AegisAPI is a single-file Python tool that performs passive + active reconnaissance, vulnerability testing, and Shodan enrichment against one domain, then writes an HTML report.
- Passive recon via Google Dorks
- Active recon with
gau,waybackurls - Vulnerability tests: LFI, RFI, XSS, SQLi, Open Redirect
- Shodan integration (ports, services, OS)
- Bootstrap-styled HTML report
- Python 3.8+ & pip
python3 -m pip install -r requirements.txt- Go-based tools
# install Go first: https://go.dev/dl/
go install github.com/lc/gau@latest
go install github.com/tomnomnom/waybackurls@latest
go install github.com/tomnomnom/qsreplace@latest
# ensure ~/go/bin is in %%PATH%%- Clone repo
- Install deps
- Run scan
python3 aegisapi.py example.com YOUR_SHODAN_API_KEY- View report
Openaegis_results/aegis_report.htmlin any browser.
aegis_results/aegis_report.html- passive_urls.txt
- active_urls.txt
- endpoints.txt
- Only scan targets you own or have explicit permission to test.
- AegisAPI is for educational & authorized security testing only.