-
Notifications
You must be signed in to change notification settings - Fork 0
General Usage
For a quick overview of the command line options, you can read the help menu:
uv run asteroid.py -hThe first positional argument is the target. This can be a URL, e.g. https://example.com, or a file containing a list of URLs, e.g. targets.txt where targets.txt contains a list of URLs separated by newlines.
By default, Asteroid will create a directory call asteroid_output to store output. You can change this with --output <path>, e.g. --output /home/john/output.
Within this directory, Asteroid will create directories for each target domain name, e.g. asteroid_output/example.com.
Output is currently in plain text files. Every module has at least one or more output files, so the output can get quite cluttered. Below, you can see an example of an output folder.
asteroid_output/testphp.vulnweb.com/arjun.txt
asteroid_output/testphp.vulnweb.com/directories.txt
asteroid_output/testphp.vulnweb.com/directory-listings.txt
asteroid_output/testphp.vulnweb.com/extension-inspector.txt
asteroid_output/testphp.vulnweb.com/feroxbuster.txt
asteroid_output/testphp.vulnweb.com/forms.xml
asteroid_output/testphp.vulnweb.com/gau-filtered.txt
asteroid_output/testphp.vulnweb.com/gau.txt
asteroid_output/testphp.vulnweb.com/katana-filtered.txt
asteroid_output/testphp.vulnweb.com/katana-urls.txt
asteroid_output/testphp.vulnweb.com/katana.jsonl
asteroid_output/testphp.vulnweb.com/nuclei-cookies.txt
asteroid_output/testphp.vulnweb.com/nuclei-file-uploads.txt
asteroid_output/testphp.vulnweb.com/nuclei-forms.txt
asteroid_output/testphp.vulnweb.com/nuclei-headers.txt
asteroid_output/testphp.vulnweb.com/nuclei-ssl.txt
asteroid_output/testphp.vulnweb.com/nuclei-urls.txt
asteroid_output/testphp.vulnweb.com/nuclei.txt
asteroid_output/testphp.vulnweb.com/results.txt
asteroid_output/testphp.vulnweb.com/sensitive-files.txt
asteroid_output/testphp.vulnweb.com/trufflehog.txt
asteroid_output/testphp.vulnweb.com/trufflehog_output/*
asteroid_output/testphp.vulnweb.com/urls-non-static.txt
asteroid_output/testphp.vulnweb.com/urls-with-params.txt
asteroid_output/testphp.vulnweb.com/urls.txt
asteroid_output/testphp.vulnweb.com/vulnscan.txt
asteroid_output/testphp.vulnweb.com/wappalyzer.json
Some notable files:
-
results.txtcontains all logger output, i.e. a summary of all results. -
urls.txtcontains all gathered URLs.
To list all available modules, use --list-modules.
When you do not specify which modules to run, the default modules will be used. These are currently all of them, except the Arjun and Trufflehog modules.
You can select modules using the --modules or --skip-modules flags.
- To run all the modules, use
--modules all - To run a single module, use
--modules <name>e.g.--modules katana - To run a selection of modules, separate their names using commas, e.g.
--modules katana,feroxbuster - To run all default modules except a selection, use
--skip-modules katana,feroxbuster
Currently, it is not possible to change the order in which the modules are run. This order is determined by their index (from low to high), which you can see with the --list-modules argument or in the output.
Note that you can also run each module on its own by calling it directly.
uv run modules/10-katana/katana.py -hYou can see output of all individual tools using -v or --verbose. This is great for debugging.
By default, Asteroid will prompt you if you want to continue with a previous scan if it finds output files.
- To continue by default, use
--continue - To rerun the scan by default, use
--rerun
You can specify a rate limit with -rl or --rate-limit, e.g. -rl 10.
This rate limit specifies the maximum amount of requests that are sent per second. So -rl 10 will send max 10 requests per second.