Information Gathering, Vulnerability Scanning and Crawling using RED_HAWK
Information gathering is the pre-attack stage of the hacking process and ethical hackers make maximum efforts to ensure that the operations are conducted in a stealth mode to avoid any interruptions to the target system. Staying anonymous while conducting various tasks is vital to the hacking process.
In this tutorial, I'm going to introduce RED_HAWK tool developed by R3D#@0R_2H1N (Tuhinshubhra). The version two of this tool provides more enhanced features covering information gathering, vulnerability scanning and website crawling.
Go to the GitHub page of the RED_HAWK and copy the website URL for cloning. Alternatively, you can download the project as a ZIP file.
Open the Terminal and clone the project.
Change to the RED_HAWK folder and you will see that the tool is written using PHP programming language.
Run the php rhawk.php command to start the RED_HAWK tool. You will see the welcome screen listing all the options available to the user.
If you receive following errors, install those extensions before you continue the process.
[!] cURL Module Is Missing! Try 'fix' command OR Install php-curl
[!] DOM Module Is Missing! Try 'fix' command OR Install php-xml
You can use following commands to install missing extensions.
sudo apt-get install php-curl
sudo apt-get install php-xml
RED_HAWK will show a message to enter the web URL. Enter the website URL. If the website URL HTTPS instead of HTTP, you can specify that in the next step.
RED_HAWK will list all the actions you can perform using this tool. Enter the number entitled to that specific action.
Let's perform a basic reconnaissance on the website. Enter number zero (0). It will perform the scan. Depending on the website configuration it will show all the variables with or without values.
You can continue testing your website against other actions as well. This tutorial is bought you by Silver Trinity Enterprises.
In this tutorial, I'm going to introduce RED_HAWK tool developed by R3D#@0R_2H1N (Tuhinshubhra). The version two of this tool provides more enhanced features covering information gathering, vulnerability scanning and website crawling.
Installation
For this demonstration, I use Parrot operating system. Parrot Security OS is a Linux distribution based on Debian with a focus on computer security. It is designed for penetration testing, vulnerability assessment and mitigation, computer forensics and anonymous web browsing. You can use any Linux based operating system for this demonstration.Go to the GitHub page of the RED_HAWK and copy the website URL for cloning. Alternatively, you can download the project as a ZIP file.
Open the Terminal and clone the project.
Change to the RED_HAWK folder and you will see that the tool is written using PHP programming language.
Run the php rhawk.php command to start the RED_HAWK tool. You will see the welcome screen listing all the options available to the user.
If you receive following errors, install those extensions before you continue the process.
[!] cURL Module Is Missing! Try 'fix' command OR Install php-curl
[!] DOM Module Is Missing! Try 'fix' command OR Install php-xml
You can use following commands to install missing extensions.
sudo apt-get install php-curl
sudo apt-get install php-xml
RED_HAWK will show a message to enter the web URL. Enter the website URL. If the website URL HTTPS instead of HTTP, you can specify that in the next step.
RED_HAWK will list all the actions you can perform using this tool. Enter the number entitled to that specific action.
Let's perform a basic reconnaissance on the website. Enter number zero (0). It will perform the scan. Depending on the website configuration it will show all the variables with or without values.
You can continue testing your website against other actions as well. This tutorial is bought you by Silver Trinity Enterprises.
thank
ReplyDelete