Raccoon - Offensive Security Tool for Reconnaissance and Information Gathering


Raccoon adalah Tools yang dibuat dengan bahasa python versi 3.5 untuk melakukan pengintaian dan pengumpulan informasi dengan penekanan pada kesederhanaan.
Raccoon Memiliki kemampuan untuk melakukan apa saja mulai dari mengambil data DNS, mengambil informasi WHOIS, memperoleh data TLS, mendeteksi keberadaan WAF dan hingga pencacahan dir yang dirangkaikan dan subdomain. Setiap hasil pemindaian ke file yang sesuai.

Lebih lengkapnya dibawah adalah daftar nya

Features

  • DNS details
  • DNS visual mapping using DNS dumpster
  • WHOIS information
  • TLS Data - supported ciphers, TLS versions, certificate details and SANs
  • Port Scan
  • Services and scripts scan
  • URL fuzzing and dir/file detection
  • Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce
  • Web application data retrieval
    • CMS detection
    • Web server info and X-Powered-By
    • robots.txt and sitemap extraction
    • Cookie inspection
    • Extracts all fuzzable URLs
    • Discovers HTML forms
    • Retrieves all Email addresses
    • Scans target for vulnerable S3 buckets and enumerates them for sensitive files
  • Detects known WAFs
  • Supports anonymous routing through Tor/Proxies
  • Uses asyncio for improved performance
  • Saves output to files - separates targets by folders and modules by files

Roadmap and TODOs


  • Support multiple hosts (read from file)
  • Rate limit evasion
  • OWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.)
  • IP ranges support
  • CIDR notation support
  • More output formats

Installasi

Ketergantungan Tools
Raccoon Memerlukan Nmap untuk memindai port serta memanfaatkan beberapa skrip dan fitur Nmap lainnya. Anda harus menginstalnya sebelum menjalankan Raccoon.  OpenSSL juga digunakan untuk scan TLS / SSL dan harus diinstal juga.

Raccoon memiliki 2 cara installasi yaitu menggunakan pip dan manual install dan dalam pengunaan atau pemangilannya berbeda.

1. Install menggunakan pip

   

    root@kali~# pip3 install raccoon-scanner

    # Menjalakannya

    root@kali~# raccoon [OPTIONS]

   

2. Manual Install

   

   root@kali~# git clone https://github.com/evyatarmeged/Raccoon.git

   root@kali~# cd Raccoon python raccoon_src/main.py

   


Cara Mulai Menggunakan


Usage: raccoon [OPTIONS]



Options:

  --version                      Show the version and exit.

  -t, --target TEXT              Target to scan  [required]

  -d, --dns-records TEXT         Comma separated DNS records to query.

                                 Defaults to: A,MX,NS,CNAME,SOA,TXT

  --tor-routing                  Route HTTP traffic through Tor (uses port

                                 9050). Slows total runtime significantly

  --proxy-list TEXT              Path to proxy list file that would be used

                                 for routing HTTP traffic. A proxy from the

                                 list will be chosen at random for each

                                 request. Slows total runtime

  -c, --cookies TEXT             Comma separated cookies to add to the

                                 requests. Should be in the form of key:value

                                 Example: PHPSESSID:12345,isMobile:false

  --proxy TEXT                   Proxy address to route HTTP traffic through.

                                 Slows total runtime

  -w, --wordlist TEXT            Path to wordlist that would be used for URL

                                 fuzzing

  -T, --threads INTEGER          Number of threads to use for URL

                                 Fuzzing/Subdomain enumeration. Default: 25

  --ignored-response-codes TEXT  Comma separated list of HTTP status code to

                                 ignore for fuzzing. Defaults to:

                                 302,400,401,402,403,404,503,504

  --subdomain-list TEXT          Path to subdomain list file that would be

                                 used for enumeration

  -sc, --scripts                 Run Nmap scan with -sC flag

  -sv, --services                Run Nmap scan with -sV flag

  -f, --full-scan                Run Nmap scan with both -sV and -sC

  -p, --port TEXT                Use this port range for Nmap scan instead of

                                 the default

  --vulners-nmap-scan            Perform an NmapVulners scan. Runs instead of

                                 the regular Nmap scan and is longer.

  --vulners-path TEXT            Path to the custom nmap_vulners.nse script.If

                                 not used, Raccoon uses the built-in script it

                                 ships with.

  -fr, --follow-redirects        Follow redirects when fuzzing. Default: False

                                 (will not follow redirects)

  --tls-port INTEGER             Use this port for TLS queries. Default: 443

  --skip-health-check            Do not test for target host availability

  --no-url-fuzzing               Do not fuzz URLs

  --no-sub-enum                  Do not bruteforce subdomains

  --skip-nmap-scan               Do not perform an Nmap scan

  -q, --quiet                    Do not output to stdout

  -o, --outdir TEXT              Directory destination for scan output

  --help                         Show this message and exit.



Kalian juga bisa langsung cek di github dan follow pembuatnya di link ini.

Posting Komentar

0 Komentar