All in one tool for Information Gathering and Vulnerability Scanning

Overview

Version 2.0.0

By R3D#@0R_2H1N A.K.A Tuhinshubhra

All in one tool for Information Gathering and Vulnerability Scanning

Scans That You Can Perform Using RED HAWK :

  • Basic Scan
    • Site Title NEW
    • IP Address
    • Web Server Detection IMPROVED
    • CMS Detection
    • Cloudflare Detection
    • robots.txt Scanner
  • Whois Lookup IMPROVED
  • Geo-IP Lookup
  • Grab Banners IMPROVED
  • DNS Lookup
  • Subnet Calculator
  • Nmap Port Scan
  • Sub-Domain Scanner IMPROVED
    • Sub Domain
    • IP Address
  • Reverse IP Lookup & CMS Detection IMPROVED
    • Hostname
    • IP Address
    • CMS
  • Error Based SQLi Scanner
  • Bloggers View NEW
    • HTTP Response Code
    • Site Title
    • Alexa Ranking
    • Domain Authority
    • Page Authority
    • Social Links Extractor
    • Link Grabber
  • WordPress Scan NEW
    • Sensitive Files Crawling
    • Version Detection
    • Version Vulnerability Scanner
  • Crawler
  • MX Lookup NEW
  • Scan For Everything - The Old Lame Scanner

Released Versions:

- Version 1.0.0 [11-06-2017]
- Version 1.1.0 [15-06-2017]
- Version 2.0.0 [11-08-2017]

Changelog:

  • Version 1.0.0
    • Initial Launch
  • Version 1.1.0
    • Updated The fix command
  • Version 2.0.0
    • Separated all scans so that you are served the amount of information you need
    • Sub-Domain Scanner improved
    • fix command improved
    • Web Server Detection Improved
    • CMS Detection Improved
    • Banner Grabbing Improved
    • Added WordPress Scanner
    • Added Bloggers View
    • Added MX Lookup
    • Added Update option
    • RED HAWK Banner Updated
    • Many Other Internal Fixes

Installation:

  1. Run The Tool and Type fix This will Install All Required Modules.
  2. For The Bloggers View To Work Properly you have to configure RED HAWK with moz.com's api keys for that follow the following steps:

How To Configure RED HAWK with moz.com for Bloggers View Scan

  • Create an account in moz follow this link : https://moz.com/community/join
  • After successful account creation and completing the verification you need to generate the API Keys
  • You can get your API Keys here: https://moz.com/products/mozscape/access
  • Get your AccessID and SecretKey and replace the $accessID and $secretKey variable's value in the config.php file
  • All set, now you can enjoy the bloggers view.

Usage:

  • git clone https://github.com/Tuhinshubhra/RED_HAWK
  • cd RED_HAWK
  • php rhawk.php
  • Use the "help" command to see the command list or type in the domain name you want to scan (without Http:// OR Https://).
  • Select whether The Site Runs On HTTPS or not.
  • Select the type of scan you want to perform
  • Leave the rest to the scanner

List of CMS Supported

RED HAWK's CMS Detector currently is able to detect the following CMSs (Content Management Systems) in case the website is using some other CMS, Detector will return could not detect.

  • WordPress
  • Joomla
  • Drupal
  • Magento

Known Issues

ISSUE: Scanner Stops Working After Cloudflare Detection!

SOLUTION: Use The fix Command OR Manually Install php-curl & php-xml

Watch The Video TO See How To Solve This Isuue : https://www.youtube.com/watch?v=QuFPY9NFTM8

Video Demonstration

Video Thumbnail

Suggestions And Feedbacks

Want to contribute to RED HAWK or point out something wrong? Just create a new issue here: https://github.com/Tuhinshubhra/RED_HAWK/issues/new I'd love to hear from you.

Support and Donations

Found RED HAWK cool? well you could buy me a cup of tea ;) (no alcohol plz xD) just send any amount of donations (in BTC) to this address : 1NbiQidWWVVhWknsfPSN1MuksF8cbXWCku

Can't donate? well that's no problem just drop a THANK YOU this will motivate me to create more exciting stuffs for you ;)

TODOs

  • Make a proper update option ( Installs current version automatically )
  • Add more CMS to the detector
  • Improve The WordPress Scanner ( Add User, Theme & Plugins Enumeration )
  • Create a web version of the scanner
  • Add XSS & LFI Scanner
  • Improve the Links grabber thingy under bloggers view
  • Add some other scans under the Bloggers View
Comments
  • Feature: Write/Print Results

    Feature: Write/Print Results

    Thanks for the versatile script. Currently, I have to manually add the results to a file or other tools for further analysis. The script I'm using was included with the LazyScript.

    Thank You Donations coming soon ;)

    opened by BioFunker 4
  • username and password

    username and password

    When git cloning into RED_HAWK using termux it asks for a username and password then fails the authentication if not provided I've never had this happen before Thank you for your work KrTKl909

    opened by Resjior 3
  • this tool ****** disgrease

    this tool ****** disgrease

    just a tool the messed with differ system and php coding and also not giiving any vulenarable reasult hope to developer should improve allthought it is a nice light tool but something messed up

    opened by iamkinso 3
  • Added

    Added "update" command.

    Simply enough just syncs with the newest available origin/master. Related to one of TODOs: "Make a proper update option ( Installs current version automatically )".

    opened by Crowfunder 2
  • Problem with in app Robots.txt

    Problem with in app Robots.txt

    When I type in 0 in app or A for all every time it gets to Robots File it shows, “(info) Robots File: root@kali:~RED_HAWK# “ I let it sit for about 10 mins or so and nothing happens. So I hit the minize button and went back in and after the # it shows the blinking box like I need to type?

    opened by TestingKaliLinux 2
  • Wordpress User Enumeration Support

    Wordpress User Enumeration Support

    I added a single Module for You to use if You need to to integrate Admin. As well I took a stab at integrating but for some reason Red_Hawk isn't running for Me on Kali or Win but My Tool does that I added, can You get this all ironed out and merge for me?

    opened by devcoinfet 2
  • Pressing [F] in scan menu quits application

    Pressing [F] in scan menu quits application

    [11] WordPress Scan (Only If The Target Site Runs On WP) [12] Crawler [13] MX Lookup [A] Scan For Everything - (The Old Lame Scanner) [F] Fix (Checks For Required Modules and Installs Missing Ones) [U] Check For Updates [B] Scan Another Website (Back To Site Selection) [Q] Quit!

    [#] Choose Any Scan OR Action From The Above List: fix

    [!] Invalid Input! Please Enter a Valid Option!

    [#] Choose Any Scan OR Action From The Above List: F

    root@supersecretkali:~/red_hawk#

    This also happens with a lowercase f

    opened by pieterhouwen 2
  • Some Feedback & Issue

    Some Feedback & Issue

    @Tuhinshubhra It's nice tool for information gathering. But i was disappointed that when i scan an website SQL Scanner Not work. Is it work as SQL Map or not?. Please Add scanner for XSS,XSRF Vulnerability ,if it possible.

    opened by prashantbhatt007 2
  • Make a env var-based execution mode

    Make a env var-based execution mode

    Frankly, I love this tool but I find it so limited by the fact it's interactive. That would be so much simpler if we could just define options as variables before executing it, so that we could run scans in scripts and store results in files. At the moment, the only solution for this is to use pipes |, echo and wait instructions but that's really unconvenient. Tell me what you think !

    opened by raphoester 1
  • RED HAWK ISSUE

    RED HAWK ISSUE

    When I selected "Reverse IP Lookup & CMS Detection" this program closes immediately. Also there is a problem with "Basic Recon", "SQLi Scanner", "Bloggers View", "Crawler" options. Can you please solve this problems?

    opened by srhternl 1
  • How to use

    How to use

    In order to scan individual person..what to use....Facebook ID. Com. Email address.com ..zoom address .com...or jus username?? how to use INSTEAD of a website ?? And do I need to ROOT?? Doesn't say .OBVIOUSLY A BEGINNER....thank u so much for ur [email protected]

    opened by MDALEY2964 0
  • "error valid key required"

    I am receiving the error: "error valid key required" when executing a few of the functions, i.e. nmap port scans, subdomain scans, OSINT, etc. I cloned the program and ran it in a few different environments/distros with the same result.

    opened by B00MSL4NG 0
  • GeoIP error

    GeoIP error

    I was analyzing a Brazilian government website, and when I clicked to show the GeoIP, the coordinates took me to a lake in the United States

    I don't understand this problem

    opened by PSevenTech 0
  • Random exit on option [9] + [10]

    Random exit on option [9] + [10]

    So far all options work well with RED_HAWK except [9] and [10], as soon as I select the option, it completes and exists the program so I have to reopen and type in everything again to resume scanning/enumerating.

    opened by abundov 0
Owner
r3dhax0r
If I'm not hacking / tinkering with stuffs, you'll prolly find me working on games!
r3dhax0r
Github Action which checks Security issues scanning package manager files

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

Druid 0 May 5, 2022
Laravel Automated Vulnerability Scanner

Todo Laravel Fingerprint Laravel Leak .env Laravel Debug Mode Laravel CVE-2018-15133 Laravel Ignition CVE-2021-3129 Insecure Deserialization with APP_

Carlos Vieira 52 Dec 4, 2022
WPHunter A Wordpress Vulnerability Scanner

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Jamal Eddine 140 Dec 24, 2022
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

Dermot Blair 145 Nov 20, 2022
2 functions which work together to sanitize the the information from a form from SQL_Inyection.

Form_sanitizer 2 functions which work together to sanitize the the information from a form from SQL_Inyection. How to use the 2 functions Once you cop

Gorrian 1 Jul 19, 2022
ChestRandomBP: This plugin generates chests in random places within a specific world. Where you can customize what each one of them contains, the time and the world of spawning.

ChestRandomBP ChestRandomBP: This plugin generates chests, it works PocketMine-MP and random places within a specific world. Where you can customize w

null 5 Sep 19, 2021
On International Talk Like a Pirate Day (September 19th), this filter changes all appropriate English phrases and words into pirate-speak.

Pirate This module is a simple filter that, when enabled, will change your posts to "Pirate talk" on September 19th for Talk like a Pirate Day Install

Backdrop CMS contributed projects 3 Oct 26, 2021
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 5, 2023
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Ambionics Security 2.5k Jan 4, 2023
Tool to store text encrypted in the cloud.

CryptPaste The free open source way to store encrypted text. How it works First your input is encrypted in the browser with javascript, then it is enc

null 0 Jan 10, 2022
Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Wellington Barbosa 2 Dec 15, 2021
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
PHP 5.x support for random_bytes() and random_int()

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

Paragon Initiative Enterprises 8k Jan 5, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
A library for generating random numbers and strings

RandomLib A library for generating random numbers and strings of various strengths. This library is useful in security contexts. Install Via Composer

Anthony Ferrara 832 Nov 24, 2022
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022