☑ Tech │ │ ☑ WHOIS │ │ ☑ CORS │ │ ☑ Shodan │ │
│ │ ☑ WAF │ │ ☑ Subs │ │ ☑ Cookies│ │ ☑ OTX │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ [ 🔥 START THREAT HUNT ] │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ THREAT HUNT RESULTS │
│ ─────────────────── │
│ │
│ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────────┐│
│ │ 12 │ │ 4 │ │ 0 │ │ 2.3s │ │ RISK: 45 ││
│ │Subdoms │ │Headers │ │VT Hits │ │Duration│ │ ⚠️ MEDIUM ││
│ └────────┘ └────────┘ └────────┘ └────────┘ └────────────┘│
│ │
│ ▼ SSL/TLS Analysis ─────────────────────── Grade: A │
│ ▼ MITRE ATT&CK ──────────────────────── 3 techniques │
│ ▼ Cookie Audit ─────────────────────────── Score: 85% │
│ ▼ JS Secrets ─────────────────────────── 0 findings ✅ │
└─────────────────────────────────────────────────────────────┘
| Category | Module | What It Does |
|---|---|---|
| 🔍 Discovery | Crawler | Pages, emails, forms, JS files, social links |
| 🔍 Discovery | Fingerprint | Tech stack detection (React, WordPress, etc.) |
| 🔍 Discovery | WAF Detect | Cloudflare, AWS WAF, Akamai, Imperva |
| 🌐 DNS | Records | A, AAAA, MX, NS, TXT, SOA |
| 🌐 DNS | Subdomains | CT logs + bruteforce enumeration |
| 🌐 DNS | Takeover | Dangling CNAME detection for 10+ services |
| 🛡️ Security | SSL/TLS | Protocol, cipher, cert chain, expiry |
| 🛡️ Security | Headers | HSTS, CSP, X-Frame-Options audit |
| 🛡️ Security | CORS | Origin reflection, wildcard detection |
| 🛡️ Security | Cookies | Secure, HttpOnly, SameSite flags |
| 🛡️ Security | JS Secrets | AWS keys, tokens, passwords in code |
| 🛡️ Security | Port Scan | Top 18 ports with service ID |
| 🎭 Intel | VirusTotal | URL reputation from 70+ engines |
| 🎭 Intel | Shodan | Open ports, services, vulnerabilities |
| 🎭 Intel | GreyNoise | Actor classification |
| 🎭 Intel | MITRE ATT&CK | Auto-map findings to techniques |
| SPF/DKIM/DMARC | Email security posture grading | |
| HIBP | Breach exposure for found emails | |
| 💡 v4.0 | Entropy Scan | Find secrets via Shannon entropy analysis |
| 💡 v4.0 | Wordlist Gen | Generate bruteforce wordlists from target |
| 💡 v4.0 | Password Policy | Detect password requirements from forms |
| 💡 v4.0 | Tech Timeline | Track tech changes via Archive.org |
| 💡 v4.0 | Scan Diff | Compare scans and highlight changes |
| 💡 v4.0 | Attack Map | Visualize attack surface as graph |
| 💡 v4.0 | Report Narrative | Management-friendly reports |
| 💡 v4.0 | Delta Alerts | Alert on significant changes |
Create a .env file with your API keys:
# 🎭 Threat Intelligence
VT_API_KEY=your_virustotal_key
SHODAN_API_KEY=your_shodan_key
GREYNOISE_API_KEY=your_greynoise_key
OTX_API_KEY=your_alienvault_key
ABUSEIPDB_API_KEY=your_abuseipdb_key
# 🔔 Notifications
SLACK_WEBHOOK_URL=https://hooks.slack.com/...
ALERT_THRESHOLD=60
# 🎫 Ticketing
TICKET_WEBHOOK_URL=https://your-jira.atlassian.net/...
AUTO_TICKET_THRESHOLD=70Note: AEGIS works without API keys! Modules gracefully skip if keys are missing.
1. Schedule hourly scans on crown-jewel domains
2. Get Slack alerts when risk scores spike
3. Track subdomain changes over time
4. Export evidence for incident reports
1. Enumerate all subdomains and open ports
2. Find exposed credentials in JS files
3. Check for subdomain takeover opportunities
4. Map findings to MITRE ATT&CK techniques
1. Rapid target profiling
2. Technology stack identification
3. Email harvesting for phishing prep
4. API endpoint discovery
We welcome contributions! Check out:
- 🐛 Issues
- 🔀 Pull Requests
- Create your function returning a dict
- Register in
run_scan()viarun_mod() - Add checkbox in
INDEX_HTML - Add render logic in
RESULTS_HTML
Only scan assets you own or have explicit authorization to test.
AEGIS is designed for:
- ✅ Security researchers with permission
- ✅ Bug bounty hunters on in-scope targets
- ✅ Blue teams monitoring their own infrastructure
- ✅ Penetration testers with signed agreements
MIT License - See LICENSE for details.
Built with ❤️ by Masriyan
Star ⭐ this repo if AEGIS saved you hours of work!
