Eagle: vulnerability scanner
Project Eagle
Project Eagle is a plugin-based vulnerabilities scanner with threading support used for the detection of low-hanging bugs on a mass scale.
Features
- CRLF
- Sensitive files e.g(.git, info.php ..)
- Subdomain takeover
- Anonymous FTP login
- S3 buckets misconfiguration including automatic takeover and upload
- HTTP Request Smuggling
- Firebase database misconfiguration
- Sensitive information disclosure e.g(API Keys, Secrets ..) including JS files and HTML pages
- Missing SPF Records
- Path Traversal
- PHP-CGI – CVE_2012_1823
- Shell Shock – CVE_2014_6271
- Struts RCE – CVE_2018_11776
- WebLogic RCE – CVE_2019_2725
- Confluence LFI – CVE_2019_3396
- Ruby on Rails LFI – CVE_2019_5418
- Atlassian SSRF – CVE_2019_8451
- Apache Httpd mod_rewrite – CVE_2019_10098
TODO-Features
- XSS Detection
- SSRF Attacks
- Platform Detection
- Platform-Based attacks
- Automatic Login bruteforce
- Automatic directory bruteforce
- Parameter gathering and fuzzing
- Detecting Error messages
- Ability to select plugins
- Automatic updates
- Port Scanning and service detection
Install
git clone https://github.com/BitTheByte/Eagle.git
cd Eagle
python3 -m pip install -r requirements.txt
Use
Ping
This mode is only for checking online targets
$ python3 main.py -f domains.txt –ping
Basic usage
$ python3 main.py -f domains.txt
domains.txt: is a text file containing hostnames or ips, newline separated
Advanced usage
$ python3 main.py -f domains.txt -w 10 –db output.db.json
domains.txt: is a text file containing hostnames or ips, newline separated
output.db.json: json formated output of the tool (will be used to restore state in future releases)
10: is the number of working threads. keep in mind, workers are able to start workers for their work not limited by this number
Debug (verbose) mode
$ python3 main.py …args -v*?
v: success, warning vv: success, warning, error vvv: all supported messages
Developed and maintained: @BitTheByte Idea: @K4r1it0
Source: https://github.com/BitTheByte/
