skavngr / Rapidscan
Licence: gpl-2.0
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Rapidscan
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+135.35%)
Mutual labels: kali-linux, security-tools, penetration-testing, scanner, security-scanner, enumeration, oscp, offensive-security
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+1041.16%)
Mutual labels: security-tools, vulnerabilities, vulnerability-scanners, security-scanner, vulnerability-detection, vulnerability-assessment, vulnerability-scanner, vulnerability-management
Vanquish
Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
Stars: ✭ 449 (-42.06%)
Mutual labels: kali-linux, penetration-testing, vulnerability-scanners, oscp, offensive-security, vulnerability-assessment, penetration-testing-framework
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+198.32%)
Mutual labels: scanner, reconnaissance, security-scanner, enumeration, offensive-security, vulnerability-assessment, vulnerability-scanner
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (-76.39%)
Mutual labels: kali-linux, security-tools, reconnaissance, vulnerability-scanners, vulnerability-detection, vulnerability-assessment
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+15.74%)
Mutual labels: security-tools, scanner, security-scanner, vulnerability-detection, vulnerability-assessment, vulnerability-scanner
Jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (-18.32%)
Mutual labels: penetration-testing, vulnerability-scanners, security-scanner, vulnerability-assessment, vulnerability-management, penetration-testing-framework
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-53.16%)
Mutual labels: security-tools, vulnerabilities, vulnerability-scanners, security-scanner, vulnerability-detection, vulnerability-management
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (+36.26%)
Mutual labels: scanner, vulnerability-scanners, vulnerability-detection, vulnerability-assessment, vulnerability-management
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-1.03%)
Mutual labels: security-tools, penetration-testing, scanner, oscp, offensive-security
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+197.42%)
Mutual labels: penetration-testing, vulnerability-scanners, security-scanner, vulnerability-detection, vulnerability-assessment
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-94.19%)
Mutual labels: penetration-testing, vulnerability-management, vulnerability-scanners, reconnaissance, penetration-testing-framework
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-86.45%)
Mutual labels: security-tools, vulnerability-scanners, security-scanner, vulnerability-detection, vulnerability-management
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-79.1%)
Mutual labels: security-tools, vulnerability-scanners, security-scanner, vulnerability-detection, vulnerability-management
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+1078.97%)
Mutual labels: security-tools, vulnerability-scanners, security-scanner, vulnerability-detection, vulnerability-assessment
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+148.77%)
Mutual labels: security-tools, penetration-testing, scanner, enumeration, offensive-security
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-46.71%)
Mutual labels: security-tools, scanner, vulnerability-scanners, vulnerability-detection, vulnerability-assessment
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+102.84%)
Mutual labels: scanner, enumeration, kali-linux, reconnaissance
Securitymanageframwork
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (-51.23%)
Mutual labels: scanner, vulnerability-scanners, vulnerability-detection, vulnerability-assessment
OSCP-A-Step-Forward
Opening the door, one reverse shell at a time
Stars: ✭ 126 (-83.74%)
Mutual labels: penetration-testing, kali-linux, offensive-security, oscp
:red_square: RapidScan - The Multi-Tool Web Vulnerability Scanner
Evolution:
It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.
Enter RapidScan.
Features
- one-step installation.
- executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
- some of the tools include
nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismeroetc executes under one entity. - saves a lot of time, indeed a lot time!.
- checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
-
legends to help you understand which tests may take longer time, so you can
Ctrl+Cto skip if needed. - association with OWASP Top 10 2017 on the list of vulnerabilities discovered. (under development)
- critical, high, medium, low and informational classification of vulnerabilities.
-
vulnerability definitions guides you what the vulnerability actually is and the threat it can pose. (
under development) -
remediations tells you how to plug/fix the found vulnerability. (
under development) - executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)
-
artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of
wpscanandplecosttools when a wordpress installation is found. (under development) - detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development)
FYI:
- program is still under development, works and currently supports 81 vulnerability tests.
- parallel processing is not yet implemented, may be coded as more tests gets introduced.
Vulnerability Checks
- ✔️ DNS/HTTP Load Balancers & Web Application Firewalls.
- ✔️ Checks for Joomla, WordPress and Drupal
- ✔️ SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
- ✔️ Commonly Opened Ports.
- ✔️ DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
- ✔️ Sub-Domains Brute Forcing (DNSMap, amass, nikto)
- ✔️ Open Directory/File Brute Forcing.
- ✔️ Shallow XSS, SQLi and BSQLi Banners.
- ✔️ Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).
- & more coming up...
Requirements
- Python 2.7
- Kali OS (Preferred, as it is shipped with almost all the tools)
- Tested with Parrot & Ubuntu Operating Systems.
Usage (One Liner to Initiate the Scan - For Non-Forkers & Non-Cloners)
Download the script, allow executable permissions & start the scan immediately
wget -O rapidscan.py https://raw.githubusercontent.com/skavngr/rapidscan/master/rapidscan.py && chmod +x rapidscan.py && ./rapidscan.py example.com
With Docker
To run a scan for example.com the command below has to be run. After completion reports can be found in the current path under reports.
docker run -t --rm -v $(pwd)/reports:/reports kanolato/rapidscan example.com
Help
Output
Contribution
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].