Hey Folks, in this tutorial we will discuss on an interesting tool called “REDHAWK“. It’s an all in one tool for information gathering and vulnerability scanning. The tool uses multiple combinations of other third party tools as well as currently is able to detect the following CMSs (Content Management Systems).
Let’s take a look 🙂 !!
Now first of all we will download this project using git command from gitub and after cloning the repository then we will go to the directory of this tool.
Note : make sure you should have php module to execute this tool.
git clone https://github.com/Tuhinshubhra/RED_HAWK
cd RED_HAWKDone 🙂 !! The configuration is complete and now we can use this tool using the following command. Now we have entered our target details and protocol related details on which the website is running. Basically if the target website is running on HTTP protocol then you have to enter “1” otherwise “2″.
php rhawk.phpGreat 🙂 !! As you can see it has dumped some useful information related to the target website such as webserver, IP address, cms, cloudflare etc.
If you want to collect information related to the DNS server of the target website then you can use option “4”.
Similarly by using the “5” option of this tool we can calculate the subnet mask of this target web application.
Often developers forget to add security to the active service running on the server, allowing the attacker to exploit those loopholes and remotely acquire the entire web server. So we use the following tools to find available or open ports on target web server.
In addition, we can retrieve subdomain details through a particular host.
Now we will choose option “11” to perform a basic scan against the target web server.
Done 🙂 !! As you can see for yourself what kind of details we get after using the basic scan feature of this tool.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.
View Comments
Hello, I think your blog might be having browser compatibility issues. When I look at your blog in Opera, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, very good blog!
you're truly a good webmaster. The web site loading velocity is amazing. It seems that you're doing any distinctive trick. Furthermore, The contents are masterwork. you've performed a great process in this topic!