Aegis
Aegis is a Windows-friendly, single-file web app for URL reconnaissance, OSINT enrichment, and light semi-offensive checks (opt-in). It’s built for blue/purple teams and learners who want actionable results in a clean UI with history, exports, and subdomain intelligence
Install / Use
/learn @Masriyan/AegisREADME
🔥 Why AEGIS?
Stop wasting hours running 20 different tools. AEGIS combines passive OSINT, active reconnaissance, and threat intelligence into one beautiful interface.
| Traditional Approach | With AEGIS | | ----------------------------------------- | ------------------------------ | | 🔧 Run nmap, then dig, then curl, then... | ⚡ One click, all modules | | 📝 Manual note-taking across tools | 📊 Auto-generated reports | | 🤔 "Did I check the SSL cert?" | ✅ Comprehensive checklists | | 😴 Hours of repetitive work | ☕ Results in under 60 seconds |
✨ Features
🆕 NEW in v4.0 - Innovative Analysis (No API Required!)
| Module | Description | | ------------------------------- | ------------------------------------------------------ | | 🔬 Entropy Scanner | Find secrets using Shannon entropy analysis | | 📝 Wordlist Generator | Auto-generate bruteforce wordlists from target content | | 🔐 Password Policy Detector | Detect password requirements from login forms | | 📈 Technology Timeline | Track tech stack evolution via Archive.org | | 📊 Scan Diff Analyzer | Compare scans and highlight changes | | 🗺️ Attack Surface Mapper | Visualize discovered assets as network graph | | 📋 Report Narratives | Generate management-friendly reports | | ⏰ Delta Alerts | Get notified when significant changes occur |
💡 All v4.0 features work 100% locally - no API keys required!
🚀 NEW in v5.0 - 21 Advanced Features (100% Local!)
<details> <summary><strong>🛡️ Advanced Security (10 modules)</strong></summary>| Module | Description | | ------------------------- | ----------------------------------------------- | | 💰 Crypto Scanner | Detect BTC, ETH, Monero wallet addresses | | 🕵️ Privacy Detector | Find trackers, fingerprinting, analytics pixels | | 🗄️ DB Leak Detector | Catch database errors & info exposure | | 🔓 JS Deobfuscator | Analyze obfuscated malicious JavaScript | | 🎭 Homoglyph Scanner | Find typosquatting domain variants | | 👻 Ghost Finder | Discover hidden paths & admin panels | | 🍯 Honeypot Detector | Identify decoy/canary systems | | 🌍 Geo-Block Detector | Detect geographic restrictions | | ✅ Compliance Checker | Quick GDPR/CCPA/PCI-DSS audit | | 🔮 Vuln Predictor | Predict risks from tech stack |
</details> <details> <summary><strong>🧪 Intelligence & Experimental (11 modules)</strong></summary>| Module | Description | | ------------------------ | ----------------------------------- | | 📹 Media Scanner | Find video, audio, document files | | 📱 Mobile Detector | Find app store links & deep links | | 📧 Email Harvester | Extract newsletter forms & services | | 🎨 Brand Extractor | Extract logos, colors, fonts | | 🧬 Website DNA | Generate unique site fingerprint | | ⏱️ Timing Analyzer | Response timing fingerprinting | | 🔌 API Fuzzer | Discover REST/GraphQL endpoints | | 🔗 Link Graph | Map internal/external links | | 📁 Subdomain Cluster | Group subdomains by purpose | | 💎 Site Value | Estimate website complexity | | 🍪 Cookie Consent | Analyze cookie compliance |
</details>🔥 v5.0 brings 21 NEW modules - all working 100% offline!
🧠 NEW in v6.1 - Enhanced Analysis (100% Local!)
<details> <summary><strong>📊 Intelligent Risk Analysis (3 modules)</strong></summary>| Module | Description | | ------------------------------ | --------------------------------------------- | | 🎯 Security Posture Scorer | 0-100 score with A-F grade and risk breakdown | | 🛤️ Attack Vector Mapper | Map findings to MITRE ATT&CK attack chains | | ✨ Smart Summary Generator | Executive summary with top 5 action items |
</details> <details> <summary><strong>🔍 Deep Content Analysis (4 modules)</strong></summary>| Module | Description | | ---------------------------------- | ------------------------------------------- | | 🔎 HTTP Response Fingerprinter | Detect server, framework, and default pages | | 📝 Input Validation Analyzer | Find form validation weaknesses | | 🛡️ CSP Analysis | Deep Content-Security-Policy audit | | 📋 Form Security Analyzer | CSRF, file upload, hidden field checks |
</details> <details> <summary><strong>🕵️ Response & Session Analysis (6 modules)</strong></summary>| Module | Description | | ----------------------------- | -------------------------------------- | | 🎭 Recon Pattern Detector | Detect bot protection and honeypots | | 📜 JS Complexity Analyzer | Find dangerous functions and DOM sinks | | 🔐 Session Analyzer | Cookie entropy, JWT analysis | | ⏱️ Rate Limit Detector | Identify rate limiting headers | | 📦 Cache Analyzer | Find cache security issues | | 🏷️ Meta Tag Analyzer | Audit robots, referrer, OG data |
</details>🧠 v6.1 adds intelligent analysis with risk scoring, attack mapping, and smart summaries!
🎯 40+ Reconnaissance Modules
<table> <tr> <td width="50%">🔍 Discovery & Fingerprinting
- Web crawler with form & JS extraction
- Technology stack detection
- HTTP header analysis
- WAF/CDN detection
🌐 DNS & Domain Intel
- DNS records (A, AAAA, MX, TXT, NS)
- WHOIS lookup
- Subdomain enumeration (CT logs + bruteforce)
- Subdomain takeover detection
🛡️ Security Analysis
- SSL/TLS grading (A-F score)
- Security headers audit
- CORS misconfiguration check
- Cookie security audit
- JS secrets extraction (API keys, tokens)
- HTTP method enumeration
🎭 Threat Intelligence
- VirusTotal integration
- Shodan lookup
- GreyNoise classification
- AbuseIPDB reputation
- AlienVault OTX
- MITRE ATT&CK mapping
💎 Premium UI/UX
- Glassmorphism design with animated gradients
- Floating particles for that premium feel
- Real-time progress with module-by-module status
- One-click exports: PDF, JSON, CSV, STIX
🤖 Automation Built-In
- Scheduled scans - Set it and forget it
- Slack alerts - Get notified when risk scores spike
- Ticket webhooks - Auto-create Jira/ServiceNow issues
- Delta detection - "What changed since last scan?"
🚀 Quick Start
# Clone the repo
git clone https://github.com/Masriyan/Aegis.git
cd Aegis
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\Activate.ps1
# Install dependencies
pip install Flask requests beautifulsoup4 dnspython python-whois python-dotenv
# Optional: Enable all features
pip install weasyprint pyppeteer playwright boto3
playwright install chromium
# Configure API keys
cp .env.example .env
nano .env
# Launch! 🚀
python aegis.py
Open http://127.0.0.1:8080 and start hunting!
📸 What You'll See
🏠 Modern Home Page
┌─────────────────────────────────────────────────────────────┐
│ ⚔️ AEGIS — Automated Enrichment & Global Intelligence │
│ │
│ [═══════════════════════] Enter target URL │
│ │
│ 🔍 Discovery 🌐 DNS Intel 🛡️ Security 🎭 Threat │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ ☑ Crawl │ │ ☑ DNS │ │ ☑ SSL/TLS│ │ ☑ VT │ │
│ │ ☑ Tech │ │ ☑ WHOIS │ │ ☑ CORS │ │ ☑ Shodan │ │
│ │ ☑ WAF │ │ ☑ Subs │ │ ☑ Cookies│ │ ☑ OTX │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ [ 🔥 START THREAT HUNT ] │
└─────────────────────────────────────────────────────────────┘
📊 Results Dashboard
┌─────────────────────────────────────────────────────────────┐
│ THREAT HUNT RESULTS │
│ ─────────────────── │
│
