1. Cybersecurity >
  2. Cybersecurity Nachrichten >
  3. HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)


IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung


Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
This script use "WafW00f" to detect the WAF in the first step (https://github.com/EnableSecurity/wafw00f)
This script use "Sublist3r" to scan subdomains (https://github.com/aboul3la/Sublist3r)
This script use "waybacktool" to check in waybackmachine (https://github.com/Rhynorater/waybacktool)

Features
  • URL fuzzing and dir/file detection
  • Test backup/old file on all the files found (index.php.bak, index.php~ ...)
  • Check header information
  • Check DNS information
  • Check whois information
  • User-agent random or personal
  • Extract files
  • Keep a trace of the scan
  • Check @mail in the website and check if @mails leaked
  • CMS detection + version and vulns
  • Subdomain Checker
  • Backup system (if the script stopped, it take again in same place)
  • WAF detection
  • Add personal prefix
  • Auto update script
  • Auto or personal output of scan (scan.txt)
  • Check Github
  • Recursif dir/file
  • Scan with an authenfication cookie
  • Option --profil to pass profil page during the scan
  • HTML report
  • Work it with py2 and py3
  • Add option rate-limit if app is unstable (--timesleep)
  • Check in waybackmachine
  • Response error to WAF
  • Check if DataBase firebaseio existe and accessible
  • Automatic threads depending response to website (and reconfig if WAF detected too many times). Max: 30
  • Search S3 buckets in source code page
  • Testing bypass of waf if detected

TODO
P1 is the most important
  • Dockerfile [P1]
  • JS parsing and analysis [P1]
  • Analyse html code webpage [P1]
  • On-the-fly writing report [P1]
  • Check HTTP headers/ssl security [P2]
  • Fuzzing amazonaws S3 Buckets [P2]
  • Anonymous routing through some proxy (http/s proxy list) [P2]
  • Check pastebin [P2]
  • Access token [P2]
  • Check source code and verify leak or sentsitive data in the Github [P2]
  • Check phpmyadmin version [P3]
  • Scan API endpoints/informations leaks [ASAP]

Usage
   pip(3) install -r requirements.txt 
If problem with pip3:
sudo python3 -m pip install -r requirements.txt
usage: hawkscan.py [-h] [-u URL] [-w WORDLIST] [-s SUBDOMAINS] [-t THREAD] [-a USER_AGENT] [--redirect] [-r] [-p PREFIX] [-o OUTPUT] [--cookie COOKIE_] [--exclude EXCLUDE] [--timesleep TS] [--auto]
optional arguments: 
-h, --help show this help message and exit
-u URL URL to scan [required]
-w WORDLIST Wordlist used for URL Fuzzing. Default: dico.txt
-s SUBDOMAINS subdomain tester
-t THREAD Number of threads to use for URL Fuzzing. Default: 20
-a USER_AGENT choice user-agent
--redirect For scan with redirect response like 301,302
-p PREFIX add prefix in wordlist to scan
-o OUTPUT output to site_scan.txt (default in website directory)
-b Add a backup file scan like 'exemple.com/ex.php.bak...' but longer
-r recursive dir/files
--cookie COOKIE Scan with an authentification cookie
--exclude EXCLUDE To define a page type to exclude during scan
--timesleep TS To define a timesleep/rate-limit if app is unstable during scan
--auto Automatic threads depending response to website. Max: 20
--update For automatic update

Exemples
//Basic
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt

//With redirect
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 --redirect

//With backup files scan
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 -b

//With an exclude page
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 --exclude https://www.exemple.com/profile.php?id=1

//With an exclude response code
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 --exclude 403

Thanks
Layno (https://github.com/Clayno/)
Sanguinarius (https://twitter.com/sanguinarius_Bt)
Cyber_Ph4ntoM (https://twitter.com/__PH4NTOM__)


...
http://feedproxy.google.com/~r/PentestTools/~3/6OnYL4uwfKo/hawkscan-security-tool-for.html

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

[ARM Stable Update] 2020-08-13 - Bitwarden, Plasma, SystemD and Kernels

vom 623.67 Punkte ic_school_black_18dp
Hello ARM community. Another Stable update is upon us! This is a huge one! Some highlights: Most of our kernels got updated The Raspberry Pi default kernel now updated to 5.4. Users that have installed the “next” kernel needs to switch to linux-rpi4 as linux-rpi4

HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)

vom 500.93 Punkte ic_school_black_18dp
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)This script use "WafW00f" to detect the WAF in the first step (https://github.com/EnableSecurity/wafw00f)This script use "Sublist3r" to scan subdomains (htt

Uncompyle6 - A Cross-Version Python Bytecode Decompiler

vom 484.63 Punkte ic_school_black_18dp
A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introductionuncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python versio

[Unstable Update] 2020-05-15 - Kernels, Cinnamon 4.6, Toolchain, PHP, AMDVLK, Pamac, Browsers

vom 399.9 Punkte ic_school_black_18dp
Hello community, Another unstable branch update with some interesting updates for you! 1912×967Get the latest KDE Plasma5 with our Developer Edition! #stayhome, #staysave, #stayhealthy KDE-git packages got updated Cinnamon is now at 4.6.0. Please

[StableUpdate] 2020-01-20 - Kernels, Plasma 5.19a, Pamac 9.3rc, Gambas, Virtualbox

vom 359.74 Punkte ic_school_black_18dp
@philm wrote: Hello community, here is another Stable Update ... 1920×1080Test the latest efforts of KDE on our Development ISOs Some feature-updates: Some Kernels got updated Plasma got updated to 5.19 alpha on our KDE-git packages Pamac 9.3 got it's first RC. Please update your translation

[Stable Update] 2020-01-20 - Kernels, Plasma 5.19a, Pamac 9.3rc, Gambas, Virtualbox

vom 359.74 Punkte ic_school_black_18dp
@philm wrote: Hello community, here is another Stable Update ... 1920×1080Test the latest efforts of KDE on our Development ISOs Some feature-updates: Some Kernels got updated Plasma got updated to 5.19 alpha on our KDE-git packages Pamac 9.3 got it's first RC. Please update your translation

[Testing Update] 2020-02-14 - KDE-git, Flatpak, Python, Haskell

vom 355.7 Punkte ic_school_black_18dp
@philm wrote: Hello community, here is another Testing Update. Plasma 5.18 is out now. See if the Developers of KDE already fixed some reported issues ... Some feature-updates: More Updates to KDE-Git packages Flatpak got updated to 1.6.2 pol

[Testing Update] 2020-07-31 - Kernels, Plasma 5.19.4, Firefox 79, Deepin, UKUI, Systemd, Python

vom 349.38 Punkte ic_school_black_18dp
Hello community, Another testing branch update with some interesting updates for you! 1280×720 Get the latest #PinePhone images! Phosh, Plasma-Mobile #stayhome, #staysafe, #stayhealthy Most of our Kernels got updated Plasma is now at 5.19.4 Fire

Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools

vom 331.67 Punkte ic_school_black_18dp
Dr. ROBOT is a tool for Domain Reconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable.

Python in Visual Studio Code – September 2019 Release

vom 321.62 Punkte ic_school_black_18dp
We are pleased to announce that the September 2019 release of the Python Extension for Visual Studio Code is now available. You can download the Python extension from the Marketplace, or install it directly from the extension gallery in Visual Stud

[Testing Update] 2020-07-22 - Kernels, VirtualBox, NextCloud, Deepin, OpenJDK

vom 318.01 Punkte ic_school_black_18dp
Hello community, Another testing branch update with some interesting updates for you! 1920×1080The #PineBookPro is again available for pre-order! #stayhome, #staysafe, #stayhealthy We updated the real-time Kernel Virtualbox is 6.1.12 Nextcloud

[Testing Update] 2020-01-03 - Kernels, Cinnamon, Python, Haskell, ZSTD PKG compression

vom 298.25 Punkte ic_school_black_18dp
@philm wrote: Hello community, We welcome 2020 with our first Testing Update! Tell us how 2019 was for you ... 1920×1080 798 KB Some feature-updates: We updated some kernels The usual Cinnamon and Haskell updates More work was done to slowly dro

Team Security Diskussion über HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)