News
! Version 1.5
! Auto activate JS during scan if the webite is full JS (website 2.0)
! Adding Dockerfile
Features
TODO
P1 is the most important
Usage
pip(3) install -r requirements.txt
If problem with pip3:
sudo python3 -m pip install -r requirements.txt
usage: hawkscan.py [-h] [-u URL] [-w WORDLIST] [-s SUBDOMAINS] [-t THREAD] [-a USER_AGENT] [–redirect] [-r]
Optional Arguments:
-h, –help show this help message and exit
-u URL URL to scan [required]
-w WORDLIST Wordlist used for URL Fuzzing. Default: dico.txt
-s SUBDOMAINS Subdomain tester
-t THREAD Number of threads to use for URL Fuzzing. Default: 20
-a USER_AGENT Choice user-agent
–redirect For scan with redirect response (301/302)
-r Recursive dir/files
-p PREFIX Add prefix in wordlist to scan
-o OUTPUT Output to site_scan.txt (default in website directory)
-b Add a backup file scan like ‘exemple.com/~exemple/, exemple.com/ex.php.bak…’ but longer
-H HEADER_ modify HEADER
–exclude EXCLUDE To define a page or response code status type to exclude during scan
–timesleep TS To define a timesleep/rate-limit if app is unstable during scan
–auto Automatic threads depending response to website. Max: 30
–update For automatic update
Examples
//Basic
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt
//With redirect
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 –redirect
//With backup files scan
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 -b
//With an exclude page
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 –exclude https://www.exemple.com/profile.php?id=1
//With an exclude response code
python hawkscan.py -u https://www.exemple.com -w dico_extra.txt -t 5 –exclude 403
Credit: Layno & Sanguinarius & Cyber_Ph4ntoM
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…