RAWR - Rapid Assessment of Web Resources
by: @al14s - Romans 5:6-8
Twitter: @RapidWebEnum | Freenode: #rawr-project
Home | Installation | Usage | Community | FAQ
- A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
- An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
- A report on relevent security headers, courtesy of SmeegeSec.
- a CSV Threat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
- A wordlist for each host, comprised of all words found in responses. (including crawl, if used).
- Default password suggestions through checking a service's CPE for matches in the DPE Database.
- A shelve database of all host information. (planned comparison functionality)
- Parses meta-data in documents and photos using customizable modules.
- Supports the use of a proxy (Burp, Zap, W3aF)
- Can take screenshots of RDP and non-passworded VNC interfaces.
- Will make multiple web calls based on user-supplied list of user-agents.
- Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
- [Optional] Will notify via email or SMS when scan is complete.
- [Optional] Customizable crawl of links within the host's domain.
- [Optional] PNG Diagram of all pages found during crawl
- [Optional] List of links crawled in tiered format.
- [Optional] List of documents seen for each site.
- [Optional] Automation-Friendly output (JSON strings)