Actarus code release

Actarus is a custom tool that can perform automatic recon and store all datas in a database. Afterwards you could consult/search keywords in it to find vulnerabilities or at least entry points.

After some months of inactivity, I finally decided to publicly release the source code of Actarus. I started this project to learn Symfony, now I hate it. Maybe someone will give him another chance to grow up.

Below a quick list of Actarus features:

  • project managment
  • server managment
  • domain managment
  • host (subdomain) managment
  • task managment, priority, autokill
  • automatic recon
  • result interpretation and callback
  • alert managment and automatic generation
  • technology managment and gathering
  • multi processing
  • clustering
  • HackerOne interaction


Here is a video that shows the web gui: video actarus


Here is the git repository. https://github.com/gwen001/actarus https://github.com/gwen001/actarus


I also created a Virtual machine with VirtualBox for people who want to test the project but not install/configure it (yes, it’s pain in the ass).
Download the VM


I really think that this tool could help bounty hunters in their daily task. I had the opportunity to test it on 3 dedicated servers at the same time and the result was awesome. 30 task paralellized for 1 week, nights and days, the amount of data collected was huge but because of the interpreter and the search engines, it’s pretty easy to extract Wordpress install, svn repositories, directory listing or whatever you are looking for.

Kick the bucket

I already wrote [a post about Amazon S3 buckets](/playing-with-s3-buckets/) but they became so popular these last weeks that many people...… Continue reading

« Vulnerabilities list

Published on April 05, 2017

Subdomain takeover - DNS expiration »

Published on October 12, 2016