VERSION 0.3.1 ALPHA

AegisCLI Modular Recon Framework

A lightweight recon framework designed to eliminate tool-juggling hell. Native implementations with consistent CLI patterns across profiling, scanning, enumeration, and analysis — built for chaining, automation, and maintainability.

0
Active Modules
0
Commands
0
% Open Source
View on GitHub Guide & Documentation
AegisCLI framework

Framework Architecture

AegisCLI follows a strict separation-of-concerns model with isolated modules, uniform interfaces, and zero global state. Every component is designed for predictability, extensibility, and real-world workflow integration.

aegiscli/cli

Central entry point responsible for command routing, argument parsing, and global flag resolution. Delegates to the appropriate tool module based on the aegiscli <module> <submodule> [flags] <target> pattern without carrying any state of its own.

core/utils

Runtime services shared across every module. logger.py handles timestamped file logging to ~/.aegiscli/logs, while flagger.py manages the verbose mode state so any module can query it without coupling to the CLI layer.

core/helpers

Presentation layer for terminal output. formatter.py provides color-coded styling, smart truncation for long data lists, and consistent section formatting — ensuring every module produces visually uniform output regardless of its data source.

aegiscli/tools

All recon capability lives here, fully isolated under tools/<module>/<submodule>. Currently active: profiler/ with WHOIS, DNS, and Web submodules. Planned: scanner/, enumerator/, analyser/, and injector/ — each independently developed with no cross-module dependencies.

Entry Point
CLI
Command Router
Core Utilities
Logger
Flagger
Formatter
Tool Modules
Profiler
Active
WHOIS DNS Web
Scanner
Planned
Ports Services Banners
Enumerator
Planned
Dirs Files Subdomains
Analyser
Planned
APIs OSINT Reports
Zero Global State
Isolated Modules
Uniform Interfaces

Current Features

Profiler Module

  • WHOIS / RDAP Lookup with intelligent fallback
  • DNS Resolver (A/AAAA, MX, TXT, NS, CNAME, SOA)
  • Reverse DNS (PTR) Lookups
  • Web Fingerprinter with SSL/TLS inspection
  • HTTP header profiling and cookie parsing

Framework Capabilities

  • Verbose Mode (-v) for step-by-step execution
  • Timestamped logging (--log) to ~/.aegiscli/logs
  • Centralized color-coded terminal output
  • Strict modular architecture for maintainability
  • Packaged as pip-installable Python project

Design Principles

  • No global mutable state
  • Isolated tool modules with uniform interfaces
  • High readability and maintainability
  • Predictable output for automation
  • Consistent CLI patterns across all modules

Usage Examples

// Interactive Demo

$ aegiscli profiler whois -v example.com
Querying WHOIS for example.com...
Domain: example.com
Registrar: IANA
Status: clientTransferProhibited
$ aegiscli profiler dns --log example.com
Resolving DNS records...
A: 93.184.216.34
AAAA: 2606:2800:220:1:248:1893:25c8:1946
Logged to ~/.aegiscli/logs/dns_20250217.log
$ aegiscli profiler web httpbin.org
Fingerprinting httpbin.org...
Status: 200 OK
Server: gunicorn/19.9.0
! Warning: HSTS header missing

// Output Examples

WHOIS Output
WHOIS Output
DNS Resolution
DNS Resolution
Web Fingerprint
Web Fingerprint
Verbose Mode
Verbose Mode

Future Plans

Short-Term

Immediate Priorities

  • Add security analysis flags for Web Fingerprinter
  • Detect missing HSTS, insecure cookies, and misconfigurations
  • Additional OSINT sources for Profiler module
  • Enhanced error handling and edge case coverage
65% Complete
Medium-Term

Core Expansion

  • Start Scanner module (ports, services, banners)
  • Enumerator module with optional ffuf adapters
  • Analyser module using external APIs for reconnaissance
  • JSON configuration engine for persistent settings
  • Tool chaining capabilities for workflow automation
25% Complete
Long-Term

Advanced Features

  • Plugin ecosystem for community extensions
  • Output profiles (Minimal / JSON / Extended)
  • Unified workflow chaining and refinement
  • Injector module (SQLi testing, payload logic)
  • Log analyser for comprehensive reporting
Planning Phase

Project Philosophy

AegisCLI is built intentionally as a framework. The priority is long-term stability, modular expansion, and real-world workflow integration.

Practitioner Workflow First

One tool replaces many. WHOIS, DNS, fingerprinting, scanning, and enumeration under a single consistent interface.

Architecture-First Development

Every decision prioritizes structural integrity and long-term maintainability over quick feature additions.

Minimize Complexity

Simple, isolated modules with clear boundaries. No hidden dependencies or unexpected side effects.

Strict Readability Standards

Code is written for humans first. Every function, module, and output is designed for clarity.

Incremental Refinement

Slow, deliberate progress over rushed releases. Each version builds on a solid foundation.

Predictable, Consistent Behavior

Uniform interfaces and output formats enable seamless automation and scripting integration.

Licensed under AGPLv3

Ensures full code transparency and enforces openness at every level — including network use. Any derivative work, modification, or hosted deployment must retain the same license and publish its source.

Free to use Free to modify Source must stay open Network use = distribution Attribution required Copyleft

Ready to streamline your recon workflow?

AegisCLI is actively developed and improving with each release. Join the project, contribute, or start using it in your security workflows today.

Get Started on GitHub View Documentation
Complete documentation coming soon All the info you need right now is already on this page.