Argus: Open-source information gathering toolkit

   October 23, 2024  Posted in HelpnetSecurity


Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations.

Argus offers a collection of tools categorized into three main areas:

Network and infrastructure tools

These tools help you gather data about a network, uncovering vital details about servers, IP addresses, DNS records, and more:

  • Associated Hosts: Discover domains associated with the target.
  • DNS Over HTTPS: Resolve DNS securely via encrypted channels.
  • DNS Records: Collect DNS records, including A, AAAA, MX, etc.
  • DNSSEC Check: Verify if DNSSEC is properly configured.
  • Domain Info: Gather information such as registrar details and expiry dates.
  • Domain Reputation Check: Check domain trustworthiness using various reputation sources.
  • IP Info: Retrieve geographic and ownership details of an IP address.
  • Open Ports Scan: Scan the target for open ports and services.
  • Server Info: Extract key server details using various techniques.
  • Server Location: Identify the physical location of the server.
  • SSL Chain Analysis: Analyze the SSL certificate chain for trustworthiness.
  • SSL Expiry Alert: Check SSL certificates for upcoming expiry.
  • TLS Cipher Suites: List the supported TLS ciphers on the server.
  • TLS Handshake Simulation: Simulate a TLS handshake to check for security issues.
  • Traceroute: Trace the path packets take to reach the target.
  • TXT Records: Fetch TXT records, often used for verification purposes.
  • WHOIS Lookup: Perform WHOIS queries to gather domain ownership details.
  • Zone Transfer: Attempt to perform DNS zone transfers.
  • HTTP/2 and HTTP/3 Support Checker: Check if the server supports HTTP/2 and HTTP/3.
Web application analysis tools

These modules focus on understanding the structure and security of web applications:

  • Archive history: View the target’s history using internet archives.
  • Broken links detection: Find broken links that may lead to user frustration or security gaps.
  • Carbon footprint: Evaluate the environmental impact of a website.
  • CMS detection: Detect the type of CMS used, like WordPress, Joomla, etc.
  • Cookies analyzer: Analyze cookies for secure attributes and potential privacy issues.
  • Content discovery: Discover hidden directories, files, and endpoints.
  • Crawler: Crawl the site to uncover data and map out its structure.
  • Robots.txt analyzer: Analyze the robots.txt file for hidden resources.
  • Directory finder: Look for directories that may not be indexed publicly.
  • Email harvesting: Extract email addresses from the target domain.
  • Performance monitoring: Monitor the website’s response time and load performance.
  • Quality metrics: Assess the quality of the site’s content and user experience.
  • Redirect chain: Follow redirects to analyze if they’re safe or malicious.
  • Sitemap parsing: Extract URLs from the site’s sitemap.
  • Social media presence scan: Analyze the social media profiles linked to the target.
  • Technology stack detection: Identify the technologies and frameworks the site uses.
  • Third-party integrations: Discover any third-party services integrated into the site.
Security and threat intelligence tools

The security modules in Argus are designed to assess the target’s defenses and gather threat intelligence:

  • Censys reconnaissance: Use Censys for in-depth details about the target’s assets.
  • Certificate authority Recon: Examine the certificate authority details.
  • Data leak detection: Check for potential data leaks and sensitive data exposure.
  • Exposed environment files checker: Identify publicly exposed .env files.
  • Firewall detection: Identify whether a firewall or WAF is protecting the target.
  • Global ranking: Look up the site’s global ranking to gauge its popularity.
  • HTTP headers: Extract and evaluate HTTP response headers.
  • HTTP security features: Check for secure HTTP headers such as HSTS and CSP.
  • Malware and phishing check: Scan the site for signs of malware and phishing risks.
  • Pastebin monitoring: Search paste sites for leaks associated with the target.
  • Privacy compliance: Verify compliance with GDPR and other privacy regulations.
  • Security.txt check: Locate and analyze the security.txt file for vulnerability disclosure policies.
  • Shodan reconnaissance: Use Shodan to discover open ports, services, and vulnerabilities.
  • SSL Labs report: Get a detailed SSL/TLS assessment via SSL Labs.
  • SSL pinning check: Check if SSL pinning is implemented on the site.
  • Subdomain enumeration: Discover subdomains of the target domain.
  • Subdomain takeover: Test whether subdomains are vulnerable to takeover.
  • VirusTotal scan: Check the target’s reputation using VirusTotal.

Whether you’re conducting research, performing authorized security assessments, or exploring network infrastructures out of curiosity, Argus delivers a wealth of information.

Argus is available for free on GitHub.

Must read:




Source link