icon Book Free Consultation




  • git clone https://github.com/c0dejump/HawkScan.git && sudo python HawkScan/setup.py
  • pip(3) install -r requirements.txt  
  • If problem with pip3:     
  • sudo python3 -m pip install -r requirements.txt


Lock image


  • URL fuzzing and dir/file detection
  • Test backup/old file on all the files found (index.php.bak, index.php~ ...)
  • Check header information
  • Check DNS information
  • Check whois information
  • User-agent random or personal
  • Extract files
  • Keep a trace of the scan
  • Check @mail in the website and check if @mails leaked
  • CMS detection + version and vulns
  • Subdomain Checker
  • Backup system (if the script stopped, it take again in same place)
  • WAF detection
  • Add personal prefix
  • Auto update script
  • Auto or personal output of scan (scan.txt)
  • Check Github
  • Recursif dir/file
  • Scan with an authenfication cookie
  • Option --profil to pass profil page during the scan
  • HTML report
  • Work it with py2 and py3
  • Add option rate-limit if app is unstable (--timesleep)
  • Check in waybackmachine
  • Response error to WAF
  • Check if DataBase firebaseio existe and accessible
  • Automatic threads depending response to website (and reconfig if WAF detected too many times). Max: 30
  • Search S3 buckets in source code page
  • Testing bypass of waf if detected
  • Testing if it's possible scanning with "localhost" host
  • Dockerfile
  • Try differents bypass for 403 code error
  • JS parsing and analysis
  • Google Dork


hawkscan.py [-h] [-u URL] [-w WORDLIST] [-s SUBDOMAINS] [-t THREAD] [-a USER_AGENT]

[--redirect] [-r] [-p PREFIX] [-o OUTPUT] [--cookie COOKIE_] [--exclude EXCLUDE] [--timesleep TS]

[--auto] [--js]

Optional Arguments

  •  -h, --help         show this help message and exit
  •  -u URL             URL to scan [required]
  •  -w WORDLIST        Wordlist used for URL Fuzzing. Default: dico.txt
  •  -s SUBDOMAINS      Subdomain tester
  •  -t THREAD          Number of threads to use for URL Fuzzing. Default: 20
  •  -a USER_AGENT      Choice user-agent 
  •  --redirect         For scan with redirect response (301/302) 
  •  -r                 Recursive dir/files      
  •  -p PREFIX          Add prefix in wordlist to scan      
  •  -o OUTPUT          Output to site_scan.txt (default in website directory)       
  •  -b    Add a backup file scan like 'exemple.com/~exemple/, exemple.com/ex.php.bak...' but longer             
  •  -H HEADER_ modify HEADER              
  •  --exclude EXCLUDE  To define a page or response code status type to exclude during scan                                             
  •  --timesleep TS     To define a timesleep/rate-limit if app is unstable during scan                                 
  •  --auto     Automatic threads depending response to website. Max: 30      
  •  --update   For automatic update
  •  --js         For try to found keys or token in the javascript page  



python hawkscan.py -u https://www.exemple.com/

//With specific dico

python hawkscan.py -u https://www.exemple.com/ -w dico_extra.txt

 //with 30 threads

python hawkscan.py -u https://www.exemple.com/ -t 30

//With backup files scan

python hawkscan.py -u https://www.exemple.com/ -b

 //With an exclude page

python hawkscan.py -u https://www.exemple.com/ --exclude https://www.exemple.com/profile.php?id=1

//With an exclude response code

 python hawkscan.py -u https://www.exemple.com/ --exclude 403