HawkScan - Reconnaissance and Information Gathering Tested On Linux GNU/Linux


Information HawkScan

Alat/Tools Keamanan untuk Pengintaian
dan Pengumpulan Informasi di situs web.
dengan pemrograman (python 3.x)

Security Tool for Reconnaissance and
Information Gathering on a website. (python 3.x)

Special features HawkScan :

- Test backup/old file on all the files found (index.php.bak, index.php~ ...)
- Check header information
- Check DNS information
- Check email in the website and in same time if emails leaked (report)
- CMS detection + version and vulns
- Backup system (if the script stopped, it take again in same place)
- WAF detection and Response error to WAF + Testing bypass it
- Check Github
- Option --exclude to exclude page, code error, bytes
- Option rate-limit if app is unstable (--timesleep)
- Check in waybackmachine
- Check if DataBase firebaseio existe and accessible
- Search S3 buckets in source code page
- Testing if it's possible scanning with "localhost" host
- Try differents bypass for 403 code error
- JS parsing and analysis (option --js)
- Check Google Dork
- Check Host IP
- Auto resize relative to window
- Check backup domain name (ex: www.domain.com/domain.zip)
- Check socketio connection
- Notify when scan completed (Only work on Linux)
- Multiple output format. Available formats: json, csv, txt
- Multiple website scanning

During - After scan :
- Test backup/old file on all the files found (index.php.bak, index.php~ ...)
- Backup system (if the script stopped, it take again in same place)
- WAF detection and Response error to WAF + Testing bypass it
- Option --exclude to exclude page, code error, bytes
- Option rate-limit if app is unstable (--timesleep)
- Search S3 buckets in source code page
- Try differents bypass for 403/401 code error
- JS parsing and analysis (option --js)
- Auto resize relative to window
- Notify when scan completed (Only work on Linux)
- Multiple output format. Available formats: json, csv, txt
- Multiple website scanning
- Prefix filename (old_, copy of...)
- Detecting potential path disclosure into html webpage

Installation

$ git clone https://github.com/c0dejump/HawkScan.git

$ pip install -r requirements.txt or pip3 install -r requirements.txt

$ python3 -m pip install -r requirements.txt

Example Use :

usage : python3 hawkscan.py [-h] [-u URL] [-f FILE_URL] [-t THREAD] [--exclude EXCLUDE [EXCLUDE ...]] [--auto] [--update] [-w WORDLIST] [-b [BACKUP ...]] [-p PREFIX] [-H HEADER_] [-a USER_AGENT] [--redirect] [--auth AUTH] [--timesleep TS] [--proxie PROXIE] [-r] [-s SUBDOMAINS] [--js] [--nfs] [--ffs] [--notify] [-o OUTPUT] [-of OUTPUT_TYPE]

Tester Example Scan target :

$ python3 hawkscan.py -u https://www.exemple.com/

//With specific dico

$ python3 hawkscan.py -u https://www.exemple.com/ -w dico_extra.txt

//with 30 threads

$ python3 hawkscan.py -u https://www.exemple.com/ -t 30

//With backup files scan

$ python3 hawkscan.py -u https://www.exemple.com/ -b

//With an exclude page

$ python3 hawkscan.py -u https://www.exemple.com/ --exclude profile.php

//With an exclude response code

$ python3 hawkscan.py -u https://www.exemple.com/ --exclude 403

//With an exclude bytes number

$ python3 hawkscan.py -u https://www.exemple.com/ --exclude 1337b

//With two excludes type

$ python3 hawkscan.py -u https://www.exemple.com/ --exclude 1337b,403



Post a Comment

0 Comments