— catalog

76 tools, one orchestrator.

AEGIS uses whatever it finds on the host and skips the rest. Install everything in one shot with aegis env install --missing, or use the Docker image which ships them all.

— Subdomain enumeration & DNS

12 tools

subfinder

Passive subdomain enumeration via 30+ sources

amass

Deep, both passive and active subdomain discovery

assetfinder

Fast subdomain finder from public sources

findomain

Cross-platform subdomain enumerator

dnsx

DNS toolkit for fast brute and resolve

dnsrecon

DNS enumeration, zone walks, cache snooping

dnstwist

Typo-squatting and domain permutation

shuffledns

Mass DNS resolution and bruteforce

puredns

Wildcard-aware subdomain bruteforce

massdns

Pure-C stub resolver at line rate

alterx

Subdomain permutation pattern generator

asnmap

ASN → CIDR mapping at scale

— HTTP probing & fingerprinting

8 tools

httpx

Fast HTTP toolkit: status, tech, TLS, redirects

httprobe

Test which hosts respond on http/https

whatweb

Web technology fingerprinter

wafw00f

WAF identification

cdncheck

CDN / cloud provider identification

tlsx

TLS handshake fingerprinting

sslscan

Quick TLS cipher/protocol scan

sslyze

Deep TLS configuration audit

— Web vuln scanning

14 tools

nuclei

8000+ templates, the backbone of vuln scanning

nikto

Classic web server scanner

sqlmap

Automated SQLi detection and exploitation

nosqlmap

NoSQL injection scanning

sstimap

Server-side template injection

dalfox

Parameter-based XSS scanner

xsstrike

Advanced XSS detection

kxss

Quick reflection-based XSS probe

crlfuzz

CRLF injection scanner

smuggler

HTTP request smuggling detection

h2csmuggler

h2c smuggling detection

commix

Command injection scanner

wapiti

General web app vulnerability scanner

arjun

Hidden HTTP parameter discovery

— Content discovery & crawling

13 tools

ffuf

Fast web fuzzer (content, vhost, parameter)

gobuster

Directory/file brute-forcer

feroxbuster

Recursive content discovery

dirsearch

Path enumeration

katana

JS-aware crawler from ProjectDiscovery

hakrawler

Web endpoint discovery crawler

gospider

Spider with JS parsing

gau

Pull URLs from Wayback / AlienVault / CommonCrawl

waybackurls

URLs from the Wayback Machine

paramspider

Parameter mining from archives

linkfinder

Extract endpoints from JS files

secretfinder

Find secrets in JS files

getjs

Extract JS files from a target

— Port scanning & network

6 tools

nmap

The standard port/service scanner

masscan

Internet-scale TCP scanner

naabu

Fast port scanner from ProjectDiscovery

enum4linux

SMB / NetBIOS enumeration

smbmap

SMB share enumeration and access check

hydra

Network login brute-forcer

— Secrets & code

4 tools

trufflehog

Verified-secret scanner with 800+ detectors

gitleaks

Git history secret scanner

semgrep

Multi-language static analysis

retire

Outdated JS library detection

— Cloud & containers

5 tools

trivy

Container, IaC, and SBOM vulnerability scanner

grype

Container image vulnerability scanner

syft

SBOM generator

s3scanner

Scan and dump misconfigured S3 buckets

cloudfox

Cloud attack surface mapper

— CMS-specific

4 tools

wpscan

WordPress audit

joomscan

Joomla audit

droopescan

Drupal / Silverstripe scanner

cmseek

CMS detector for 100+ platforms

— Auth & specialised

10 tools

jwt_tool

JWT manipulation and brute-force

graphql-cop

GraphQL endpoint security audit

subjack

Subdomain takeover checks

subzy

Subdomain takeover scanner

gowitness

Screenshot websites at scale

theharvester

OSINT email / subdomain harvester

bbot

Recon framework, 100+ modules

kiterunner

API route discovery

websocat

WebSocket Swiss-army knife

graphify

AEGIS source-code intelligence

— extend

Don't see your tool?

Adding a wrapper takes about 30 lines of Python. See the Extending AEGIS guide.