Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.

Overview

AQUATONE

Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.

Installation

  1. Install Google Chrome or Chromium browser -- Note: Google Chrome is currently giving unreliable results when running in headless mode, so it is recommended to install Chromium for the best results.
  2. Download the latest release of Aquatone for your operating system.
  3. Uncompress the zip file and move the aquatone binary to your desired location. You probably want to move it to a location in your $PATH for easier use.

Compiling the source code

If you for some reason don't trust the pre-compiled binaries, you can also compile the code yourself. You are on your own if you want to do this. I do not support compiling problems. Good luck with it!

Usage

Command-line options:

  -chrome-path string
    	Full path to the Chrome/Chromium executable to use. By default, aquatone will search for Chrome or Chromium
  -debug
    	Print debugging information
  -http-timeout int
    	Timeout in miliseconds for HTTP requests (default 3000)
  -nmap
    	Parse input as Nmap/Masscan XML
  -out string
    	Directory to write files to (default ".")
  -ports string
    	Ports to scan on hosts. Supported list aliases: small, medium, large, xlarge (default "80,443,8000,8080,8443")
  -proxy string
    	Proxy to use for HTTP requests
  -resolution string
    	screenshot resolution (default "1440,900")
  -save-body
    	Save response bodies to files (default true)
  -scan-timeout int
    	Timeout in miliseconds for port scans (default 100)
  -screenshot-timeout int
    	Timeout in miliseconds for screenshots (default 30000)
  -session string
    	Load Aquatone session file and generate HTML report
  -silent
    	Suppress all output except for errors
  -template-path string
    	Path to HTML template to use for report
  -threads int
    	Number of concurrent threads (default number of logical CPUs)
  -version
    	Print current Aquatone version

Giving Aquatone data

Aquatone is designed to be as easy to use as possible and to integrate with your existing toolset with no or minimal glue. Aquatone is started by piping output of a command into the tool. It doesn't really care how the piped data looks as URLs, domains, and IP addresses will be extracted with regular expression pattern matching. This means that you can pretty much give it output of any tool you use for host discovery.

IPs, hostnames and domain names in the data will undergo scanning for ports that are typically used for web services and transformed to URLs with correct scheme. If the data contains URLs, they are assumed to be alive and do not undergo port scanning.

Example:

$ cat targets.txt | aquatone

Output

When Aquatone is done processing the target hosts, it has created a bunch of files and folders in the current directory:

  • aquatone_report.html: An HTML report to open in a browser that displays all the collected screenshots and response headers clustered by similarity.
  • aquatone_urls.txt: A file containing all responsive URLs. Useful for feeding into other tools.
  • aquatone_session.json: A file containing statistics and page data. Useful for automation.
  • headers/: A folder with files containing raw response headers from processed targets
  • html/: A folder with files containing the raw response bodies from processed targets. If you are processing a large amount of hosts, and don't need this for further analysis, you can disable this with the -save-body=false flag to save some disk space.
  • screenshots/: A folder with PNG screenshots of the processed targets

The output can easily be zipped up and shared with others or archived.

Changing the output destination

If you don't want Aquatone to create files in the current working directory, you can specify a different location with the -out flag:

$ cat hosts.txt | aquatone -out ~/aquatone/example.com

It is also possible to set a permanent default output destination by defining an environment variable:

export AQUATONE_OUT_PATH="~/aquatone"

Specifying ports to scan

Be default, Aquatone will scan target hosts with a small list of commonly used HTTP ports: 80, 443, 8000, 8080 and 8443. You can change this to your own list of ports with the -ports flag:

$ cat hosts.txt | aquatone -ports 80,443,3000,3001

Aquatone also supports aliases of built-in port lists to make it easier for you:

  • small: 80, 443
  • medium: 80, 443, 8000, 8080, 8443 (same as default)
  • large: 80, 81, 443, 591, 2082, 2087, 2095, 2096, 3000, 8000, 8001, 8008, 8080, 8083, 8443, 8834, 8888
  • xlarge: 80, 81, 300, 443, 591, 593, 832, 981, 1010, 1311, 2082, 2087, 2095, 2096, 2480, 3000, 3128, 3333, 4243, 4567, 4711, 4712, 4993, 5000, 5104, 5108, 5800, 6543, 7000, 7396, 7474, 8000, 8001, 8008, 8014, 8042, 8069, 8080, 8081, 8088, 8090, 8091, 8118, 8123, 8172, 8222, 8243, 8280, 8281, 8333, 8443, 8500, 8834, 8880, 8888, 8983, 9000, 9043, 9060, 9080, 9090, 9091, 9200, 9443, 9800, 9981, 12443, 16080, 18091, 18092, 20720, 28017

Example:

$ cat hosts.txt | aquatone -ports large

Usage examples

Aquatone is designed to play nicely with all kinds of tools. Here's some examples:

Amass DNS enumeration

Amass is currently my preferred tool for enumerating DNS. It uses a bunch of OSINT sources as well as active brute-forcing and clever permutations to quickly identify hundreds, if not thousands, of subdomains on a domain:

$ amass -active -brute -o hosts.txt -d yahoo.com
alerts.yahoo.com
ads.yahoo.com
am.yahoo.com
- - - SNIP - - -
prd-vipui-01.infra.corp.gq1.yahoo.com
cp103.mail.ir2.yahoo.com
prd-vipui-01.infra.corp.bf1.yahoo.com
$ cat hosts.txt | aquatone

There are plenty of other DNS enumeration tools out there and Aquatone should work just as well with any other tool:

Nmap or Masscan

Aquatone can make a report on hosts scanned with the Nmap or Masscan portscanner. Simply feed Aquatone the XML output and give it the -nmap flag to tell it to parse the input as Nmap/Masscan XML:

$ cat scan.xml | aquatone -nmap

Credits

  • Thanks to EdOverflow for the can-i-take-over-xyz project which Aquatone's domain takeover capability is based on.
  • Thanks to Elbert Alias for the Wappalyzer project's technology fingerprints which Aquatone's technology fingerprinting capability is based on.
Issues
  • aquatone-gather - JSON::ParserError

    aquatone-gather - JSON::ParserError

    Hi there, first of all thank you for this great tool, this will really save a lot of time :-)

    I just went to the whole process: I added an api-key for shodan and did a normal discover with aquatone-discover --domain example.com Afterwards I scanned the results with aquatone-scan --domain example.com

    Now when it comes to the gather step I get the following output:

    aquatone-gather --domain example.com
                               __
      ____ _____ ___  ______ _/ /_____  ____  ___
     / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
    / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
    \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
            /_/  gather v0.1.0 - by @michenriksen
    
    Processing 2877 pages...
       Failed: https://123.104.232.144:8443/ (na49.example.com) - JSON::ParserError: A JSON text must at least contain two octets! 
       Failed: https://123.104.42.103/ (na38-phx.example.com) - JSON::ParserError: A JSON text must at least contain two octets! 
       Failed: https://123.104.59.97/ (dcl7.example.com) - JSON::ParserError: A JSON text must at least contain two octets! 
    

    This is displayed for all urls in the list

    opened by lam0r 13
  • Aquatone still fails to work against targets with invalid SSL certs.

    Aquatone still fails to work against targets with invalid SSL certs.

    Aquatone will not grab a screenshot of any target whose SSL certificate is expired, doesn't match the correct hostname, or is otherwise invalid.

    Steps to reproduce:

    1. run the following command using any of the proposed tests at https://badssl.com:
    ❯ echo 'https://expired.badssl.com' | aquatone
    ❯ echo 'https://wrong.host.badssl.com' | aquatone
    ❯ echo 'https://self-signed.badssl.com' | aquatone
    ...
    
    1. observe how the screenshot hasn't been taken
    opened by eur0pa 12
  • Screenshot failed with Prebuild Version

    Screenshot failed with Prebuild Version

    Hi, is used your prebuild Version 1.7 and it doesnt work straight forward and don´t take any Screenshot Pictures. My System Setup has a running Go and also a Selenium Version.

    How are the screenshots taken? Are there any libraries needed? I do not want switching to Chromium.

    Thank you for your replay. Greetz auqatone

    opened by fuuddanni 9
  • cat targets.txt | aquatone showing no command found

    cat targets.txt | aquatone showing no command found

    I think I am asking silly que but there is lack of any new tuts around since the new code came. I am running the binary ./aquatone then it show started at (date).. after that cat targets.txt | aquatone will show no commands found. What silly thing I am missing?

    opened by ghost 9
  • Too many/long headers falsely fail with incompatibility error

    Too many/long headers falsely fail with incompatibility error

    Due to the method of the communication between Ruby and Node.js (nightmare.rb and aquatone.js), it is possible that an output too large will not output all of the data and produce partial, malformed JSON. The most probable (and common) way the output would be too large, is when the page's response contains large or multiple headers. This will lead to an inaccurate incompatibility error like this:

    ➜  localhost.dev aquatone-gather --domain localhost.dev
                               __
      ____ _____ ___  ______ _/ /_____  ____  ___
     / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
    / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
    \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
            /_/  gather v0.4.1 - by @michenriksen
    
    Installing Nightmare.js package, please wait... Done
    
    Processing 1 pages...
    
    Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
    

    (sidenote: incompatability is not a word, incompatibility is)

    This issue can be reproduced with an example server/environment (example command to run can be seen above):

    ~/
    ├── aquatone/
    │   └── localhost.dev/
    |       ├── hosts.txt
    |       └── open_ports.txt
    └── aquatone-longheaders-server.rb
    

    hosts.txt

    localhost,127.0.0.1
    

    open_ports.txt

    127.0.0.1,8989
    

    aquatone-longheaders-server.rb

    require 'socket'
    
    server = TCPServer.new('127.0.0.1', 8989)
    
    loop do
      socket = server.accept
    
      request = socket.gets
    
      STDERR.puts request
    
      socket.print "HTTP/1.1 200 OK\r\n" +
                   "Content-Type: text/plain\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "X-Long-Header: bmljZSBqb2IsIHlvdSBoYXZlIGZvdW5kIGFuIGVhc3RlciBlZ2chIGkgd29uZGVyIGhvdyB5b3UgbWFkZSBpdCBoZXJlLi4uPyBhbnl3YXlzLCB0aGlzIHRleHQgc2hvdWxkIGJlIGxvbmcgZW5vdWdoLiBnb29kYnllIQ\r\n" +
                   "Content-Length: 0\r\n" +
                   "Connection: close\r\n"
    
      socket.print "\r\n"
    
      socket.close
    end
    

    This issue may be the cause of issues #12 and #55.

    opened by jolle 9
  • False positives for cloudfront subdomain takeover

    False positives for cloudfront subdomain takeover

    Most of the time aquatone returns false positives while checking for subdomains pointing to Cloudfront. I believe the root cause for this issue is aquatone checks only HTTP version of the subdomain and not HTTPS. In the case of Cloudfront, both HTTP and HTTPS should show "Bad request" for a successful subdomain takeover.

    opened by streaak 9
  • Issue in

    Issue in " aquatone-gather -d domain.com "

    hey, whenever i run aquatone-gather -d domain.com i get the following error.

    aquatone but nodejs as you can see is already installed : 1 - nodejs

    2 - whereisnodejs

    how can i fix this ? thanks

    opened by testuser100101 8
  • Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11), even I use the xvfb-run

    Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11), even I use the xvfb-run

    [email protected]:~# xvfb-run aquatone-gather --domain vip.com __ ____ _____ ___ ______ / /____ ____ ___ / __ / __/ / / / __ `/ / __ / __ / _
    / // / // / // / // / // // / / / / / _,/_, /_,/_,/_/_// /_/_
    / /_/ gather v0.5.0 - by @michenriksen

    Processing 475 pages...

    Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)

    opened by mendickxiao 7
  • binary hangs

    binary hangs

    wow open issue #52! :D

    i am using the precompiled binary on a fresh kali 2020.1 box. running aquatone domain.com just hangs forever. appending -debug does nothing.

    opened by chppppp 6
  • Nightmarejs must be run on a system with a graphical desktop session (X11) | In Kali Linux

    Nightmarejs must be run on a system with a graphical desktop session (X11) | In Kali Linux

    Hey,

    I was using this great tool from a long time but today as i setup a new Kali VM machine & installed all the required tools and after working with aquatone-gather and got stuck on the error "Nightmarejs must be run on a system with a graphical desktop session (X11)" I tried to resolve the issue by doing some google search but haven't got any way to patch it up!

    Not sure what i did I miss 🔢 sowritingg here maybe u can guide :( n

    opened by MuhammadKhizerJaved 6
  • PTRArchive returned unexpected response code

    PTRArchive returned unexpected response code

    image

    Not sure if PTRArchive is blocking aquatone but if its same even sublister was using this same resources and they started to show fake result for sublister.

    Ref: https://github.com/aboul3la/Sublist3r/issues/86

    opened by ehsandeep 6
  • to install tool

    to install tool

    sudo apt install chromium-l10n
    wget https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip
    unzip aquatone_linux_amd64_1.7.0.zip
    sudo rm -rif aquatone_linux_amd64_1.7.0.zip LICENSE.txt README-cloudshell.txt
    sudo mv aquatone /usr/local/bin
    

    to use tool cat file.txt | aquatone

    opened by zicohip 0
  • proxy flag not working

    proxy flag not working

    What is the syntax for the proxy string for the -proxy flag? I've tried "ip:port", "protocol://ip:port", "ip port" with no success for the aquatone traffic going through the proxy.

    Ex. 127.0.0.1:9050 socks4://127.0.0.1:9050 127.0.0.1 9050

    All seem to fail. Nothing In the documentation or anywhere online gives a good example of this flag working. Thanks

    opened by RedTeamMagic 2
Releases(v1.7.0)
Owner
Michael Henriksen
Security engineer, internet sleuth and builder of tools.
Michael Henriksen
Small program that takes in commands and moves one or more robots around the surface of Mars!

Mars Rover Build and Run the Image Build image from current directory: docker build -t marsrover . Run image interactively: docker run -i marsrover

Karl King 0 Jan 2, 2022
Wise-mars-rover - Write a program that takes in commands and moves one or more robots around the surface of Mars

wise-mars-rover Write a program that takes in commands and moves one or more rob

Daniel Churm 0 Feb 9, 2022
Drive higher confidence in making changes by detecting large blocks of untested functionality

go-coverage Increase code coverage of Go projects Table of Contents About The Project Getting Started Prerequisites Installation Usage Roadmap About T

Gojek 32 May 16, 2022
go-wrk - a HTTP benchmarking tool based in spirit on the excellent wrk tool (https://github.com/wg/wrk)

go-wrk - an HTTP benchmarking tool go-wrk is a modern HTTP benchmarking tool capable of generating significant load when run on a single multi-core CP

Tal Sliwowicz 544 May 17, 2022
manage your mocks / run mockgen more quickly / mocks up-to-date checking

gomockhandler If you find any bugs or have feature requests, please feel free to create an issue. gomockhandler is handler of golang/mock, as the name

Kensei Nakada 63 May 12, 2022
HTTP mock for Golang: record and replay HTTP/HTTPS interactions for offline testing

govcr A Word Of Warning I'm in the process of partly rewriting govcr to offer better support for cassette mutations. This is necessary because when I

Seb C 105 May 18, 2022
📡 mock is a simple, cross-platform, cli app to simulate HTTP-based APIs.

mock ?? mock is a simple, cross-platform, cli app to simulate HTTP-based APIs. About mock Mock allows you to spin up a local http server based of a .m

Bruno Schaatsbergen 8 May 6, 2022
HTTP load testing tool and library. It's over 9000!

Vegeta Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. It can be used both as a

Tomás Senart 19.6k May 17, 2022
Plow is a high-performance HTTP benchmarking tool with real-time web UI and terminal displaying

Plow is a HTTP(S) benchmarking tool, written in Golang. It uses excellent fasthttp instead of Go's default net/http due to its lightning fast performance.

ddc 3k May 14, 2022
Fast cross-platform HTTP benchmarking tool written in Go

bombardier bombardier is a HTTP(S) benchmarking tool. It is written in Go programming language and uses excellent fasthttp instead of Go's default htt

Максим Федосеев 3.5k May 19, 2022
a benchmarking&stressing tool that can send raw HTTP requests

reqstress reqstress is a benchmarking&stressing tool that can send raw HTTP requests. It's written in Go and uses fasthttp library instead of Go's def

Utku Sen 151 Apr 26, 2022
Ditto is a CLI testing tool that helps you verify if multiple HTTP endpoints have the same outputs.

Ditto is a CLI testing tool that helps you verify if multiple HTTP endpoints have the same outputs.

Cristopher 1 Nov 24, 2021
A tool that integrates SQL, HTTP,interface,Redis mock

Mockit 目标:将mock变得简单,让代码维护变得容易 分支介绍 main 主分支,覆盖了单元测试 light 轻分支,去除了单元测试,简化了依赖项,方便其他团队使用 常见Mock难点 不同中间件,mock库设计模式不一致,学习代价高,差异化明显 mock方案强依赖服务端,无法灵活解耦 单元测试

SHIHUO 14 Apr 19, 2022
Client tool for testing HTTP server timeouts

HTTP timeout test client While testing Go HTTP server timeouts I wrote this little tool to help me test. It allows for slowing down header write and b

Adam Pritchard 7 May 11, 2022
Package has tool to generate workload for vegeta based kube-api stress tests.

Package has tool to generate workload for vegeta based kube-api stress tests.

Mikhail Sakhnov 0 Nov 22, 2021
Record and replay your HTTP interactions for fast, deterministic and accurate tests

go-vcr go-vcr simplifies testing by recording your HTTP interactions and replaying them in future runs in order to provide fast, deterministic and acc

Marin Atanasov Nikolov 878 May 5, 2022
Extremely flexible golang deep comparison, extends the go testing package and tests HTTP APIs

go-testdeep Extremely flexible golang deep comparison, extends the go testing package. Latest news Synopsis Description Installation Functions Availab

Maxime Soulé 279 May 11, 2022
End-to-end HTTP and REST API testing for Go.

httpexpect Concise, declarative, and easy to use end-to-end HTTP and REST API testing for Go (golang). Basically, httpexpect is a set of chainable bui

Victor Gaydov 1.9k May 15, 2022
HTTP traffic mocking and testing made easy in Go ༼ʘ̚ل͜ʘ̚༽

gock Versatile HTTP mocking made easy in Go that works with any net/http based stdlib implementation. Heavily inspired by nock. There is also its Pyth

Tom 1.6k May 14, 2022