🕸️
Web vulnerability detection

RapidScan

RapidScan is a multi-tool web vulnerability scanner created to automate running several security scanning tools to find vulnerabilities, evaluate false positives, correlate findings, and save time during penetration testing engagements. While the Python2.7 source is accessible under the v1.1 releases section, the tool has been translated to Python3 (v1.2).

Tool Source

RapidScan is a versatile web vulnerability scanner that's created to streamline the task of running multiple security scanning tools for uncovering vulnerabilities. It automates the scanning process, assesses potential false positives, correlates results, and saves time during penetration testing assignments. The tool has been updated to Python 3 (v1.2), but you can still find the Python 2.7 codebase in the v1.1 releases section.

Features

  • 1One-step     installation.
  • 2Executes     a multitude of security scanning tools, custom-coded checks, and prints     the results spontaneously.
  • 3Tools     include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd,     theharvester, amass, nikto, etc., all executed under one entity.
  • 4Saves     time by checking for the same vulnerabilities with multiple tools, helping     to zero in on false positives effectively.
  • 5Lightweight     and not process-intensive.
  • 6Legends     to help you understand which tests may take longer, so you can skip if     needed.
  • 7Association     with OWASP Top 10 & CWE 25 on the list of vulnerabilities discovered     (under development).
  • 8Critical,     high, medium, low, and informational classification of vulnerabilities.
  • 9Vulnerability     definitions guide you on what the vulnerability actually is and the threat     it can pose.
  • 10Remediation     information to help you fix the found vulnerability.
  • 11Executive     summary provides an overall context of the scan performed with critical,     high, low, and informational issues discovered.
  • 12Artificial     intelligence to deploy tools automatically depending upon the issues found     (under development).
  • 13Detailed     comprehensive report in a portable document format (*.pdf) with complete     details of the scans and tools used (under development).
  • 14On-the-run     Metasploit auxiliary modules to discover more vulnerabilities (under     development).

Vulnerability Checks

·        DNS/HTTP Load Balancers & Web ApplicationFirewalls.

·        Checks for Joomla, WordPress, and Drupal.

·        SSL-related Vulnerabilities (HEARTBLEED, FREAK,POODLE, CCS Injection, LOGJAM, OCSP Stapling).

·        Commonly Opened Ports.

·        DNS Zone Transfers using multiple tools (Fierce,DNSWalk, DNSRecon, DNSEnum).

·        Sub-Domains Brute Forcing (DNSMap, amass,nikto).

·        Open Directory/File Brute Forcing.

·        Shallow XSS, SQLi, and BSQLi Banners.

·        Slow-Loris DoS Attack, LFI (Local FileInclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).

Installation

Usage

Demo

FullDemo

Navigation

HomeTools

Services by CQR

Penetration Testing
Social Engineering
OSINT Recon
Vulnerability Assessment
Automotive Penetration Testing
DevSecOps
Smart Contract Audit
Incident Response
SOC Services
Risk Assessment
API Penetration Testing
Active Directory Audit
Fuzz Testing
Security Code Review
NOC Service
Forensics
Reverse Engineering

Related Posts

OSINT Recon: what is open source inteligence

October 2, 2023

Explore Tools Categories

🔎

Osint

🎩

Brute-force

🥷

Active directory

📵

Wireless security

🌩️

Cloud Security

🧩

Network assessment

🕸️

Web vulnerability detection

📶

Wireless Attacks

📝

Information Gathering Tools

👓

Sniffing & Spoofing

⚠️

Stress Testing

⚗️

Forensics Tools

💫

Vulnerability Analysis

Tools