DEV.co
Open-Source Security · Aabyss-Team

ARL

ARL (Asset Reconnaissance Lighthouse) is a Python-based open-source system for discovering and cataloging internet-facing assets associated with a target organization. It automates reconnaissance across domains, IPs, ports, and web services to help security teams identify attack surfaces and potential weaknesses.

Source: GitHub — github.com/Aabyss-Team/ARL
2k
GitHub stars
737
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryAabyss-Team/ARL
OwnerAabyss-Team
Primary languagePython
LicenseMIT — OSI-approved
Stars2k
Forks737
Open issues47
Latest release2.6.3 (2025-03-04)
Last updated2025-07-16
Sourcehttps://github.com/Aabyss-Team/ARL

What ARL is

ARL is a distributed task-based reconnaissance platform written in Python 3.6+, built on MongoDB, RabbitMQ, and Celery. It integrates domain enumeration, port scanning, service fingerprinting, web crawling, DNS monitoring, GitHub keyword monitoring, and nuclei PoC integration to build and maintain asset inventories.

Quickstart

Get the ARL source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Aabyss-Team/ARL.gitcd ARL# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Enterprise asset discovery and inventory

Organizations needing to continuously discover and track internet-facing assets (domains, IPs, services) across their infrastructure. Supports scheduled scans and historical tracking for compliance and asset management.

Penetration testing and security assessment workflows

Red teams and pentesters can automate initial reconnaissance phases, including subdomain enumeration, port discovery, and service identification across multiple targets with configurable scan policies.

Security monitoring and change detection

Monitors domains, IPs, and web properties for changes; detects new services, SSL certificate updates, and file leaks; supports alerting via email, DingTalk, Feishu, and Wecom integrations.

Implementation considerations

  • Deployment requires Linux host; use provided setup-arl.sh script (supports both source and Docker installation). Source installation recommended for stability over Docker in mainland China.
  • Default credentials (admin/arlpass) and random password generation on fresh installs; must change credentials immediately. Optional authentication can be disabled but introduces SSRF and security risks.
  • System requires five+ systemd services (mongod, rabbitmq-server, arl-web, arl-worker, arl-worker-github, arl-scheduler, nginx) all running correctly. Monitor service health post-deployment.
  • Configuration via YAML (docker/config-docker.yaml for Docker; unknown path for source). Requires API tokens for third-party services (FOFA, CertSpotter, Hunter, GitHub), proxy settings, GeoIP database setup, and notification integrations.
  • Large-scale reconnaissance generates high packet volume; recommends cloud deployment with adequate bandwidth. Local installs on restricted networks may trigger WAF/IDS filtering.

When to avoid it — and what to weigh

  • Windows-only deployment requirement — Project explicitly does not support Windows. Requires Linux (CentOS 7/8, Rocky 8.10, Ubuntu 20.04) or Docker. Not suitable for Windows-centric environments.
  • Need for vendor commercial support — This is a community-maintained backup of the original ARL project after the official repository was deleted. Commercial support is unknown; relies on community GitHub issues and WeChat group channels.
  • Low-resource or lightweight deployments — System requires minimum 4-core CPU, 8GB RAM, and 10Mbps bandwidth for reasonable performance. Requires MongoDB, RabbitMQ, Nginx, and multiple services running simultaneously.
  • Out-of-the-box compliance/audit readiness — No indication of built-in SIEM integration, audit logging, RBAC, or compliance frameworks (SOC2, ISO 27001, etc.). Authentication can be disabled, creating security risks; API key management requires manual attention.

License & commercial use

MIT License. Permissive, open-source license allowing commercial use, modification, and redistribution with attribution. No patent or trademark protections stated.

MIT license permits commercial deployment. However, this is a community-maintained backup of a deleted official project (Tophant Technology/ARL). No warranty, liability indemnification, or commercial support terms stated. Review liability implications before using in production; ensure compliance with your jurisdiction's laws governing reconnaissance tools. Consider the project's maintenance continuity given its backup status.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityHigh
DEV.co fitGood
Assessment confidenceHigh
Security considerations

System design includes several security considerations: (1) optional authentication can be disabled—do not disable in production; (2) requires SSRF blacklist (BLACK_IPS) to prevent internal network scanning; (3) sends reconnaissance packets at volume and may be rate-limited or blocked by WAF/IDS; (4) API_KEY management requires manual attention and secure storage; (5) integrates with external APIs (FOFA, Hunter, GitHub) requiring token storage and rotation; (6) no mention of TLS enforcement, input validation, SQL/NoSQL injection hardening, or security audit. Ensure network isolation, credential rotation, and monitoring of data exfiltration vectors.

Alternatives to consider

Shodan / Censys

Commercial, cloud-based asset search engines. Instant, passive reconnaissance without active scanning. Higher cost and less customizable than ARL but offer broader internet-wide visibility and legal clarity.

Nmap / Masscan + custom orchestration

Lower-level, lightweight scanning tools. Require manual orchestration, scripting, and integration. More control and no external dependencies but significantly higher operational overhead.

Amass (OWASP) / Subfinder

Focused, specialized domain enumeration tools. Lightweight, actively maintained, strong documentation. Lack the integrated monitoring, task scheduling, and web UI of ARL but are easier to deploy in restricted environments.

Software development agency

Build on ARL with DEV.co software developers

Deploy ARL to build a continuous inventory of your organization's internet-facing assets. Requires Linux infrastructure and third-party API tokens. Contact our team to evaluate fit for your environment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

ARL FAQ

Can I use ARL on Windows?
No. ARL explicitly does not support Windows. Deploy on Linux (CentOS 7/8, Rocky 8.10, Ubuntu 20.04) or use Docker.
What are the hardware requirements?
Minimum: 4-core CPU, 8GB RAM, 10Mbps bandwidth. Cloud deployment recommended due to high packet volume during reconnaissance.
Is commercial support available?
Unknown. This is a community-maintained backup after the official Tophant Technology/ARL repository was deleted. Support is community-driven via GitHub issues and WeChat groups, not commercial SLA.
How do I reset the admin password?
Use MongoDB commands to reset: `use arl; db.user.drop(); db.user.insert({ username: 'admin', password: hex_md5('arlsalt!@#'+'admin123') })`. Default becomes admin/admin123.

Custom software development services

From first prototype to production, DEV.co delivers software development services around tools like ARL. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.

Ready to automate asset reconnaissance?

Deploy ARL to build a continuous inventory of your organization's internet-facing assets. Requires Linux infrastructure and third-party API tokens. Contact our team to evaluate fit for your environment.