skavngr / rapidscan Goto Github PK
View Code? Open in Web Editor NEW:new: The Multi-Tool Web Vulnerability Scanner.
License: GNU General Public License v2.0
:new: The Multi-Tool Web Vulnerability Scanner.
License: GNU General Public License v2.0
Test Case: The Harvester - Scans for emails using Google's passive search
The command theHarvester -l 50 -b google -d URL
results in the following error because the google
source is invalid:
[!] Invalid source.
hi,
i am getting errors like for most of the scanning steps:
/bin/sh: 1: cannot create /tmp/rapidscan_temp_nmap_telnet: Permission denied . . . /bin/sh: 1: cannot create /tmp/rapidscan_temp_nmap_rdp_tcp: Permission denied
What might cause this?
Hi, @sh4nx0r,
I'm opening this issue because I think rapidscan should have a way to ignore/skip tools based on defined config at the discretion of the user.
Also, having to send the ctrl+C signal to alt a specific scan process do not permit to run the tool in an automated workflow.
I have a hack that introduces a --skip argument to permit such configuration see #23.
Would you be interested to merge such feature ?
Thanks,
Hello,
Can be exported the result in HTML format ?
A greeting and thanks
Hello!
I really liked your tool, you surely have put a lot of effort into this tool, and I see that the development is still under progress. Don't you think that it will be a better idea to shift this tool to Python 3 as this is the future. Python 2 is deprecating with the passage of time. If you're willing to make the transition, I can work with you, we can together make the proper changings to shift from Python 2 to Python 3. Waiting for your thoughts on it. Thanks
Hello,
Can someone please guide me how can I run this successfully on windows?
After running it, I'm seeing a bunch of output files but all stating batch file issues.
I looked into docker file and see that I should install few other tools first but need assistance how can I do that on windows without impacting my system.
Thanks
Hey There,
Amazing work on the script. I was planning to utilize the script at a few places in my CI-CD flow and I'd like to know how to install the required cli tools for ubuntu or arch?
Right now running (the names taken from dockerfile)
sudo apt install host whois sslyze wapiti nmap dmitry dnsenum dnsrecon dnswalk dirb wafw00f whatweb nikto lbd xsser fierce theharvester davtest uniscan amass
results in packages not being found on apt repos.
E: Unable to locate package sslyze
E: Unable to locate package lbd
E: Unable to locate package xsser
E: Unable to locate package fierce
E: Unable to locate package theharvester
E: Unable to locate package davtest
E: Unable to locate package uniscan
E: Unable to locate package amass
And running it without any installation skips 71
out of 80 tests so that's not nice :D
What am I missing?
Thanks
P S
First, I would like to thank you for the script. Many thanks! Amazing work.
With use the current version of Dockerfile, we cant build our own image, because we can see an error (and this is pretty essential addiction):
E: Unable to locate package golismero
You need to add a non-free repo to the Dockerfile - edit current Dockfile like this for example:
FROM kalilinux/kali-rolling
RUN echo "deb http://old.kali.org/kali sana main non-free contrib" >> ./etc/apt/sources.list
RUN apt-get update && apt-get -yu dist-upgrade -y
# etc
After updating with non-free repo, all work fine.
It seems that scans take quite long to complete or maybe there is some issue.
I have run the scan and nmap was running for 2 hours before i killed it and Fierce subdomains bruter is the same story (haven't killed it yet).
Is this normal? Shall I wait for more, or is there something wrong?
A docker image with all the tools pre-installed would be awesome
Rapid scan will tell you hey the site is vulnerable
but when you wanna fix the vulnerability it doesn't tell you where it is (eg... what ip and port its at)
me and my friend doing a job couldn't get rapidscan to tell us what ip and port a variability is at all it says is exists and nothing else
I got unrecognized -dns arguments error.
usage: fierce [-h] [--domain DOMAIN] [--connect] [--wide]
[--traverse TRAVERSE] [--search SEARCH [SEARCH ...]]
[--range RANGE] [--delay DELAY]
[--subdomains SUBDOMAINS [SUBDOMAINS ...] | --subdomain-file
SUBDOMAIN_FILE] [--dns-servers DNS_SERVERS [DNS_SERVERS ...] |
--dns-file DNS_FILE] [--tcp]
fierce: error: unrecognized arguments: -dns example.com
All the print statements in your tool are without parenthesis (), they're not enclosed in parenthesis and are generating syntax error whenever I try to run the code
That would be nice to be able to check if we're running the latest version of rapidscan.
I wouldn't trust the --update
flag to update rapidsan, it's likely resulting in permission error.
How to set request header e.g. Authorization?
Thanks for the python 3 update.
The docker file should be updated and tested as well, I haven’t tested whether it currently works, but it looks like python3 is not installed, so I think the Dockerfile is currently broken.
Hi, it looks like the docker image cannot be build with the latest kali distributions :/
I'm unsure which python dependencies have docutils
as a requirements, tho.
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
python-docutils : Depends: docutils-common (= 0.12+dfsg-1) but 0.16+dfsg-4 is to be installed
Recommends: python-pil but it is not going to be installed
Recommends: python-pygments but it is not going to be installed
Recommends: libpaper-utils but it is not going to be installed
Recommends: docutils-doc (= 0.12+dfsg-1) but it is not going to be installed
python-requests : Depends: python-chardet but it is not installable
E: Unable to correct problems, you have held broken packages.
The command '/bin/sh -c apt-get install -y python2.7 wget dmitry dnsrecon wapiti nmap sslyze dnsenum wafw00f golismero dirb host lbd xsser dnsmap dnswalk fierce davtest whatweb nikto uniscan whois theharvester' returned a non-zero code: 100
If run without internet connection or wget fails on this line
os.system('wget -N https://raw.githubusercontent.com/skavngr/rapidscan/master/rapidscan.py -O rapidscan.py > /dev/null 2>&1')
will overwrite rapiscan.py with 0 bytes essentially deleting its contents.
There needs to be a conditional here to see if the file was actually retrieved.
MacOS 10.15.7 (Catalina)
TLDR; run an apt-get before anything else... you either need to ignore keys altogether or use some alternate method to get the Kali pubkey (curl, wget, etc. aren't in the baseimage.) Alternate workaround after errors building:
Sending build context to Docker daemon 3.565MB Step 1/10 : FROM kalilinux/kali-rolling ---> c2fadbc65f8d Step 2/10 : ENV DEBIAN_FRONTEND noninteractive ---> Using cache ---> fd58a73e4d8b Step 3/10 : RUN apt-get update && apt-get -yu dist-upgrade -y ---> Running in 73b26ccf950e Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease [30.6 kB] Err:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 Reading package lists... W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/kali-archive-keyring.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: GPG error: http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 E: The repository 'http://http.kali.org/kali kali-rolling InRelease' is not signed. The command '/bin/sh -c apt-get update && apt-get -yu dist-upgrade -y' returned a non-zero code: 100
You can do the somewhat crazy :
RUN apt -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update
Or actually get the key somehow. If you do the above, three more changes were necessary to make the dockerfile work -
apt-get
RUN lineapt-get
package listing.ENTRYPOINT ["/usr/local/bin/rapidscan.py"]
-> ENTRYPOINT ["python3", "/usr/local/bin/rapidscan.py"]
Please add a requirement file that allows to download the tools that the user doesn't have this is not a issue .
Good day,
I wanted to do push for your code cause harvester is not working on latest Kali because of the name. So here you go the code, you can review it and make push.
Its not big modification but theharvester is now theHarvester, if you go with theharvester it will tell you bash command not found.
line 216 ["theHarvester","The Harvester - Scans for emails using Google's passive search.","theHarvester",1],
line 301 ["theHarvester -l 50 -b google -d ",""],
line 665 ["wapiti"], ["whatweb"], ["nmap"], ["golismero"], ["host"], ["wget"], ["uniscan"], ["wafw00f"], ["dirb"], ["davtest"], ["theHarvester"], ["xsser"], ["dnsrecon"],["fierce"], ["dnswalk"], ["whois"], ["sslyze"], ["lbd"], ["golismero"], ["dnsenum"],["dmitry"], ["davtest"], ["nikto"], ["dnsmap"]
line
This code only works with python2, not python3, so best to add this into the docs.
stomping over the same file with all sorts of results... well... not even worth a pull request... but I added a few lines to disambiguate them - the main bit is:
date = subprocess.Popen(["date", "+%Y-%m-%d.%s"],stdout=subprocess.PIPE).stdout.read()[:-1].decode("utf-8") debuglog = "rs.dbg.%s.%s" % (target, date) vulreport = "rs.vul.%s.%s" % (target, date)
That will create files that look like "rs.vul.google.com.2022-01-03.1641255361" or w/e.
I'd also advocate creating a vulnerability file even if nothing was found; e.g. change this:
if len(rs_vul_list)==0: print("\t"+bcolors.OKGREEN+"No Vulnerabilities Detected."+bcolors.ENDC)
To be a report.write(*)
with the same text or w/e (not blank, since it could die in mid run and you wouldn't know if it really was zero vuls or not.) First time I ran it I wasn't sure if there was a bug or what, since no result file was created.
YMMV, IMHO, etc.
Traceback (most recent call last):
File "/home/akihiko/rapidscan/rapidscan.py", line 1514, in
rs_tool_output_file = open(temp_file).read()
^^^^^^^^^^^^^^^^^^^^^^
File "", line 322, in decode
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x99 in position 404: invalid start byte
Hi I am using this awesome tool from last two days but still can't figure out how do I find the vulnerable domain/subdomain . I mean I get few critical vuln notification when testing a domain can't find which subdomain/parameter is vulnerable Rapidscan only showing the warning but not the vulnerable url/parameter.
Can you please help?
Traceback (most recent call last):
File "/Users/ayhan/Downloads/rapidscan-master/rapidscan.py", line 1514, in
rs_tool_output_file = open(temp_file).read()
File "/usr/local/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdd in position 1541: invalid continuation byte
Hi,
I've been running into issues with DMitry
, the scan takes more than 48h, which is not acceptable.
I was wondering if there is an option to disable a specific tool using the rapidscan docker container ?
Thanks
Hello,
I've run rapidscan via docker and it seems like all report files are fine. The temp_uniscan_rfi
file says:
HTML report saved in: report/www.my-domain.com.html
But there is no HTML document. Any ideas?
This is an excellent project thanks for making this project available for public.
when I run this program I got the following error .
Traceback (most recent call last):
File "./rapidscan.py", line 805, in
rs_tool_output_file = open(temp_file).read()
IOError: [Errno 2] No such file or directory: 'temp_nikto_headers'
To show what additional tools can be installed to provide richer testing.
Thanks for your consideration!
The test case 8/80 | XSSer - Checks for Cross-Site Scripting [XSS] Attacks.
The XSSer command have http://
hardcoded. This result in error if you test rapidscan against HTTPS urls.
Is there oportunity run scanner with some credentials or session cookies ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.