rapidscan v1.1 releases: The Multi-Tool Web Vulnerability Scanner

RapidScan – The Multi-Tool Web Vulnerability Scanner

It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.

Features

• one-step installation.
• executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
• some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismeroetc executes under one entity.
• saves a lot of time, indeed a lot of time!.
• checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
• legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.
• vulnerability definitions guide you what the vulnerability actually is and the threat it can pose. (under development)
• remediations tell you how to plug/fix the found vulnerability. (under development)
• executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)
• artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)

Vulnerability Checks

• ✔️ DNS/HTTP Load Balancers & Web Application Firewalls.
• ✔️ Checks for Joomla, WordPress, and Drupal
• ✔️ SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
• ✔️ Commonly Opened Ports.
• ✔️ DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
• ✔️ Sub-Domains Brute Forcing.
• ✔️ Open Directory/File Brute Forcing.
• ✔️ Shallow XSS, SQLi, and BSQLi Banners.
• ✔️ Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).
• & more coming up…

Download

wget -O rapidscan.py https://raw.githubusercontent.com/skavngr/rapidscan/master/rapidscan.py

Usage

Copyright (C) sh4nx0r

Source: https://github.com/skavngr/