Clone wiki

RAWR / Home

RAWR - Rapid Assessment of Web Resources


by: @al14s - Romans 5:6-8

Twitter: @RapidWebEnum | Freenode: #rawr-project

Home | Installation | Usage | Community | FAQ


  • A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
    • 1.7.png

  • An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
    • 1.3.png

  • A report on relevent security headers, courtesy of SmeegeSec.
    • Screenshot from 2014-06-23 21:19:13.png

  • a CSV Threat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
    • 1.82.png

  • A wordlist for each host, comprised of all words found in responses. (including crawl, if used).

  • Default password suggestions through checking a service's CPE for matches in the DPE Database.

  • A shelve database of all host information. (planned comparison functionality)

  • Parses meta-data in documents and photos using customizable modules.

  • Supports the use of a proxy (Burp, Zap, W3aF)

  • Can take screenshots of RDP and non-passworded VNC interfaces.

  • Will make multiple web calls based on user-supplied list of user-agents.

  • Captures/stores SSL Certificates, Cookies, and Cross-domain.xml

  • [Optional] Will notify via email or SMS when scan is complete.

  • [Optional] Customizable crawl of links within the host's domain.

  • [Optional] PNG Diagram of all pages found during crawl

    • 1.4.png

  • [Optional] List of links crawled in tiered format.

  • [Optional] List of documents seen for each site.

  • [Optional] Automation-Friendly output (JSON strings)