The Multi-Tool Web Vulnerability Scanner.

Overview

GitHub issues GitHub issues GitHub forks GitHub stars GitHub license

🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner

RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1.1 releases section. Download and use it if you still haven't upgraded to Python 3. Kindly note that the v1.1 (Python2.7) will not be enhanced further.

Evolution:

It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.

Enter RapidScan.

Features

  • one-step installation.
  • executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
  • some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, amass, nikto etc executes under one entity.
  • saves a lot of time, indeed a lot time!.
  • checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
  • extremely light-weight and not process intensive.
  • legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.
  • association with OWASP Top 10 & CWE 25 on the list of vulnerabilities discovered. (under development)
  • critical, high, medium, low and informational classification of vulnerabilities.
  • vulnerability definitions guides you what the vulnerability actually is and the threat it can pose.
  • remediation tells you how to plug/fix the found vulnerability.
  • executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered.
  • artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)
  • detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development)
  • on the run metasploit auxilliary modules to discover more vulnerabilities. (under development)

FYI:

  • program is still under development, works and currently supports 80 vulnerability tests.
  • parallel processing is not yet implemented, may be coded as more tests gets introduced.

Vulnerability Checks

  • ✔️ DNS/HTTP Load Balancers & Web Application Firewalls.
  • ✔️ Checks for Joomla, WordPress and Drupal
  • ✔️ SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
  • ✔️ Commonly Opened Ports.
  • ✔️ DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
  • ✔️ Sub-Domains Brute Forcing (DNSMap, amass, nikto)
  • ✔️ Open Directory/File Brute Forcing.
  • ✔️ Shallow XSS, SQLi and BSQLi Banners.
  • ✔️ Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).
  • & more coming up...

Requirements

  • Python 3
  • Kali OS (Preferred, as it is shipped with almost all the tools)
  • Tested with Parrot & Ubuntu Operating Systems.

Usage

python3 rapidscan.py example.com

RapidScan.-.Start.scanning.a.website.in.20.seconds.mp4

Docker Support

To run a scan for example.com the command below has to be run. After completion reports can be found in the current path under reports.

docker run -t --rm -v $(pwd)/reports:/reports kanolato/rapidscan example.com

Contribution

Comments
  • Update Dockerfile for python 3

    Update Dockerfile for python 3

    Thanks for the python 3 update.

    The docker file should be updated and tested as well, I haven’t tested whether it currently works, but it looks like python3 is not installed, so I think the Dockerfile is currently broken.

    opened by tristanlatr 6
  • unique output file names

    unique output file names

    stomping over the same file with all sorts of results... well... not even worth a pull request... but I added a few lines to disambiguate them - the main bit is:

    date = subprocess.Popen(["date", "+%Y-%m-%d.%s"],stdout=subprocess.PIPE).stdout.read()[:-1].decode("utf-8") debuglog = "rs.dbg.%s.%s" % (target, date) vulreport = "rs.vul.%s.%s" % (target, date)

    That will create files that look like "rs.vul.google.com.2022-01-03.1641255361" or w/e.

    I'd also advocate creating a vulnerability file even if nothing was found; e.g. change this:

    if len(rs_vul_list)==0: print("\t"+bcolors.OKGREEN+"No Vulnerabilities Detected."+bcolors.ENDC)

    To be a report.write(*) with the same text or w/e (not blank, since it could die in mid run and you wouldn't know if it really was zero vuls or not.) First time I ran it I wasn't sure if there was a bug or what, since no result file was created.

    YMMV, IMHO, etc.

    opened by zenfish 4
  • Broken Dockerfile

    Broken Dockerfile

    Hi, it looks like the docker image cannot be build with the latest kali distributions :/

    I'm unsure which python dependencies have docutils as a requirements, tho.

    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:
    
    The following packages have unmet dependencies:
     python-docutils : Depends: docutils-common (= 0.12+dfsg-1) but 0.16+dfsg-4 is to be installed
                       Recommends: python-pil but it is not going to be installed
                       Recommends: python-pygments but it is not going to be installed
                       Recommends: libpaper-utils but it is not going to be installed
                       Recommends: docutils-doc (= 0.12+dfsg-1) but it is not going to be installed
     python-requests : Depends: python-chardet but it is not installable
    E: Unable to correct problems, you have held broken packages.
    The command '/bin/sh -c apt-get install -y   python2.7   wget   dmitry   dnsrecon   wapiti   nmap   sslyze   dnsenum   wafw00f   golismero   dirb   host   lbd   xsser   dnsmap   dnswalk   fierce   davtest   whatweb   nikto   uniscan   whois   theharvester' returned a non-zero code: 100
    
    opened by tristanlatr 4
  • scanning tool unavailable even if it available

    scanning tool unavailable even if it available

    Screenshot_2019-08-24-01-33-54-96

    I have nikto dimtry sslyze dnsrecon and golismer and other tool the script rapid scan still tell me that tool unavailable above script and on scan progress??

    opened by ringawy 4
  • Fixes #22

    Fixes #22

    Hi @sh4nx0r ,

    This PR adds some changes such that the code is using argparse to parse the arguments.

    And it fixes #22 with argument --skip.

    Edit: we should read 22 on the commit message not 12...

    opened by tristanlatr 3
  • Possibility to disable some tools

    Possibility to disable some tools

    Hi,

    I've been running into issues with DMitry, the scan takes more than 48h, which is not acceptable.

    I was wondering if there is an option to disable a specific tool using the rapidscan docker container ?

    Thanks

    opened by tristanlatr 3
  • fierce unrecognized arguments: -dns

    fierce unrecognized arguments: -dns

    I got unrecognized -dns arguments error.

    Fierce Subdomains Bruter - Brute Forces Subdomain Discovery.

    usage: fierce [-h] [--domain DOMAIN] [--connect] [--wide] [--traverse TRAVERSE] [--search SEARCH [SEARCH ...]] [--range RANGE] [--delay DELAY] [--subdomains SUBDOMAINS [SUBDOMAINS ...] | --subdomain-file SUBDOMAIN_FILE] [--dns-servers DNS_SERVERS [DNS_SERVERS ...] | --dns-file DNS_FILE] [--tcp] fierce: error: unrecognized arguments: -dns example.com

    opened by ghost 3
  • Upgrading to Python 3

    Upgrading to Python 3

    Hello!

    I really liked your tool, you surely have put a lot of effort into this tool, and I see that the development is still under progress. Don't you think that it will be a better idea to shift this tool to Python 3 as this is the future. Python 2 is deprecating with the passage of time. If you're willing to make the transition, I can work with you, we can together make the proper changings to shift from Python 2 to Python 3. Waiting for your thoughts on it. Thanks

    opened by njmulsqb 3
  • Update tool not recognizing

    Update tool not recognizing

    Good day, I wanted to do push for your code cause harvester is not working on latest Kali because of the name. So here you go the code, you can review it and make push. Its not big modification but theharvester is now theHarvester, if you go with theharvester it will tell you bash command not found.

    line 216 ["theHarvester","The Harvester - Scans for emails using Google's passive search.","theHarvester",1], line 301 ["theHarvester -l 50 -b google -d ",""], line 665 ["wapiti"], ["whatweb"], ["nmap"], ["golismero"], ["host"], ["wget"], ["uniscan"], ["wafw00f"], ["dirb"], ["davtest"], ["theHarvester"], ["xsser"], ["dnsrecon"],["fierce"], ["dnswalk"], ["whois"], ["sslyze"], ["lbd"], ["golismero"], ["dnsenum"],["dmitry"], ["davtest"], ["nikto"], ["dnsmap"] line

    bug 
    opened by Bitt3r 3
  • UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdd in position 1541: invalid continuation byte

    UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdd in position 1541: invalid continuation byte

    Traceback (most recent call last): File "/Users/ayhan/Downloads/rapidscan-master/rapidscan.py", line 1514, in rs_tool_output_file = open(temp_file).read() File "/usr/local/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/codecs.py", line 322, in decode (result, consumed) = self._buffer_decode(data, self.errors, final) UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdd in position 1541: invalid continuation byte

    opened by ayhanbaris 2
  • borked dockerfile

    borked dockerfile

    MacOS 10.15.7 (Catalina)

    TLDR; run an apt-get before anything else... you either need to ignore keys altogether or use some alternate method to get the Kali pubkey (curl, wget, etc. aren't in the baseimage.) Alternate workaround after errors building:

    Sending build context to Docker daemon 3.565MB Step 1/10 : FROM kalilinux/kali-rolling ---> c2fadbc65f8d Step 2/10 : ENV DEBIAN_FRONTEND noninteractive ---> Using cache ---> fd58a73e4d8b Step 3/10 : RUN apt-get update && apt-get -yu dist-upgrade -y ---> Running in 73b26ccf950e Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease [30.6 kB] Err:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 Reading package lists... W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/kali-archive-keyring.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: GPG error: http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 E: The repository 'http://http.kali.org/kali kali-rolling InRelease' is not signed. The command '/bin/sh -c apt-get update && apt-get -yu dist-upgrade -y' returned a non-zero code: 100

    You can do the somewhat crazy :

    RUN apt -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update

    Or actually get the key somehow. If you do the above, three more changes were necessary to make the dockerfile work -

    1. add the "--allow-unauthenticated" to apt-get RUN line
    2. change python to python3 in the apt-get package listing.
    3. change the last line from: ENTRYPOINT ["/usr/local/bin/rapidscan.py"] -> ENTRYPOINT ["python3", "/usr/local/bin/rapidscan.py"]
    opened by zenfish 2
  • Nmap takes forever

    Nmap takes forever

    It seems that scans take quite long to complete or maybe there is some issue.

    I have run the scan and nmap was running for 2 hours before i killed it and Fierce subdomains bruter is the same story (haven't killed it yet).

    Is this normal? Shall I wait for more, or is there something wrong?

    opened by kleozzy 0
  • Have a --version flag

    Have a --version flag

    That would be nice to be able to check if we're running the latest version of rapidscan.

    I wouldn't trust the --update flag to update rapidsan, it's likely resulting in permission error.

    opened by tristanlatr 0
  • HTML reports missing

    HTML reports missing

    Hello,

    I've run rapidscan via docker and it seems like all report files are fine. The temp_uniscan_rfi file says:

    HTML report saved in: report/www.my-domain.com.html

    But there is no HTML document. Any ideas?

    opened by linslin 1
Releases(v1.1)
  • v1.1(Oct 23, 2021)

    The v1.1 is a fully-functional version of RapidScan suitable for domains or websites supporting Python 2.7. Python 3 is not supported.

    The upcoming version 1.2 will be supporting Python 3.

    This release is not optimized for scanning network devices like firewalls, routers, etc.

    The v2.0 will contain the Bug-Bounty module. The v3.0 which is still under development that supports scanning of both the websites and network devices.

    Source code(tar.gz)
    Source code(zip)
  • v1.0(Nov 7, 2018)

    The v1.0 is a fully-functional version of RapidScan suitable for domains or websites. This release is not optimized for scanning network devices like firewalls, routers, etc.

    The v2.0 which is still under development will be supporting both the websites and network devices.

    Source code(tar.gz)
    Source code(zip)
Owner
skavngr
My rants and ramblings on info-sec.
skavngr
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021

donky16 34 Nov 15, 2022
Windows Virus who destroy some impotants files on C:\windows\system32\

psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

H-Tech-Dev36 1 Jan 06, 2022
Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT. This repository includes tools and documentation for the Cryptick device.

1 Dec 31, 2021
A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

Zhe 1 Dec 28, 2021
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

Aang Ardiansyah-XD 2 Dec 24, 2021
Local server for IDA Lumina feature

About POC of an offline server for IDA Lumina feature.

Synacktiv 166 Dec 30, 2022
An open-source post-exploitation framework for students, researchers and developers.

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

dvm 8.1k Dec 31, 2022
PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

Y-Security 1 Jan 31, 2022
BETA: Layla - recon tool for bug bounty

WELCOME TO LAYLA Layla is a python script that automatically performs recon on a

Matheus Faria 68 Jan 04, 2023
logmap: Log4j2 jndi injection fuzz tool

logmap - Log4j2 jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use http

之乎者也 67 Oct 25, 2022
GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

Mathew Payne 121 Dec 14, 2022
QHack-2022 - Solutions to the Coding Challenges of QHack 2022

QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

Isacco Gobbi 1 Feb 14, 2022
The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022
Genpyteal - Experiment to rewrite Python into PyTeal using RedBaron

genpyteal Converts Python to PyTeal. Your mileage will vary depending on how muc

Jason Livesay 9 Oct 19, 2022
A collection of intelligence about Log4Shell and its exploitation activity

Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

Curated Intel 172 Nov 17, 2022
A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a

Evan J. Markowitz 4 Dec 23, 2021
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

258 Jan 02, 2023
RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

RedDrop Exfil Server Check out the accompanying MaverisLabs Blog Post Here! RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers,

53 Nov 01, 2022