Information HawkScan
Alat/Tools Keamanan untuk Pengintaian
dan Pengumpulan Informasi di situs web.
dengan pemrograman (python 3.x)
Security Tool for Reconnaissance and
Information Gathering on a website. (python 3.x)
Special features HawkScan :
- Test backup/old file on all the files found (index.php.bak, index.php~ ...)
- Check header information
- Check DNS information
- Check email in the website and in same time if emails leaked (report)
- CMS detection + version and vulns
- Backup system (if the script stopped, it take again in same place)
- WAF detection and Response error to WAF + Testing bypass it
- Check Github
- Option --exclude to exclude page, code error, bytes
- Option rate-limit if app is unstable (--timesleep)
- Check in waybackmachine
- Check if DataBase firebaseio existe and accessible
- Search S3 buckets in source code page
- Testing if it's possible scanning with "localhost" host
- Try differents bypass for 403 code error
- JS parsing and analysis (option --js)
- Check Google Dork
- Check Host IP
- Auto resize relative to window
- Check backup domain name (ex: www.domain.com/domain.zip)
- Check socketio connection
- Notify when scan completed (Only work on Linux)
- Multiple output format. Available formats: json, csv, txt
- Multiple website scanning
During - After scan :
- Test backup/old file on all the files found (index.php.bak, index.php~ ...)
- Backup system (if the script stopped, it take again in same place)
- WAF detection and Response error to WAF + Testing bypass it
- Option --exclude to exclude page, code error, bytes
- Option rate-limit if app is unstable (--timesleep)
- Search S3 buckets in source code page
- Try differents bypass for 403/401 code error
- JS parsing and analysis (option --js)
- Auto resize relative to window
- Notify when scan completed (Only work on Linux)
- Multiple output format. Available formats: json, csv, txt
- Multiple website scanning
- Prefix filename (old_, copy of...)
- Detecting potential path disclosure into html webpage
Installation
$ git clone https://github.com/c0dejump/HawkScan.git
$ pip install -r requirements.txt or pip3 install -r requirements.txt
$ python3 -m pip install -r requirements.txt
Example Use :
usage : python3 hawkscan.py [-h] [-u URL] [-f FILE_URL] [-t THREAD] [--exclude EXCLUDE [EXCLUDE ...]] [--auto] [--update] [-w WORDLIST] [-b [BACKUP ...]] [-p PREFIX] [-H HEADER_] [-a USER_AGENT] [--redirect] [--auth AUTH] [--timesleep TS] [--proxie PROXIE] [-r] [-s SUBDOMAINS] [--js] [--nfs] [--ffs] [--notify] [-o OUTPUT] [-of OUTPUT_TYPE]
Tester Example Scan target :
$ python3 hawkscan.py -u https://www.exemple.com/
//With specific dico
$ python3 hawkscan.py -u https://www.exemple.com/ -w dico_extra.txt
//with 30 threads
$ python3 hawkscan.py -u https://www.exemple.com/ -t 30
//With backup files scan
$ python3 hawkscan.py -u https://www.exemple.com/ -b
//With an exclude page
$ python3 hawkscan.py -u https://www.exemple.com/ --exclude profile.php
//With an exclude response code
$ python3 hawkscan.py -u https://www.exemple.com/ --exclude 403
//With an exclude bytes number
$ python3 hawkscan.py -u https://www.exemple.com/ --exclude 1337b
//With two excludes type
$ python3 hawkscan.py -u https://www.exemple.com/ --exclude 1337b,403
sumber : [https://github.com/c0dejump/HawkScan]
0 Comments