RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling

  •        33

RED HAWK's CMS Detector currently is able to detect the following CMSs (Content Management Systems) in case the website is using some other CMS, Detector will return could not detect. Want to contribute to RED HAWK or point out something wrong? Just create a new issue here: https://github.com/Tuhinshubhra/RED_HAWK/issues/new I'd love to hear from you.

https://github.com/Tuhinshubhra/RED_HAWK

Tags
Implementation
License
Platform

   




Related Projects

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

ATSCAN - Advanced Search & Mass Exploit Scanner- ูุงุญุต ู…ุชู‚ุฏู… ู„ุจุญุซ ูˆ ุงุณุชุบู„ุงู„ ุงู„ุซุบุฑุงุช ุจุงู„ุฌู…ู„ุฉ

  •    Perl

โ— Search engine Google / Bing / Ask / Yandex / Sogou โ— Mass Dork Search โ— Multiple instant scans. โ— Mass Exploitation โ— Use proxy. โ— Random user agent. โ— Random engine. โ— Extern commands execution. โ— XSS / SQLI / LFI / AFD scanner. โ— Filter wordpress and Joomla sites. โ— Find Admin page. โ— Decode / Encode Base64 / MD5 โ— Ports scan. โ— Collect IPs โ— Collect E-mails. โ— Auto detect errors. โ— Auto detect Cms. โ— Post data. โ— Auto sequence repeater. โ— Validation. โ— Post and Get method โ— Interactive and Normal interface. โ— And more...

Scanners-Box - The toolbox of open source scanners - ๅฎ‰ๅ…จ่กŒไธšไปŽไธš่€…่‡ช็ ”ๅผ€ๆบๆ‰ซๆๅ™จๅˆ่พ‘

  •    

Scanners Box is a collection of open source scanners which are from the github platform, including subdomain enumeration, database vulnerability scanners, weak passwords or information leak scanners, port scanners, fingerprint scanners, and other large scale scanners, modular scanner etc. For other Well-known scanning tools, such as: awvs,nmap,w3af will not be included in the scope of collection. The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.


Angry IP Scanner - Fast and Friendly Network Scanner

  •    Java

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports and it is widely used by network administrators.

OWASP Joomla Vulnerability Scanner Project

  •    Perl

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs

  •    Python

A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. CMSeeK is built using python3, you will need python3 to run this tool and is compitable with unix based systems as of now. Windows support will be added later. CMSeeK relies on git for auto-update so make sure git is installed.

SecuBat Vulnerability Scanner

  •    

SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.

OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

  •    Python

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation. Antivirus Solutions may detect it as a threat. However it is due to the features in the exploitation framework.

arachni - Web Application Security Scanner Framework

  •    Ruby

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

WebSploit Framework

  •    

WebSploit Framework

DioNiSio Scanner

  •    C

DioNiSio is a DNS scanner written in ANSI C that only depends on sockets library and libc. It implements 3 scan methods (dictionary, massive reverse lookup and recursive zone transfers). Targeted to portability, rational resources usage, and easy use.

Zmap - The Internet Scanner

  •    C

ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet. ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet.

raptor - Web-based Source Code Vulnerability Scanner

  •    Javascript

Raptor is a web-based (web-serivce + UI) github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available only to the user who initiated the scan. This tool is an attempt to help the community and start-up companies to emphasize on secure-coding. This tool may or may not match the features/quality of commercial alternatives, nothing is guaranteed and you have been warned. This tool is targeted to be used by security code-reviewers and/or developers with secure-coding experience to find vulnerability entry-points during code-audits or peer reviews. Please DO NOT trust the tool's output blindly. This is best-used if you plug Raptor into your CI/CD pipeline.

Inno Network Sniffer

  •    

This is a IP scanner cum Network Sniffer, t can scan Live Public IP and scan any computer on the LAN. More over it can give a detailed system Information

vulscan - Advanced vulnerability scanning with Nmap NSE

  •    Lua

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

WPSeku - WPSeku - Wordpress Security Scanner

  •    Python

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.