HawkEye is a simple tool to crawl the filesystem or a directory looking for interesting stuff like SSH Keys, Log Files, Sqlite Database, password files, etc. Hawkeye uses a fast filesystem crawler to look through files recursively and then sends them for analysis in real time and presents the data in both json format and simple console output. The tool is built with a modular approach making it easy to use and easily extensible.
It can be used during pentests as a privilege escalation tool to look through the filesystem finding configuration files or ssh keys sometimes left by the sys-admins.
Also Read Maintaining Access to a Linux Machine Using Cymothoa – Post Exploitation
The installation is easy. Git clone the repo and run go build.
go get github.com/Ice3man543/hawkeye
If you wish to upgrade the package you can use:
go get -u github.com/Ice3man543/hawkeye
Hawkeye needs a directory to begin with. A directory can be supplied with -d
flag. For example –
./hawkeye -d <directory>
To run it against my home directory, i can pass /home/ice3man as the argument.
./hawkeye -d /home/ice3man
✘ ice3man@TheDaemon ~/tmp ./hawkeye -d /home/ice3man
_ _ _ ___
| || | __ _ __ __ __| |__| __|_ _ ___
| __ |/ _ |\ V V /| / /| _|| || |/ -_)
|_||_|\__,_| \_/\_/ |_\_\|___|\_, |\___|
|__/
Analysis v1.0 - by @Ice3man
[13:31:59] HawkEye : An advance filesystem analysis tool
[13:31:59] Written By : @Ice3man
[13:31:59] Github : https://github.com/Ice3man543
[Log file] /home/ice3man/.tplmap/tplmap.log
[Log file] /home/ice3man/burpsuite-master/hs_err_pid3028.log
[Log file] /home/ice3man/.log/jack/jackdbus.log
[Shell command history file] /home/ice3man/oldvps/root/.bash_history
[Shell configuration file] /home/ice3man/oldvps/root/.bashrc
You can use -v
flag to show verbose output. You can also get json output using -o
flag.
[
{
"path": "/home/ice3man/oldvps/root/.bash_history",
"description": "Shell command history file",
"comment": ""
},
{
"path": "/home/ice3man/oldvps/root/.profile",
"description": "Shell profile configuration file",
"comment": "Shell configuration files can contain passwords, API keys, hostnames and other goodies"
},
{
"path": "/home/ice3man/oldvps/root/.bashrc",
"description": "Shell configuration file",
"comment": "Shell configuration files can contain passwords, API keys, hostnames and other goodies"
},
]
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…