RAWR - Rapid Assessment of Web Resources

by: @al14s - Romans 5:6-8

Twitter: @RapidWebEnum | Freenode: #rawr-project

Home | Installation | Usage | Community | FAQ

Features

• A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
  • 
    
    
• An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
  • 
    
    
• A report on relevent security headers, courtesy of SmeegeSec.
  • 
    
    
• a CSV Threat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
  • 
    
    
• A wordlist for each host, comprised of all words found in responses. (including crawl, if used).
  
  
• Default password suggestions through checking a service's CPE for matches in the DPE Database.
  
  
• A shelve database of all host information. (planned comparison functionality)
  
  
• Parses meta-data in documents and photos using customizable modules.
  
  
• Supports the use of a proxy (Burp, Zap, W3aF)
  
  
• Can take screenshots of RDP and non-passworded VNC interfaces.
  
  
• Will make multiple web calls based on user-supplied list of user-agents.
  
  
• Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
  
  
• [Optional] Will notify via email or SMS when scan is complete.
  
  
• [Optional] Customizable crawl of links within the host's domain.
  
  
• [Optional] PNG Diagram of all pages found during crawl
  
  
  • 
    
    
• [Optional] List of links crawled in tiered format.
  
  
• [Optional] List of documents seen for each site.
  
  
• [Optional] Automation-Friendly output (JSON strings)