RAWR – Rapid Assessment of Web Resources

RAWR is a python tool that is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats.

The tool use NMap(live or from file), Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an identified web service and gathers as much data as possible.

RAWR - Rapid Assessment of Web Resources
RAWR – Rapid Assessment of Web Resources

Features included with this tool are:

  • A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
  • An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
  • A report on relevent security headers, courtesy of SmeegeSec.
  • a CSV Threat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
  • A wordlist for each host, comprised of all words found in responses. (including crawl, if used).
  • Default password suggestions through checking a service’s CPE for matches in the DPE Database.
  • A shelve database of all host information. (planned comparison functionality)
  • Parses meta-data in documents and photos using customizable modules.
  • Supports the use of a proxy (Burp, Zap, W3aF)
  • Can take screenshots of RDP and non-passworded VNC interfaces.
  • Will make multiple web calls based on user-supplied list of user-agents.

You can read more and download this tool over here: https://bitbucket.org/al14s/rawr/overview

Share