HawkScan
1.0.0
在網站上收集偵察和信息的安全工具。 (Python 3.x)
- Add proxy function
- Redefining priorities/tasks
- Let's debug certificate subdomains results
- Display the current bypass number during scan ("CB:")
- Easter egg for xmas :)
- Option -nfs (not first step) to pass the first recon steps
- Google CSE before scan
- Creation of WIKI
- Detecting potential path disclosure into html webpage
- Detecting potential hidden directory
(有關更多詳細信息,請在changelog.md上使用)
- git clone https://github.com/c0dejump/HawkScan.git && sudo python3 HawkScan/setup.py install
- pip(3) install -r requirements.txt
- python3 -m pip install -r requirements.txt
P1是最重要的
[WIP]多個排除類似: - 隔離403,1337b [P1] [正在進行中](請參閱榜樣)
[WIP]匿名路由通過某些代理(HTTP/S代理列表)[P1] [IN進行] [WIP]重建響應掃描[P1] [P1] [WIP] Hexhttp替換“標頭信息”,然後掃描之前
usage: hawkscan.py [-h] [-u URL] [-f FILE_URL] [-t THREAD] [--exclude EXCLUDE [EXCLUDE ...]] [--auto] [--update] [-w WORDLIST] [-b [BACKUP ...]] [-p PREFIX] [-H HEADER_] [-a USER_AGENT] [--redirect] [--auth AUTH] [--timesleep TS] [--proxie PROXIE] [-r] [-s SUBDOMAINS] [--js] [--nfs] [--ffs] [--notify] [-o OUTPUT] [-of OUTPUT_TYPE]
> General:
-u URL URL to scan [required]
-f FILE_URL file with multiple URLs to scan
-t THREAD Number of threads to use for URL Fuzzing. Default: 30
--exclude EXCLUDE [EXCLUDE ...] Exclude page, response code, response size. (Exemples: --exclude 500,337b)
--auto Automatic threads depending response to website. Max: 30
--update For automatic update
--lightmode For a just simple fuzzing 1 request per second & a new session for each request
> Wordlist Settings:
-w WORDLIST Wordlist used for Fuzzing the desired webite. Default: dichawk.txt
-b Adding prefix/suffix backup extensions during the scan. (Exemples: exemple.com/~ex/, exemple.com/ex.php.bak...) /! beware, take more longer
-p PREFIX Add prefix in wordlist to scan
> Request Settings:
-H HEADER_ Modify header. (Exemple: -H "cookie: test")
-a USER_AGENT Choice user-agent. Default: Random
--redirect For scan with redirect response (301/302)
--auth AUTH HTTP authentification. (Exemples: --auth admin:admin)
--timesleep TS To define a timesleep/rate-limit if app is unstable during scan.
> Tips:
-r Recursive dir/files
-s SUBDOMAINS Subdomain tester
--js For try to found keys, token, sensitive endpoints... in the javascript page
--nfs Not the first step of scan during the first running (waf, vhosts, wayback etc...)
--ffs Force the first step of scan during the first running (waf, vhosts, wayback etc...)
--notify For receveid notify when the scan finished (only work on linux)
> Export Settings:
-o OUTPUT Output to site_scan.txt (default in website directory)
-of OUTPUT_TYPE Output file format. Available formats: json, csv, txt
//Basic
python hawkscan.py -u https://www.exemple.com/
//With specific dico
python hawkscan.py -u https://www.exemple.com/ -w dico_extra.txt
//with 30 threads
python hawkscan.py -u https://www.exemple.com/ -t 30
//With backup files scan
python hawkscan.py -u https://www.exemple.com/ -b
//With an exclude page
python hawkscan.py -u https://www.exemple.com/ --exclude profile.php
//With an exclude response code
python hawkscan.py -u https://www.exemple.com/ --exclude 403
//With an exclude bytes number
python hawkscan.py -u https://www.exemple.com/ --exclude 1337b
//With two excludes type
python hawkscan.py -u https://www.exemple.com/ --exclude 1337b,403
Layno(https://github.com/clayno/)[技術助手]
sanguinarius(https://twitter.com/sanguinarius_bt)[技術助手]
JAMB0N69(https://twitter.com/jamb0n69)[技術幫手]
cyber_ph4ntom(https://twitter.com/__ph4ntom__)[beta tester&徽標圖形師]
https://www.paypal.me/c0dejump
或者,如果您想給我咖啡:)
https://ko-fi.com/c0dejump
該腳本使用“ WAFW00F”在第一步中檢測WAF(https://github.com/enablesecurity/wafw00f)
此腳本使用“ sublist3r”來掃描子域(https://github.com/aboul3la/sublist3r)
