Raphael is a vulnerability scanning tool based on Python3.

Related tags

Security related resourcesRaphael
Overview

Raphael

Raphael是一款基于Python3开发的插件式漏洞扫描工具。

Raphael is a vulnerability scanning tool based on Python3.

Usage

raphael.py -h

2021-12-30 18:54:32,198 | INFO  | Raphael Start ~
usage: raphael.py [-h] [-u HOST] [-k PLUGIN] [-l] [-p PORT] [-t THREAD] [-e] [-o OUTPUT] [-f FORMAT]

optional arguments:
  -h, --help                  show this help message and exit
  -u HOST, --host HOST        target host or file
  -k PLUGIN, --plugin PLUGIN  filter plugins by keyword
  -l, --list                  list all exist plugins
  -p PORT, --port PORT        target port
  -t THREAD, --thread THREAD  number of thread, default 5
  -e, --error                 show error message of plugins
  -o OUTPUT, --output OUTPUT  report dir
  -f FORMAT, --format FORMAT  report format, html/json/csv

Example

List all exist plugins.

raphael.py -l

2021-12-30 18:54:01,128 | INFO  | Raphael Start ~
2021-12-30 18:54:01,130 | INFO  | plugin path: /Raphael/plugins
All Plugins:
  plugins.port
  plugins.log4j_cve_2021_44228
  plugins.grafana_cve_2021_43798
  plugins.mongo_unauth
  plugins.redis_unauth
  plugins.http_banner
  plugins.oxid
  plugins.memcached_unauth
  plugins.apisix_cve_2021_45232
  plugins.zookeeper_unauth
  plugins.thinkphp

Detect unauthorized access vulnerability.

raphael.py -u 192.168.1.1/24 -k unauth -t 50

2021-12-30 18:58:27,072 | INFO  | Raphael Start ~
2021-12-30 18:58:27,074 | INFO  | convert ip segment into ip address
2021-12-30 18:58:27,080 | INFO  | found 4 plugin:
  plugins.mongo_unauth
  plugins.redis_unauth
  plugins.memcached_unauth
  plugins.zookeeper_unauth
2021-12-30 18:58:27,084 | INFO  | raphael got total 1024 tasks
2021-12-30 18:58:27,084 | INFO  | run task in 50 threads
2021-12-30 18:58:32,109 | INFO  | [+] 192.168.1.128 -> plugins.mongo_unauth -> True
2021-12-30 18:58:32,112 | INFO  | [+] 192.168.1.128 -> plugins.memcached_unauth -> True
2021-12-30 18:58:32,147 | INFO  | [+] 192.168.1.134 -> plugins.redis_unauth -> True
2021-12-30 18:58:37,691 | INFO  | total 3 result
2021-12-30 18:58:37,691 | INFO  | report path: output/raphael.html
2021-12-30 18:58:37,692 | INFO  | Finished at: 2021-12-30 18:58:37
2021-12-30 18:58:37,693 | INFO  | Total: 10.621082067489624 s

Port Scan.

raphael.py -u 192.168.1.128 -k port

2021-12-30 18:59:27,309 | INFO  | Raphael Start ~
2021-12-30 18:59:27,311 | INFO  | convert ip segment into ip address
2021-12-30 18:59:27,313 | INFO  | found 1 plugin:
  plugins.port
2021-12-30 18:59:27,314 | INFO  | raphael got total 1 tasks
2021-12-30 18:59:27,314 | INFO  | run task in 5 threads
2021-12-30 18:59:35,892 | INFO  | [+] 192.168.1.128 -> plugins.port -> [22, 53, 2181, 11211, 27017]
2021-12-30 18:59:36,003 | INFO  | total 1 result
2021-12-30 18:59:36,003 | INFO  | report path: output/raphael.html
2021-12-30 18:59:36,007 | INFO  | Finished at: 2021-12-30 18:59:36
2021-12-30 18:59:36,007 | INFO  | Total: 8.698265790939331 s

Report

HTML Report:

report

Plugin development

Write your own plugin with python, and then put it into the plugins directory.

plugin template:

def run(host, **kwargs):
    result = "vulnerable"
    # do something
    return result

e.g.

redis_unauth.py

Owner
b4zinga
b4zinga
GitHub Repository
A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

Zhe 1 Dec 28, 2021
Scanning for CVE-2021-44228

Filesystem log4j_scanner for windows and Unix. Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571 Requires a minimum of Python 2.7. Can be ex

Brett England 4 Jan 09, 2022
A semi-automatic osint/recon framework.

Smog Framework A semi-automatic osint/recon framework. Requirements git Python = 3.8 How to use it

toast 22 Oct 17, 2022
This is a keylogger in python for Windows, Mac and Linux!

Python-Keylogger This is a keylogger in python for Windows, Mac and Linux! #How to use it by downloading the zip file? Download the zip file first The

Zeus_Dxvxm 2 Nov 12, 2021
cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点 分析可见: https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构

xnianq 105 Nov 22, 2022
A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution

CVE-2012-2982 John Hammond | September 4th, 2021 Checking searchsploit for Webmin 1.580 I only saw a Metasploit module for the /file/show.cgi Remote C

John Hammond 25 Dec 08, 2022
MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

Joe Helle 150 Jan 03, 2023
Brute smb share - Brute force a SMB share

brute_smb_share I wrote this small PoC after bumping into SMB servers where Hydr

devloop 3 Feb 21, 2022
Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk

Repo for "The Crown: Exploratory Analysis of Nim Malware" DEF CON 615 talk

HuskyHacks 43 Dec 03, 2022
Provides script to download and format public IP lists related to the Log4j exploit.

Provides script to download and format public IP lists related to the Log4j exploit. Current format includes: plain list, Cisco ASA Network Group.

Gianluca Ulivi 1 Jan 02, 2022
Colin O'Flynn's Hacakday talk at Remoticon 2021 support repo.

Hardware Hacking Resources This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021. You can see the very sketchy

Colin O'Flynn 19 Sep 12, 2022
PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests.

PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. In 1st request, gets token of captcha and in 2nd request,

253 Jan 05, 2023
This repository is one of a few malware collections on the GitHub.

This repository is one of a few malware collections on the GitHub.

Andrew 1.7k Dec 28, 2022
CTF framework and exploit development library

pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo

Gallopsled 9.8k Dec 31, 2022
Deltaspy - an advanced keylogger that can send keylogs and screenshots to gmail

Deltaspy Deltaspy is a advanced keylogger which sends keylogs and screenshot to

Praanesh S 1 Dec 31, 2021
Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

ru55o 2 Oct 31, 2022
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

XnuxersXploitXen 6 Dec 24, 2022
USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

Binary.club 2 Jan 24, 2022
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

Cowrie 4.1k Jan 09, 2023
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze SSLyze is a fast and powerful SSL/TLS scanning tool and Python library. SSLyze can analyze the SSL/TLS configuration of a server by connecting

Alban Diquet 2.8k Jan 03, 2023