Installation:
- git clone https://github.com/c0dejump/HawkScan.git && sudo python HawkScan/setup.py
- pip(3) install -r requirements.txt
- If problem with pip3:
- sudo python3 -m pip install -r requirements.txt
Demo
Features:
- URL fuzzing and dir/file detection
- Test backup/old file on all the files found (index.php.bak, index.php~ ...)
- Check header information
- Check DNS information
- Check whois information
- User-agent random or personal
- Extract files
- Keep a trace of the scan
- Check @mail in the website and check if @mails leaked
- CMS detection + version and vulns
- Subdomain Checker
- Backup system (if the script stopped, it take again in same place)
- WAF detection
- Add personal prefix
- Auto update script
- Auto or personal output of scan (scan.txt)
- Check Github
- Recursif dir/file
- Scan with an authenfication cookie
- Option --profil to pass profil page during the scan
- HTML report
- Work it with py2 and py3
- Add option rate-limit if app is unstable (--timesleep)
- Check in waybackmachine
- Response error to WAF
- Check if DataBase firebaseio existe and accessible
- Automatic threads depending response to website (and reconfig if WAF detected too many times). Max: 30
- Search S3 buckets in source code page
- Testing bypass of waf if detected
- Testing if it's possible scanning with "localhost" host
- Dockerfile
- Try differents bypass for 403 code error
- JS parsing and analysis
- Google Dork
Usage
hawkscan.py [-h] [-u URL] [-w WORDLIST] [-s SUBDOMAINS] [-t THREAD] [-a USER_AGENT]
[--redirect] [-r] [-p PREFIX] [-o OUTPUT] [--cookie COOKIE_] [--exclude EXCLUDE] [--timesleep TS]
[--auto] [--js]
Optional Arguments
- -h, --help show this help message and exit
- -u URL URL to scan [required]
- -w WORDLIST Wordlist used for URL Fuzzing. Default: dico.txt
- -s SUBDOMAINS Subdomain tester
- -t THREAD Number of threads to use for URL Fuzzing. Default: 20
- -a USER_AGENT Choice user-agent
- --redirect For scan with redirect response (301/302)
- -r Recursive dir/files
- -p PREFIX Add prefix in wordlist to scan
- -o OUTPUT Output to site_scan.txt (default in website directory)
- -b Add a backup file scan like 'exemple.com/~exemple/, exemple.com/ex.php.bak...' but longer
- -H HEADER_ modify HEADER
- --exclude EXCLUDE To define a page or response code status type to exclude during scan
- --timesleep TS To define a timesleep/rate-limit if app is unstable during scan
- --auto Automatic threads depending response to website. Max: 30
- --update For automatic update
- --js For try to found keys or token in the javascript page
Example
//Basic
python hawkscan.py -u https://www.exemple.com/
//With specific dico
python hawkscan.py -u https://www.exemple.com/ -w dico_extra.txt
//with 30 threads
python hawkscan.py -u https://www.exemple.com/ -t 30
//With backup files scan
python hawkscan.py -u https://www.exemple.com/ -b
//With an exclude page
python hawkscan.py -u https://www.exemple.com/ --exclude https://www.exemple.com/profile.php?id=1
//With an exclude response code
python hawkscan.py -u https://www.exemple.com/ --exclude 403