Rapidscan - The Multi-Tool Spider Web Vulnerability Scanner


Evolution:
It is quite a fuss for a pentester to perform binge-tool-scanning (running safety scanning tools 1 afterward the other) sans automation. Unless yous are a pro at automating stuff, it is a herculean chore to perform binge-scan for each together with every engagement. The ultimate destination of this programme is to solve this work through automation; viz. running multiple scanning tools to honor vulnerabilities, effectively gauge false-positives, collectively correlate results together with saves precious time; all these nether 1 roof.
Enter RapidScan.

Features
  • one-step installation.
  • executes a multitude of safety scanning tools, does other custom coded checks together with prints the results spontaneously.
  • some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismero etc executes nether 1 entity.
  • saves a lot of time, indeed a lot time!.
  • checks for same vulnerabilities amongst multiple tools to assistance yous zero-in on imitation positives effectively.
  • legends to assistance yous sympathise which tests may guide maintain longer time, then yous tin Ctrl+C to skip if needed.
  • association amongst OWASP Top 10 2017 on the listing of vulnerabilities discovered. (under development)
  • critical, high, medium, depression together with informational classification of vulnerabilities.
  • vulnerability definitions guides yous what the vulnerability truly is together with the threat it tin pose. (under development)
  • remediations tells yous how to plug/fix the constitute vulnerability. (under development)
  • executive summary gives yous an overall context of the scan performed amongst critical, high, depression together with informational issues discovered. (under development)
  • artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan together with plecost tools when a wordpress installation is found. (under development)
  • detailed comprehensive report inwards a portable document format (*.pdf) amongst consummate details of the scans together with tools used. (under development)

FYI:
  • program is nevertheless nether development, works together with currently supports 80 vulnerability tests.
  • parallel processing is non yet implemented, may hold out coded every bit to a greater extent than tests gets introduced.

Vulnerability Checks
  • DNS/HTTP Load Balancers & Web Application Firewalls.
  • Checks for Joomla, WordPress together with Drupal
  • SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
  • Commonly Opened Ports.
  • DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
  • Sub-Domains Brute Forcing.
  • Open Directory/File Brute Forcing.
  • Shallow XSS, SQLi together with BSQLi Banners.
  • Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).
  • & to a greater extent than coming up...

Requirements
  • Python 2.7
  • Kali OS (Preferred, every bit it is shipped amongst near all the tools)
    For other OS flavours, working on a docker support. Hang on.

Usage
Download the script together with laissez passer on executable permissions
  • wget -O rapidscan.py https://raw.githubusercontent.com/skavngr/rapidscan/master/rapidscan.py && chmod +x rapidscan.py

Help


Output



Contribution