ARL (Asset Reconnaissance Lighthouse) is an open-source system designed for rapid internet asset reconnaissance, helping security teams and penetration testers discover vulnerabilities and attack surfaces. It builds a foundational asset information database by discovering and organizing domain, IP, and port scan data, with features for web fingerprinting, task management, and monitoring.

How It Works

ARL operates as a distributed system with web, worker, and scheduler components. It leverages various reconnaissance tools and data sources, including domain enumeration, port scanning, service identification, and web fingerprinting. The system is designed for high concurrency and includes features like GitHub keyword monitoring and site change detection, aiming to provide a comprehensive view of an organization's digital footprint.

Quick Start & Requirements

• Docker Install (Quick):

  docker run --privileged -it -d -p 5003:5003 --name=arl --restart=always docker.adysec.com/adysec/arl /usr/sbin/init
  

  Post-installation steps involve setting up RabbitMQ credentials within the container.
• Docker Install (Source): Requires a stable, preferably offshore, network environment.

  docker run --privileged -it -d -p 5003:5003 --name=arl --restart=always docker.adysec.com/library/centos /usr/sbin/init
  docker exec -it arl bash
  curl https://raw.githubusercontent.com/adysec/ARL/master/misc/setup-arl.sh >install.sh
  bash install.sh
  exit
  

• System Requirements: Recommended 4 CPU threads, 8GB RAM, 10Mbps bandwidth. Cloud servers are suggested for better performance due to extensive network traffic.
• Links: FAQ

Highlighted Details

• Includes a substantial, deduplicated fingerprint database (21,545 entries) from multiple sources like eHole and FingerprintHub, with manual update capabilities.
• Features enhanced concurrency for tasks and includes optimizations like Cloudflare-proxied package sources for improved download speeds in certain regions.
• Integrates with tools like nuclei (daily updated via GitHub Actions) and WebInfoHunter for vulnerability detection and information gathering.
• Removes domain and IP range restrictions, addressing a 12000ms timeout issue.

Maintenance & Community

The project is actively maintained, with daily updates for tools like nuclei via GitHub Actions. The README mentions specific modifications made to the original ARL project, indicating a fork or a heavily modified version. Community interaction points are not explicitly listed in the README.

Licensing & Compatibility

The README does not explicitly state a license. The project is presented as a "backup project" and a "unlimited modification version" after the original ARL project's database was deleted, suggesting it may not adhere to the original licensing terms or may be intended for personal/internal use. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

The "Docker Install (Source)" method requires an offshore network environment for stable installation. Some features like file leak detection and nuclei PoC calls may be blocked by WAFs. The project's origin as a modified backup of a deleted project raises questions about long-term support and adherence to original project goals.