Raphael is a vulnerability scanning tool based on Python3.

Overview

Raphael

Raphael是一款基于Python3开发的插件式漏洞扫描工具。

Raphael is a vulnerability scanning tool based on Python3.

Usage

raphael.py -h

2021-12-30 18:54:32,198 | INFO  | Raphael Start ~
usage: raphael.py [-h] [-u HOST] [-k PLUGIN] [-l] [-p PORT] [-t THREAD] [-e] [-o OUTPUT] [-f FORMAT]

optional arguments:
  -h, --help                  show this help message and exit
  -u HOST, --host HOST        target host or file
  -k PLUGIN, --plugin PLUGIN  filter plugins by keyword
  -l, --list                  list all exist plugins
  -p PORT, --port PORT        target port
  -t THREAD, --thread THREAD  number of thread, default 5
  -e, --error                 show error message of plugins
  -o OUTPUT, --output OUTPUT  report dir
  -f FORMAT, --format FORMAT  report format, html/json/csv

Example

List all exist plugins.

raphael.py -l

2021-12-30 18:54:01,128 | INFO  | Raphael Start ~
2021-12-30 18:54:01,130 | INFO  | plugin path: /Raphael/plugins
All Plugins:
  plugins.port
  plugins.log4j_cve_2021_44228
  plugins.grafana_cve_2021_43798
  plugins.mongo_unauth
  plugins.redis_unauth
  plugins.http_banner
  plugins.oxid
  plugins.memcached_unauth
  plugins.apisix_cve_2021_45232
  plugins.zookeeper_unauth
  plugins.thinkphp

Detect unauthorized access vulnerability.

raphael.py -u 192.168.1.1/24 -k unauth -t 50

2021-12-30 18:58:27,072 | INFO  | Raphael Start ~
2021-12-30 18:58:27,074 | INFO  | convert ip segment into ip address
2021-12-30 18:58:27,080 | INFO  | found 4 plugin:
  plugins.mongo_unauth
  plugins.redis_unauth
  plugins.memcached_unauth
  plugins.zookeeper_unauth
2021-12-30 18:58:27,084 | INFO  | raphael got total 1024 tasks
2021-12-30 18:58:27,084 | INFO  | run task in 50 threads
2021-12-30 18:58:32,109 | INFO  | [+] 192.168.1.128 -> plugins.mongo_unauth -> True
2021-12-30 18:58:32,112 | INFO  | [+] 192.168.1.128 -> plugins.memcached_unauth -> True
2021-12-30 18:58:32,147 | INFO  | [+] 192.168.1.134 -> plugins.redis_unauth -> True
2021-12-30 18:58:37,691 | INFO  | total 3 result
2021-12-30 18:58:37,691 | INFO  | report path: output/raphael.html
2021-12-30 18:58:37,692 | INFO  | Finished at: 2021-12-30 18:58:37
2021-12-30 18:58:37,693 | INFO  | Total: 10.621082067489624 s

Port Scan.

raphael.py -u 192.168.1.128 -k port

2021-12-30 18:59:27,309 | INFO  | Raphael Start ~
2021-12-30 18:59:27,311 | INFO  | convert ip segment into ip address
2021-12-30 18:59:27,313 | INFO  | found 1 plugin:
  plugins.port
2021-12-30 18:59:27,314 | INFO  | raphael got total 1 tasks
2021-12-30 18:59:27,314 | INFO  | run task in 5 threads
2021-12-30 18:59:35,892 | INFO  | [+] 192.168.1.128 -> plugins.port -> [22, 53, 2181, 11211, 27017]
2021-12-30 18:59:36,003 | INFO  | total 1 result
2021-12-30 18:59:36,003 | INFO  | report path: output/raphael.html
2021-12-30 18:59:36,007 | INFO  | Finished at: 2021-12-30 18:59:36
2021-12-30 18:59:36,007 | INFO  | Total: 8.698265790939331 s

Report

HTML Report:

report

Plugin development

Write your own plugin with python, and then put it into the plugins directory.

plugin template:

def run(host, **kwargs):
    result = "vulnerable"
    # do something
    return result

e.g.

redis_unauth.py

Owner
b4zinga
b4zinga
Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python.

Venom Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python. Report Bug · Request Feature Contributing Well,

PndaBoi 25 Dec 06, 2022
Python Library For Ethical Hacker

Python Library For Ethical Hacker

11 Nov 03, 2022
Now patched 0day for force reseting an accounts password

Animal Jam 0day No-Auth Force Password Reset via API Now patched 0day for force reseting an accounts password Used until patched to cause anarchy. Pro

IRIS 10 Nov 17, 2022
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly

136 Dec 13, 2022
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Horizon 3 AI Inc 210 Dec 31, 2022
A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

Hamza 64 Oct 18, 2022
Open source vulnerability DB and triage service.

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

Google 893 Jan 04, 2023
Sonoff NSPanel protocol and hacking information. Tasmota Berry driver for NSPanel

NSPanel Hacking Sonoff NSPanel protocol and hacking information and Tasmota Berry driver. NSPanel protocol manual Tasmota driver nspanel.be Installati

blakadder 98 Dec 26, 2022
An ARP Spoofer attacker for windows to block away devices from your network.

arp0_attacker An ARP Spoofer-attacker for Windows -OS to block away devices from your network. INFO Built in Python 3.8.2. arp0_attackerx.py is Upgrad

Wh0_ 15 Mar 17, 2022
A Safer PoC for CVE-2022-22965 (Spring4Shell)

Safer_PoC_CVE-2022-22965 A Safer PoC for CVE-2022-22965 (Spring4Shell) Functionality Creates a file called CVE_2022-22965_exploited.txt in the tomcat

Colin Cowie 46 Nov 12, 2022
🐝 ℹ️ Honeybee extension for export to IES-VE gem file format

honeybee-ies Honeybee extension for export a HBJSON file to IES-VE GEM file format Installation pip install honeybee-ies QuickStart import pathlib fro

Ladybug Tools 4 Jul 12, 2022
JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you. Although it may not work with high degrees of obfuscation, it's a pretty nice tool to help you even if it's j

Quatrecentquatre 3 May 01, 2022
This is a simple Port Flooder written in Python 3.

This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.

Júlio Carneiro 4 Feb 20, 2022
Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T

Microsoft 823 Dec 21, 2022
This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

26 Dec 26, 2022
Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Astro 9 Sep 27, 2022
zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

AnonyminHack5 13 Nov 03, 2022
This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

cris_0xC0 11 Dec 17, 2022
Tools Crack Fb Terbaru

Tools Crack Fb Terbaru

Jeeck 12 Jan 06, 2022