Argus: Comprehensive Toolkit for Network Reconnaissance and Security Analysis
Argus is a Python-based CLI tool for automated data collection on networks, web applications, and security measures. It combines modules for OSINT, infrastructure analysis, and vulnerability detection. Installation is straightforward: clone the repository, install dependencies with pip install -r requirements.txt, and run python argus.py. The tool targets mid-level/senior security specialists, delivering data without manual parsing from multiple sources.
The menu is divided into three categories: network/infrastructure, web applications, security/threats. Each module prompts for a target (domain/IP) and outputs a structured report.
Network Infrastructure Modules
These features focus on basic fingerprinting and reconnaissance:
- Related hosts and subdomains: identifying associated domains.
- DNS records (A, AAAA, MX, TXT): full dump with zone transfer attempt.
- WHOIS and domain info: registrar, dates, status.
- IP geolocation and owner.
- Port scanning and traceroute.
- SSL/TLS analysis: certificate chain, expiry, supported cipher suites, TLS handshake simulation.
- DNSSEC validation and DoH (DNS over HTTPS).
- HTTP/2, HTTP/3 support.
Example: The server info module extracts OS, web server, and frameworks via banner grabbing and passive recon.
Web Application Analysis
Modules for mapping and auditing web structures:
- CMS detection (WordPress, Joomla, etc.).
- Tech stack reconnaissance: frameworks, libraries, third-party integrations.
- Directory/file bruteforce and content discovery.
- Sitemap parsing, robots.txt analysis.
- Broken links, redirect chains.
- Cookie security scan.
- Email harvesting from the domain.
- Performance metrics: TTFB, Lighthouse-like scores.
- Social media presence scan.
- Archive history (Wayback Machine).
These tools build a site map, revealing hidden endpoints and legacy content. Useful for bug bounty and pentest scoping.
Security and Threat Intelligence Modules
Focus on security mechanisms and leak detection:
- HTTP security headers (HSTS, CSP, etc.).
- WAF/firewall detection.
- Data leaks: .env files, Pastebin monitoring.
- Malware/phishing scan via VirusTotal.
- SSL Labs grade, certificate pinning.
- GDPR compliance check.
- Security.txt parsing.
- Shodan/Censys queries for exposed assets.
- Subdomain takeover vulnerability.
| Category | Key Modules | Output |
|-----------|----------------|--------|
| Network | Port scan, Traceroute | Open ports, latency |
| Web | Dir search, Tech stack | Structure, versions |
| Security | Headers, Leaks | Vulnerabilities, compliance |
Practical Usage
Launch: python argus.py → select module → enter target. Results in terminal, with export options.
Examples:
- Email collection: scans public sources, outputs unique addresses.
- HTTP headers: detailed breakdown, flags missing headers.
- Sitemap parsing: extracts all URLs, filters parameters.
- Social scan: finds profiles on Twitter, LinkedIn, etc.
- Subdomain enum: combines passive/active methods.
For automation, integrate into scripts via subprocess or study the source on GitHub.
Key Points:
- Argus aggregates data from 50+ sources (Shodan, Censys, VirusTotal) without API keys in the base version.
- IPv6 support, DoH/DoT for evasion.
- Built-in rate limiting minimizes bans.
- Authorized use only: comply with target ToS and local laws.
- Open-source: fork for custom modules.
The tool speeds up the recon phase 3–5 times compared to manual tools, while maintaining accuracy.
— Editorial Team
No comments yet.