RAWR – Rapid Assessment of Web Resources
RAWR is a python tool that is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats. It uses NMap(live or from file), Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an identified web service and gathers as much data as possible.
Features
- A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
- An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
A report on relevent security headers, courtesy of SmeegeSec. - a CSV Threat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
- A wordlist for each host, comprised of all words found in responses. (including crawl, if used).
- Default password suggestions through checking a service’s CPE for matches in the DPE Database.
- A shelve database of all host information. (planned comparison functionality)
- Parses meta-data in documents and photos using customizable modules.
- Supports the use of a proxy (Burp, Zap, W3aF)
- Can take screenshots of RDP and non-passworded VNC interfaces.
- Will make multiple web calls based on user-supplied list of user-agents.
- Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
- [Optional] Will notify via email or SMS when scan is complete.
- [Optional] Customizable crawl of links within the host’s domain.
- [Optional] PNG Diagram of all pages found during crawl
- [Optional] List of links crawled in tiered format.
- [Optional] List of documents seen for each site.
- [Optional] Automation-Friendly output (JSON strings)