Red Hawk: Information Gathering, Vulnerability Scanning, and Crawling

RED HAWK is a powerful tool for web reconnaissance, vulnerability scanning, and web crawling. It’s designed to help security researchers, penetration testers, and web developers gather information about websites, detect potential vulnerabilities, and gain insights into their target’s infrastructure. This blog post will walk you through the various scans you can perform using RED HAWK, how to install and configure it, and some known issues and their solutions.

Disclaimer

Disclaimer: This tool is intended for ethical use only. Always ensure you have proper authorization before scanning or testing any website. The authors and contributors of RED HAWK are not responsible for any misuse or illegal activities conducted with this tool.

Features

Scans that you can perform using RED HAWK:

• Basic Scan
• Site Title NEW
• IP Address
• Web Server Detection IMPROVED
• CMS Detection
• Cloudflare Detection
• robots.txt Scanner
• Whois Lookup IMPROVED
• Geo-IP Lookup
• Grab Banners IMPROVED
• DNS Lookup
• Subnet Calculator
• Nmap Port Scan
• Sub-Domain Scanner IMPROVED
• Reverse IP Lookup & CMS Detection IMPROVED
• Error Based SQLi Scanner
• Bloggers View NEW
• HTTP Response Code
• Alexa Ranking
• Domain Authority
• Page Authority
• Social Links Extractor
• Link Grabber
• WordPress Scan NEW
• Sensitive Files Crawling
• Version Detection
• Version Vulnerability Scanner
• Crawler
• MX Lookup NEW
• Scan For Everything - The Old Lame Scanner

Released Versions:

• Version 1.0.0 [11-06-2017]
• Version 1.1.0 [15-06-2017]
• Version 2.0.0 [11-08-2017]

Changelog:

Version 1.0.0

Initial Launch

Version 1.1.0

Updated The fix command

Version 2.0.0

Separated all scans so that you are served the amount of information you need

• Sub-Domain Scanner improved
• fix command improved
• Web Server Detection Improved
• CMS Detection Improved
• Banner Grabbing Improved
• Added WordPress Scanner
• Added Bloggers View
• Added MX Lookup
• Added Update option
• RED HAWK Banner Updated
• Many Other Internal Fixes

Installation:

Run The Tool and Type fix This will Install All Required Modules.

For The Bloggers View To Work Properly you have to configure RED HAWK with moz.com's API keys. Follow the steps below:

How To Configure RED HAWK with moz.com for Bloggers View Scan:

1. Create an account on moz: https://moz.com/community/join
2. After successful account creation and verification, generate the API Keys here: https://moz.com/products/mozscape/access
3. Get your AccessID and SecretKey and replace the $accessID and $secretKey variable's value in the config.php file
4. All set, now you can enjoy the bloggers view.

Usage:

$ git clone https://github.com/Tuhinshubhra/RED_HAWK

$ cd RED_HAWK

$ php rhawk.php

Use the help command to see the command list or type in the domain name you want to scan (without http:// OR https://).

Select whether The Site Runs On HTTPS or not.

Select the type of scan you want to perform.

Leave the rest to the scanner.

List of CMS Supported:

RED HAWK's CMS Detector currently is able to detect the following CMSs (Content Management Systems). If the website is using some other CMS, the detector will return "could not detect".

• WordPress
• Joomla
• Drupal
• Magento

Known Issues:

Issue: Scanner Stops Working After Cloudflare Detection!

Solution: Use the fix command OR manually install php-curl & php-xml.