All Projects β†’ evyatarmeged β†’ Raccoon

evyatarmeged / Raccoon

Licence: mit
A high performance offensive security tool for reconnaissance and vulnerability scanning

Programming Languages

python
139335 projects - #7 most used programming language
lua
6591 projects
Dockerfile
14818 projects

Projects that are alternatives of or similar to Raccoon

Vault
swiss army knife for hackers
Stars: ✭ 346 (-85.03%)
Mutual labels:  osint, hacking, pentesting, scanner, hacking-tool, information-gathering, offensive-security, fuzzing
Rapidscan
πŸ†• The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (-66.48%)
Mutual labels:  scanner, reconnaissance, security-scanner, enumeration, offensive-security, vulnerability-assessment, vulnerability-scanner
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+213.41%)
Mutual labels:  hacking, pentesting, scanner, hacking-tool, fuzzing, enumeration, pentest-tool
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+46.67%)
Mutual labels:  osint, hacking, hacking-tool, pentest-tool, reconnaissance, information-gathering
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-88.37%)
Mutual labels:  osint, hacking, pentesting, scanner, pentest-tool, information-gathering
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (-61.2%)
Mutual labels:  hacking, scanner, hacking-tool, security-scanner, vulnerability-assessment, vulnerability-scanner
Scilla
πŸ΄β€β˜ οΈ Information Gathering tool πŸ΄β€β˜ οΈ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-94.98%)
Mutual labels:  hacking, pentesting, hacking-tool, reconnaissance, information-gathering, enumeration
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (-21.11%)
Mutual labels:  hacking, scanner, hacking-tool, security-scanner, enumeration, offensive-security
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-92.13%)
Mutual labels:  hacking, pentesting, hacking-tool, enumeration, offensive-security
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+48.75%)
Mutual labels:  osint, scanner, reconnaissance, information-gathering, pentesting
Badkarma
network reconnaissance toolkit
Stars: ✭ 353 (-84.73%)
Mutual labels:  hacking, pentest-tool, reconnaissance, information-gathering, offensive-security
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+288.45%)
Mutual labels:  osint, hacking, pentesting, hacking-tool, information-gathering
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-76.6%)
Mutual labels:  osint, pentesting, pentest-tool, reconnaissance, offensive-security
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (-16.61%)
Mutual labels:  hacking, scanner, hacking-tool, enumeration, offensive-security
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-81.53%)
Mutual labels:  osint, hacking, pentesting, hacking-tool, reconnaissance
Deadtrap
An OSINT tool to gather information about the real owner of a phone number
Stars: ✭ 73 (-96.84%)
Mutual labels:  osint, hacking, scanner, reconnaissance, information-gathering
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (-62.85%)
Mutual labels:  pentesting, scanner, reconnaissance, enumeration
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (-62.37%)
Mutual labels:  hacking, pentesting, hacking-tool, enumeration
Eyes
πŸ‘€ πŸ–₯️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" πŸ” πŸ•΅οΈ
Stars: ✭ 38 (-98.36%)
Mutual labels:  pentesting, pentest-tool, reconnaissance, information-gathering
Sn0int
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (-64.79%)
Mutual labels:  osint, pentesting, reconnaissance, security-scanner

Raccoon

Racoon

Offensive Security Tool for Reconnaissance and Information Gathering

Build Status license os pythonver raccoonver

Features
  • DNS details
  • DNS visual mapping using DNS dumpster
  • WHOIS information
  • TLS Data - supported ciphers, TLS versions, certificate details and SANs
  • Port Scan
  • Services and scripts scan
  • URL fuzzing and dir/file detection
  • Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce
  • Web application data retrieval:
    • CMS detection
    • Web server info and X-Powered-By
    • robots.txt and sitemap extraction
    • Cookie inspection
    • Extracts all fuzzable URLs
    • Discovers HTML forms
    • Retrieves all Email addresses
    • Scans target for vulnerable S3 buckets and enumerates them for sensitive files
  • Detects known WAFs
  • Supports anonymous routing through Tor/Proxies
  • Uses asyncio for improved performance
  • Saves output to files - separates targets by folders and modules by files
Roadmap and TODOs
  • Expand, test, and merge the "owasp" branch with more web application attacks and scans (#28)
  • Support more providers for vulnerable storage scan (#27)
  • Add more WAFs, better detection
  • Support multiple hosts (read from file)
  • Rate limit evasion
  • IP ranges support
  • CIDR notation support
  • More output formats (JSON at the very least)

About

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.
It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.

As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments.

For more options - see "Usage".

Installation

For the latest stable version:

pip install raccoon-scanner
# To run:
raccoon [OPTIONS]

Please note Raccoon requires Python3.5+ so may need to use pip3 install raccoon-scanner.
You can also clone the GitHub repository for the latest features and changes:

git clone https://github.com/evyatarmeged/Raccoon.git
cd Raccoon
python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used
# Or
python setup.py develop # Changes to code will be reflected in calls to raccoon. This can be undone by using python setup.py develop --uninstall
# Finally
raccoon [OPTIONS] [TARGET]

macOS

To support Raccoon on macOS you need to have gtimeout on your machine.
gtimeout can be installed by running brew install coreutils.

Docker

# Build the docker image
docker build -t evyatarmeged/raccoon .
# Run a scan, As this a non-root container we need to save the output under the user's home which is /home/raccoon
docker run --name raccoon evyatarmeged/raccoon:latest  example.com -o /home/raccoon
Prerequisites

Raccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon.
OpenSSL is also used for TLS/SSL scans and should be installed as well.

Usage


Usage: raccoon [OPTIONS] TARGET

Options:
  --version                      Show the version and exit.
  -d, --dns-records TEXT         Comma separated DNS records to query.
                                 Defaults to: A,MX,NS,CNAME,SOA,TXT
  --tor-routing                  Route HTTP traffic through Tor (uses port
                                 9050). Slows total runtime significantly
  --proxy-list TEXT              Path to proxy list file that would be used
                                 for routing HTTP traffic. A proxy from the
                                 list will be chosen at random for each
                                 request. Slows total runtime
  -c, --cookies TEXT             Comma separated cookies to add to the
                                 requests. Should be in the form of key:value
                                 Example: PHPSESSID:12345,isMobile:false
  --proxy TEXT                   Proxy address to route HTTP traffic through.
                                 Slows total runtime
  -w, --wordlist TEXT            Path to wordlist that would be used for URL
                                 fuzzing
  -T, --threads INTEGER          Number of threads to use for URL
                                 Fuzzing/Subdomain enumeration. Default: 25
  --ignored-response-codes TEXT  Comma separated list of HTTP status code to
                                 ignore for fuzzing. Defaults to:
                                 302,400,401,402,403,404,503,504
  --subdomain-list TEXT          Path to subdomain list file that would be
                                 used for enumeration
  -sc, --scripts                 Run Nmap scan with -sC flag
  -sv, --services                Run Nmap scan with -sV flag
  -f, --full-scan                Run Nmap scan with both -sV and -sC
  -p, --port TEXT                Use this port range for Nmap scan instead of
                                 the default
  --vulners-nmap-scan            Perform an NmapVulners scan. Runs instead of
                                 the regular Nmap scan and is longer.
  --vulners-path TEXT            Path to the custom nmap_vulners.nse script.If
                                 not used, Raccoon uses the built-in script it
                                 ships with.
  -fr, --follow-redirects        Follow redirects when fuzzing. Default: False
                                 (will not follow redirects)
  --tls-port INTEGER             Use this port for TLS queries. Default: 443
  --skip-health-check            Do not test for target host availability
  --no-url-fuzzing               Do not fuzz URLs
  --no-sub-enum                  Do not bruteforce subdomains
  --skip-nmap-scan               Do not perform an Nmap scan
  -q, --quiet                    Do not output to stdout
  -o, --outdir TEXT              Directory destination for scan output
  --help                         Show this message and exit.

Screenshots

poc2

Web application data including vulnerable S3 bucket:
somepoc

HTB challenge example scan:
poc

Nmap vulners scan results:
vulnerspoc

Results folder tree after a scan:
poc3

Contributing

Any and all contributions, issues, features and tips are welcome.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].