base on All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers <p align="center"> <img src="https://i.imgur.com/GNWwMFb.png" width="600px"> </p> #### Version 2.0.0 #### By R3D#@0R_2H1N A.K.A Tuhinshubhra All in one tool for **Information Gathering** and **Vulnerability Scanning** # Scans That You Can Perform Using RED HAWK : + Basic Scan - Site Title **NEW** - IP Address - Web Server Detection `IMPROVED` - CMS Detection - Cloudflare Detection - robots.txt Scanner + Whois Lookup `IMPROVED` + Geo-IP Lookup + Grab Banners `IMPROVED` + DNS Lookup + Subnet Calculator + Nmap Port Scan + Sub-Domain Scanner `IMPROVED` - Sub Domain - IP Address + Reverse IP Lookup & CMS Detection `IMPROVED` - Hostname - IP Address - CMS + Error Based SQLi Scanner + Bloggers View **NEW** - HTTP Response Code - Site Title - Alexa Ranking - Domain Authority - Page Authority - Social Links Extractor - Link Grabber + WordPress Scan **NEW** - Sensitive Files Crawling - Version Detection - Version Vulnerability Scanner + Crawler + MX Lookup **NEW** + Scan For Everything - _The Old Lame Scanner_ --- # Released Versions: - Version 1.0.0 [11-06-2017] - Version 1.1.0 [15-06-2017] - Version 2.0.0 [11-08-2017] # Changelog: - Version 1.0.0 - Initial Launch - Version 1.1.0 - Updated The `fix` command - Version 2.0.0 - Separated all scans so that you are served the amount of information you need - `Sub-Domain Scanner` improved - `fix` command improved - `Web Server Detection` Improved - `CMS Detection` Improved - `Banner Grabbing` Improved - Added `WordPress Scanner` - Added `Bloggers View` - Added `MX Lookup` - Added `Update` option - RED HAWK Banner Updated - Many Other Internal Fixes # Installation: 1. Run The Tool and Type `fix` This will Install All Required Modules. 2. For The Bloggers View To Work Properly you have to configure RED HAWK with moz.com's api keys for that follow the following steps: **How To Configure RED HAWK with moz.com for Bloggers View Scan** + Create an account in moz follow this link : https://moz.com/community/join + After successful account creation and completing the verification you need to generate the API Keys + You can get your API Keys here: https://moz.com/products/mozscape/access + Get your AccessID and SecretKey and replace the `$accessID` and `$secretKey` variable's value in the `config.php` file + All set, now you can enjoy the bloggers view. # Usage: - git clone `https://github.com/Tuhinshubhra/RED_HAWK` - cd RED_HAWK - php rhawk.php - Use the "help" command to see the command list or type in the domain name you want to scan (without Http:// OR Https://). - Select whether The Site Runs On HTTPS or not. - Select the type of scan you want to perform - Leave the rest to the scanner # List of CMS Supported RED HAWK's `CMS Detector` currently is able to detect the following CMSs (Content Management Systems) in case the website is using some other CMS, Detector will return _could not detect_. - WordPress - Joomla - Drupal - Magento # Known Issues **ISSUE:** Scanner Stops Working After Cloudflare Detection! **SOLUTION:** Use The `fix` Command OR Manually Install *php-curl* & *php-xml* Watch The Video TO See How To Solve This Isuue : https://www.youtube.com/watch?v=QuFPY9NFTM8 # Video Demonstration <a href="https://www.youtube.com/watch?v=Jt9kBFiJDrE" target="_blank"><img src="https://i.imgur.com/SXDWohl.png" alt="Video Thumbnail" border="10" /></a> # Suggestions And Feedbacks Want to contribute to RED HAWK or point out something wrong? Just create a new issue here: https://github.com/Tuhinshubhra/RED_HAWK/issues/new I'd love to hear from you. # Support and Donations Found RED HAWK cool? well you could buy me a cup of tea ;) (no alcohol plz xD) just send any amount of donations (in BTC) to this address : **1NbiQidWWVVhWknsfPSN1MuksF8cbXWCku** Can't donate? well that's no problem just drop a **THANK YOU** this will motivate me to create more exciting stuffs for you ;) # TODOs - Make a proper update option ( Installs current version automatically ) - Add more CMS to the detector - Improve The WordPress Scanner ( Add User, Theme & Plugins Enumeration ) - Create a web version of the scanner - Add XSS & LFI Scanner - Improve the Links grabber thingy under bloggers view - Add some other scans under the Bloggers View ", Assign "at most 3 tags" to the expected json: {"id":"4582","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"