DEV.co
Open-Source Security · adysec

ARL

ARL is an asset reconnaissance platform designed to discover and catalog internet-facing assets associated with a target organization, including domains, IPs, open ports, and web services. It provides automated scanning, fingerprinting, monitoring, and risk detection for security teams and penetration testers. This is a community-maintained fork of the original project, updated with improved tooling, higher concurrency, and expanded fingerprint databases.

Source: GitHub — github.com/adysec/ARL
879
GitHub stars
269
Forks
Python
Primary language
CC0-1.0
License (Requires review (not clearly OSI))

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryadysec/ARL
Owneradysec
Primary languagePython
LicenseCC0-1.0 — Requires review (not clearly OSI)
Stars879
Forks269
Open issues1
Latest releaseUnknown
Last updated2026-07-07
Sourcehttps://github.com/adysec/ARL

What ARL is

ARL is a Python/Flask-based reconnaissance framework that integrates nmap, nuclei, and custom fingerprint libraries to automate asset discovery across multiple data sources (FOFA, Shodan, DNS enumeration, certificate transparency, etc.). It uses MongoDB, RabbitMQ, and systemd services for task orchestration and includes web UI for asset management, monitoring, and scheduled scanning. This fork adds CentOS 8 Docker support, removed domain/IP limits, increased database timeout, and bundled additional fingerprint databases (eHole, FingerprintHub, dismap) with deduplication.

Quickstart

Get the ARL source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/adysec/ARL.gitcd ARL# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Proactive Asset Discovery for Security Teams

Organizations needing continuous discovery and cataloging of all internet-facing assets (domains, subdomains, IPs, ports, services) to reduce attack surface and identify shadow IT.

Penetration Testing and Red Team Reconnaissance

Pentesters and red teams leveraging automated asset enumeration, port scanning, service identification, and fingerprinting to accelerate the reconnaissance phase of engagements.

Automated Asset Monitoring and Change Detection

Security operations centers implementing periodic scanning and alerting on new assets, service changes, web page modifications, file leakage risks, and other indicators of compromise.

Implementation considerations

  • Docker deployment recommended; CentOS 8 base image and single-container mode simplify setup but require network access to pull from custom Docker registries (docker.adysec.com or self-hosted mirror) due to rate limiting.
  • Requires 4+ CPU cores and 8GB RAM minimum; cloud deployment recommended due to high egress traffic from concurrent scanning (DNS, port, web reconnaissance); on-premise networks may experience bandwidth saturation.
  • MongoDB and RabbitMQ services must be configured and reachable; default credentials hardcoded in Docker image require manual reset post-deployment; systemd service dependencies (arl-web, arl-worker, arl-worker-github, arl-scheduler) must be managed.
  • Query plugins (FOFA, Shodan, Hunter, etc.) require API keys; failure to configure reduces asset discovery effectiveness; DNS resolution via smartdns recommended for performance; WAF/IDS rules may block nuclei PoC and file leakage scans.
  • Fingerprint databases can be manually updated via JSON import; tool versions (nmap, nuclei) auto-updated via GitHub Actions in this fork; no explicit version pinning or rollback mechanism documented.

When to avoid it — and what to weigh

  • Production Use Without Legal Review — Automated scanning and reconnaissance tools can trigger intrusion detection systems, generate network noise, and may violate terms of service or local laws if used against third-party infrastructure without authorization.
  • Strict Air-Gapped or Isolated Network Requirements — ARL requires internet connectivity for query plugins (FOFA, Shodan, crt.sh, etc.) and regular tool updates (nuclei, nmap). Offline-only deployments would require significant customization and manual data updates.
  • Need for Commercial SLA or Enterprise Support — This is a community fork with no official support, SLA, or commercial backing. No guarantee of security patches, feature development, or incident response.
  • Compliance-Sensitive Environments Without Risk Assessment — Network scanning and automated reconnaissance may conflict with compliance policies (PCI-DSS, HIPAA, etc.) without proper documentation, risk acceptance, and isolated test networks.

License & commercial use

Licensed under CC0-1.0 (Creative Commons Zero v1.0 Universal), which dedicates the work to the public domain. This is NOT an OSI-approved open-source license and does NOT provide explicit software patent indemnification, warranty disclaimers, or liability limitations typical of GPL, MIT, or Apache licenses.

CC0-1.0 places the work in the public domain and permits commercial use, modification, and distribution without attribution or license obligations. However, CC0 is not designed for software and lacks standard liability/warranty waivers found in software licenses. Requires legal review before commercial deployment: no patent guarantees, no warranty disclaimers, and ambiguous liability. Using in a commercial product without independent legal assessment carries elevated risk.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityNeeds review
Deployment complexityModerate
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

ARL performs network reconnaissance at scale (DNS, port scanning, web crawling, file enumeration), generating significant traffic and potential IDS/WAF triggers. Automated scanning can be detected and blocked by defenders. Consider: (1) Legitimate scope and authorization before deployment; (2) Network segmentation to avoid scanning internal/production assets accidentally; (3) Monitor outbound traffic and potential data exfiltration via query plugins (FOFA, Shodan); (4) Secure MongoDB and RabbitMQ access (default passwords in Docker require immediate change); (5) No end-to-end encryption for stored asset data; (6) Query plugin API keys stored in plaintext or weakly protected in config.

Alternatives to consider

Shodan / FOFA / Hunter (Direct)

These are paid commercial services with broader internet scanning coverage and legal guarantees. Use directly for asset discovery without deploying infrastructure; less customization and automation than ARL.

Nessus / Qualys / Rapid7 Nexpose

Enterprise vulnerability management platforms with native asset inventory, port scanning, fingerprinting, and monitoring. Higher cost but include support, SLA, compliance reporting, and liability protection.

OWASP Amass / Subfinder / Assetfinder

Lightweight, CLI-based asset enumeration tools (OSI-licensed, actively maintained) suitable for penetration testers. No UI or persistent storage; lower overhead; integration with custom scripts via pipes.

Software development agency

Build on ARL with DEV.co software developers

ARL offers a powerful, open-source platform for automated asset discovery and monitoring. Review deployment complexity, integration requirements, and legal considerations before production use. Consult your security and legal teams regarding scope, authorization, and compliance.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

ARL FAQ

What is the difference between this fork and the original ARL?
This fork (adysec/ARL) is a community-maintained backup published after the original project deleted its repository. Key changes: CentOS 8 support (vs. CentOS 7), single Docker image (no docker-compose), expanded fingerprint databases (21k+ deduplicated), removed domain/IP limits, improved concurrency, and bundled tools (nuclei, nmap, ARL-NPoC) with GitHub Actions auto-updates.
Do I need API keys for FOFA, Shodan, Hunter, etc.?
Yes. Query plugins require API credentials to query these data sources. Without them, only basic DNS enumeration, certificate transparency (crt.sh), and internal scanning (ports, fingerprints) will function. Obtain free or paid API keys from each provider and configure in ARL settings.
Is this safe to use in production networks?
Only in isolated test networks with explicit authorization. Automated scanning (DNS, port, web crawling, file enumeration) generates network traffic that can trigger alarms, consume bandwidth, and be detected. Scope reconnaissance carefully to avoid scanning internal production assets. Review organizational policy and legal requirements before deployment.
What is the licensing risk for commercial use?
CC0-1.0 places ARL in the public domain but lacks standard software liability waivers and patent guarantees. Commercial use is technically permitted, but legal review is strongly recommended to understand indemnification, warranty, and liability implications in your jurisdiction and use case.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like ARL into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.

Evaluate ARL for Your Reconnaissance Needs

ARL offers a powerful, open-source platform for automated asset discovery and monitoring. Review deployment complexity, integration requirements, and legal considerations before production use. Consult your security and legal teams regarding scope, authorization, and compliance.