Convert Figma logo to code with AI

Tuhinshubhra logoRED_HAWK

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

2,969
838
2,969
13
View on GitHub

Top Related Projects

s0md3v's avatar

ReconDog

1,784

Reconnaissance Swiss Army Knife

Moham3dRiahi's avatar

XAttacker

1,545

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Manisso's avatar

fsociety

10,455

fsociety Hacking Tools Pack – A Penetration Testing Framework

sullo's avatar

nikto

8,470

Nikto web server scanner

Quick Overview

RED_HAWK is an all-in-one tool for information gathering, vulnerability scanning, and crawling. It's designed for penetration testers and security researchers to perform reconnaissance on target websites. The tool is written in PHP and can be run from the command line.

Pros

  • Comprehensive functionality: Includes various information gathering and scanning features in one tool
  • Easy to use: Simple command-line interface with clear options
  • Actively maintained: Regular updates and bug fixes
  • Open-source: Free to use and modify

Cons

  • Requires PHP: Not as portable as some other tools
  • Limited customization: Some users may prefer more granular control over individual scans
  • Potential for misuse: Like any security tool, it could be used maliciously if in the wrong hands
  • May trigger security alerts: Aggressive scanning could be detected by target systems

Getting Started

To use RED_HAWK, follow these steps:

  1. Clone the repository:

    git clone https://github.com/Tuhinshubhra/RED_HAWK.git

  2. Navigate to the RED_HAWK directory:

    cd RED_HAWK

  3. Run the tool:

    php rhawk.php

  4. Follow the on-screen prompts to enter the target domain and select the desired scan options.

Note: Ensure you have PHP installed on your system and that you have permission to scan the target website before using RED_HAWK.

Competitor Comparisons

s0md3v logo

ReconDog

1,784

Reconnaissance Swiss Army Knife

Pros of ReconDog

  • Lightweight and faster execution compared to RED_HAWK
  • Supports both Python 2 and Python 3
  • More focused on specific reconnaissance tasks

Cons of ReconDog

  • Fewer features and scanning options than RED_HAWK
  • Less active development and community support
  • Limited customization options for scans

Code Comparison

RED_HAWK (PHP):

function gethttpheader($site){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $site);
  curl_setopt($ch, CURLOPT_HEADER, true);
  curl_setopt($ch, CURLOPT_NOBODY, true);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $response = curl_exec($ch);
  return $response;
}

ReconDog (Python):

def request(url):
    try:
        return requests.get(url).text
    except:
        return False

Both tools aim to perform reconnaissance tasks, but RED_HAWK offers a more comprehensive set of features and is written in PHP, while ReconDog is a Python-based tool with a more streamlined approach. RED_HAWK provides a wider range of scanning options and has a larger user base, but ReconDog is lighter and supports both Python 2 and 3. The code comparison shows that RED_HAWK uses cURL for HTTP requests, while ReconDog relies on the requests library in Python.

Moham3dRiahi logo

XAttacker

1,545

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Pros of XAttacker

  • More extensive vulnerability scanning capabilities, including specific CMS exploits
  • Regularly updated with new features and vulnerability checks
  • Includes a user-friendly GUI option for easier operation

Cons of XAttacker

  • Larger codebase, potentially more complex to maintain and modify
  • May have a steeper learning curve for beginners due to its broader feature set
  • Requires more dependencies to be installed for full functionality

Code Comparison

XAttacker (exploit execution):

sub exploit {
    my ($url, $exploit, $shell_name) = @_;
    my $response = $ua->get("$url/$exploit");
    if ($response->content =~ /Success/) {
        print "[+] Exploit successful: $url/$shell_name\n";
    }
}

RED_HAWK (basic information gathering):

function gethttpheader($url) {
    $headers = get_headers($url);
    foreach($headers as $header) {
        echo $header."\n";
    }
}

Both tools focus on web vulnerability scanning and information gathering, but XAttacker offers a more comprehensive set of features for advanced users. RED_HAWK, on the other hand, provides a simpler, more straightforward approach that may be more suitable for beginners or quick reconnaissance tasks. The code snippets demonstrate the different languages used (Perl for XAttacker, PHP for RED_HAWK) and their approaches to handling web requests and exploits.

Manisso logo

fsociety

10,455

fsociety Hacking Tools Pack – A Penetration Testing Framework

Pros of fsociety

  • More comprehensive toolset with a wider range of functionalities
  • Active development and regular updates
  • Larger community and user base

Cons of fsociety

  • Potentially overwhelming for beginners due to its extensive feature set
  • May require more system resources due to its broader scope
  • Installation process can be more complex

Code Comparison

RED_HAWK (PHP):

function gethttpheader($site){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $site);
  curl_setopt($ch, CURLOPT_HEADER, true);
  curl_setopt($ch, CURLOPT_NOBODY, true);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $response = curl_exec($ch);
  return $response;
}

fsociety (Python):

def get_http_headers(url):
    try:
        response = requests.head(url, allow_redirects=True)
        return response.headers
    except requests.exceptions.RequestException as e:
        print(f"Error: {e}")
        return None

Both repositories offer information gathering tools, but fsociety provides a more extensive set of features beyond just reconnaissance. RED_HAWK focuses primarily on web-based information gathering and vulnerability scanning, while fsociety includes additional tools for penetration testing, exploitation, and post-exploitation tasks. RED_HAWK is written in PHP, making it easier to run on web servers, while fsociety is primarily Python-based, offering better cross-platform compatibility and easier integration with other Python tools.

sullo logo

nikto

8,470

Nikto web server scanner

Pros of nikto

  • More comprehensive and mature web server scanner with a larger database of vulnerabilities
  • Supports multiple output formats (HTML, CSV, XML) for better reporting flexibility
  • Actively maintained with regular updates and a larger community

Cons of nikto

  • Slower scanning speed compared to RED_HAWK
  • More complex setup and usage, requiring more technical expertise
  • Primarily focused on web server vulnerabilities, while RED_HAWK offers a broader range of information gathering tools

Code comparison

nikto:

sub nikto_headers {
    return if $mark->{'terminate'};
    my ($mark) = @_;
    my ($res, $content, $error, $request, $response) = nfetch($mark, "/", "GET", "", "", "", "headers");
    # ... (additional code)
}

RED_HAWK:

function gethttpheader($url){
  $h = get_headers($url);
  foreach($h as $hh){
    echo $hh."<br>";
  }
}

Both tools include functions for retrieving HTTP headers, but nikto's implementation is more complex and offers additional functionality, while RED_HAWK's approach is simpler and more straightforward.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Version 2.0.0

By R3D#@0R_2H1N A.K.A Tuhinshubhra

All in one tool for Information Gathering and Vulnerability Scanning

Scans That You Can Perform Using RED HAWK :

  • Basic Scan
    • Site Title NEW
    • IP Address
    • Web Server Detection IMPROVED
    • CMS Detection
    • Cloudflare Detection
    • robots.txt Scanner
  • Whois Lookup IMPROVED
  • Geo-IP Lookup
  • Grab Banners IMPROVED
  • DNS Lookup
  • Subnet Calculator
  • Nmap Port Scan
  • Sub-Domain Scanner IMPROVED
    • Sub Domain
    • IP Address
  • Reverse IP Lookup & CMS Detection IMPROVED
    • Hostname
    • IP Address
    • CMS
  • Error Based SQLi Scanner
  • Bloggers View NEW
    • HTTP Response Code
    • Site Title
    • Alexa Ranking
    • Domain Authority
    • Page Authority
    • Social Links Extractor
    • Link Grabber
  • WordPress Scan NEW
    • Sensitive Files Crawling
    • Version Detection
    • Version Vulnerability Scanner
  • Crawler
  • MX Lookup NEW
  • Scan For Everything - The Old Lame Scanner

Released Versions:

- Version 1.0.0 [11-06-2017]
- Version 1.1.0 [15-06-2017]
- Version 2.0.0 [11-08-2017]

Changelog:

  • Version 1.0.0
    • Initial Launch
  • Version 1.1.0
    • Updated The fix command
  • Version 2.0.0
    • Separated all scans so that you are served the amount of information you need
    • Sub-Domain Scanner improved
    • fix command improved
    • Web Server Detection Improved
    • CMS Detection Improved
    • Banner Grabbing Improved
    • Added WordPress Scanner
    • Added Bloggers View
    • Added MX Lookup
    • Added Update option
    • RED HAWK Banner Updated
    • Many Other Internal Fixes

Installation:

  1. Run The Tool and Type fix This will Install All Required Modules.
  2. For The Bloggers View To Work Properly you have to configure RED HAWK with moz.com's api keys for that follow the following steps:

How To Configure RED HAWK with moz.com for Bloggers View Scan

  • Create an account in moz follow this link : https://moz.com/community/join
  • After successful account creation and completing the verification you need to generate the API Keys
  • You can get your API Keys here: https://moz.com/products/mozscape/access
  • Get your AccessID and SecretKey and replace the $accessID and $secretKey variable's value in the config.php file
  • All set, now you can enjoy the bloggers view.

Usage:

  • git clone https://github.com/Tuhinshubhra/RED_HAWK
  • cd RED_HAWK
  • php rhawk.php
  • Use the "help" command to see the command list or type in the domain name you want to scan (without Http:// OR Https://).
  • Select whether The Site Runs On HTTPS or not.
  • Select the type of scan you want to perform
  • Leave the rest to the scanner

List of CMS Supported

RED HAWK's CMS Detector currently is able to detect the following CMSs (Content Management Systems) in case the website is using some other CMS, Detector will return could not detect.

  • WordPress
  • Joomla
  • Drupal
  • Magento

Known Issues

ISSUE: Scanner Stops Working After Cloudflare Detection!

SOLUTION: Use The fix Command OR Manually Install php-curl & php-xml

Watch The Video TO See How To Solve This Isuue : https://www.youtube.com/watch?v=QuFPY9NFTM8

Video Demonstration

Video Thumbnail

Suggestions And Feedbacks

Want to contribute to RED HAWK or point out something wrong? Just create a new issue here: https://github.com/Tuhinshubhra/RED_HAWK/issues/new I'd love to hear from you.

Support and Donations

Found RED HAWK cool? well you could buy me a cup of tea ;) (no alcohol plz xD) just send any amount of donations (in BTC) to this address : 1NbiQidWWVVhWknsfPSN1MuksF8cbXWCku

Can't donate? well that's no problem just drop a THANK YOU this will motivate me to create more exciting stuffs for you ;)

TODOs

  • Make a proper update option ( Installs current version automatically )
  • Add more CMS to the detector
  • Improve The WordPress Scanner ( Add User, Theme & Plugins Enumeration )
  • Create a web version of the scanner
  • Add XSS & LFI Scanner
  • Improve the Links grabber thingy under bloggers view
  • Add some other scans under the Bloggers View