{"id":13843271,"url":"https://github.com/c0dejump/HawkScan","last_synced_at":"2025-07-11T18:31:16.058Z","repository":{"id":45467895,"uuid":"161504220","full_name":"c0dejump/HawkScan","owner":"c0dejump","description":"Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)","archived":false,"fork":false,"pushed_at":"2023-08-21T07:28:20.000Z","size":2689,"stargazers_count":456,"open_issues_count":1,"forks_count":81,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-05-30T10:17:42.455Z","etag":null,"topics":["bugbounty","fuzzer","hawkscan","information-gathering","reconnaissance","web"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/c0dejump.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":"c0dejump","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2018-12-12T15:02:26.000Z","updated_at":"2025-05-25T13:36:55.000Z","dependencies_parsed_at":"2024-11-28T04:45:32.460Z","dependency_job_id":null,"html_url":"https://github.com/c0dejump/HawkScan","commit_stats":{"total_commits":75,"total_committers":3,"mean_commits":25.0,"dds":"0.026666666666666616","last_synced_commit":"baddeb1d61b85e08f8a1ea00c99f4a27be2e675f"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/c0dejump/HawkScan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0dejump%2FHawkScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0dejump%2FHawkScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0dejump%2FHawkScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0dejump%2FHawkScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/c0dejump","download_url":"https://codeload.github.com/c0dejump/HawkScan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0dejump%2FHawkScan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264870159,"owners_count":23676169,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","fuzzer","hawkscan","information-gathering","reconnaissance","web"],"created_at":"2024-08-04T17:01:58.515Z","updated_at":"2025-07-11T18:31:15.620Z","avatar_url":"https://github.com/c0dejump.png","language":"Python","readme":"# HawkScan\n\n[![PyPI version](https://d25lcipzij17d.cloudfront.net/badge.svg?id=py\u0026type=6\u0026v=2.2\u0026x2=0)](https://pypi.org/project/hawkscan)\n[![PyPI Statistics](https://img.shields.io/pypi/dm/hawkscan.svg)](https://pypistats.org/packages/hawkscan)\n[![Twitter](https://img.shields.io/twitter/follow/c0dejump?label=c0dejump\u0026style=social)](https://twitter.com/intent/follow?screen_name=c0dejump)\n\n\n![alt tag](https://github.com/c0dejump/HawkScan/blob/master/static/logo_hawkscan.jpeg)\n\nSecurity Tool for Reconnaissance and Information Gathering on a website. (python 3.x)\n\n- [News](https://github.com/c0dejump/HawkScan/#News)\n- [Installation](https://github.com/c0dejump/HawkScan/#Installation)\n- [Special features](https://github.com/c0dejump/HawkScan/#Special-features)\n- [TODO](https://github.com/c0dejump/HawkScan/#todo)\n- [Usage](https://github.com/c0dejump/HawkScan/#usage)\n- [Exemples](https://github.com/c0dejump/HawkScan/#exemples)\n- [Thanks](https://github.com/c0dejump/HawkScan/#thanks)\n- [Donations](https://github.com/c0dejump/HawkScan/#donations)\n- [Tools used](https://github.com/c0dejump/HawkScan/#tools-used)\n- [Wiki](https://github.com/c0dejump/HawkScan/wiki)\n\n# News v2.x\n    - Add proxy function\n    - Redefining priorities/tasks\n    - Let's debug certificate subdomains results\n    - Display the current bypass number during scan (\"CB:\")\n    - Easter egg for xmas :)\n    - Option -nfs (not first step) to pass the first recon steps\n    - Google CSE before scan\n    - Creation of WIKI\n    - Detecting potential path disclosure into html webpage\n    - Detecting potential hidden directory\n*(for more details go on CHANGELOG.md)* \n \n# Installation\n``` \n\n       - git clone https://github.com/c0dejump/HawkScan.git \u0026\u0026 sudo python3 HawkScan/setup.py install\n       \n       - pip(3) install -r requirements.txt \n    \n       - python3 -m pip install -r requirements.txt\n\n``` \n\n# Special features\n\n### Before scan\n - [x] Check header information\n - [x] Check DNS information\n - [x] Check Github\n - [x] CMS detection + version and vulns\n - [x] Check in waybackmachine\n - [x] Check if DataBase firebaseio existe and accessible\n - [x] Testing if it's possible scanning with \"localhost\" host\n - [x] Check Google Dork \n - [x] Check Host IP\n - [x] Check backup domain name (ex: www.domain.com/domain.zip)\n - [x] Check socketio connection\n - [x] cse google search (buckets...)\n\n### During - After scan\n - [x] Test backup/old file on all the files found (index.php.bak, index.php~ ...)\n - [x] Backup system (if the script stopped, it take again in same place)\n - [x] WAF detection and Response error to WAF + Testing bypass it\n - [x] Option --exclude to exclude page, code error, bytes\n - [x] Option rate-limit if app is unstable (--timesleep)\n - [x] Search S3 buckets in source code page\n - [x] Try differents bypass for 403/401 code error\n - [x] JS parsing and analysis (option --js)\n - [x] Auto resize relative to window\n - [x] Notify when scan completed (Only work on Linux)\n - [x] Multiple output format. Available formats: json, csv, txt\n - [x] Multiple website scanning\n - [x] Prefix filename (old_, copy of...)\n - [x] Detecting potential path disclosure into html webpage\n\n\n# TODO \n**P1 is the most important**\n\n [WIP] Multiple exclude like: --exclude 403,1337b [P1] [In progress] (see [Exemples](https://github.com/c0dejump/HawkScan/#exemples))   \n [WIP] Anonymous routing through some proxy (http/s proxy list) [P1] [In progress]\n [WIP] Re-build resport scan [P1]\n [WIP] HExHTTP replace \"header information\" before scan\n - [ ] asyncio instead of threading ? [PX]\n - [ ] Add crt.sh to check potential hidden subdomain (with letdebug module ?) [PX]\n - [ ] Push results into DB [P2]\n - [ ] If re-scan a website with an existing folder, just doing a diff btw the scan to the folder (like) // interesting ? [P2]\n - [ ] Pre-run to check the waf sensitive (by proxy with 40 threads for exemple) // add proxy funtion [P2]\n - [ ] Check source code and verify leak or sensitive data in Github // Other tool ? [P3]\n - [ ] Scan API endpoints/informations leaks [P3]\n\n# Usage\n  \n```\n     \n    usage: hawkscan.py [-h] [-u URL] [-f FILE_URL] [-t THREAD] [--exclude EXCLUDE [EXCLUDE ...]] [--auto] [--update] [-w WORDLIST] [-b [BACKUP ...]] [-p PREFIX] [-H HEADER_] [-a USER_AGENT] [--redirect] [--auth AUTH] [--timesleep TS] [--proxie PROXIE] [-r] [-s SUBDOMAINS] [--js] [--nfs] [--ffs] [--notify] [-o OUTPUT] [-of OUTPUT_TYPE]    \n \n```\n\n``` \n\u003e General:\n    -u URL                URL to scan [required]\n    -f FILE_URL           file with multiple URLs to scan\n    -t THREAD             Number of threads to use for URL Fuzzing. Default: 30\n    --exclude EXCLUDE [EXCLUDE ...] Exclude page, response code, response size. (Exemples: --exclude 500,337b)   \n    --auto                Automatic threads depending response to website. Max: 30\n    --update              For automatic update\n    --lightmode           For a just simple fuzzing 1 request per second \u0026 a new session for each request\n\n\n\u003e Wordlist Settings:\n    -w WORDLIST           Wordlist used for Fuzzing the desired webite. Default: dichawk.txt     \n    -b                    Adding prefix/suffix backup extensions during the scan. (Exemples: exemple.com/~ex/, exemple.com/ex.php.bak...) /!\\ beware, take more longer\n    -p PREFIX             Add prefix in wordlist to scan\n\n\u003e Request Settings:             \n    -H HEADER_            Modify header. (Exemple: -H \"cookie: test\")    \n    -a USER_AGENT         Choice user-agent. Default: Random    \n    --redirect            For scan with redirect response (301/302)      \n    --auth AUTH           HTTP authentification. (Exemples: --auth admin:admin)               \n    --timesleep TS        To define a timesleep/rate-limit if app is unstable during scan.\n\n\u003e Tips:            \n    -r                    Recursive dir/files      \n    -s SUBDOMAINS         Subdomain tester         \n    --js                  For try to found keys, token, sensitive endpoints... in the javascript page\n    --nfs                 Not the first step of scan during the first running (waf, vhosts, wayback etc...)    \n    --ffs                 Force the first step of scan during the first running (waf, vhosts, wayback etc...)              \n    --notify              For receveid notify when the scan finished (only work on linux)\n\n\u003e Export Settings:                    \n    -o OUTPUT             Output to site_scan.txt (default in website directory)     \n    -of OUTPUT_TYPE       Output file format. Available formats: json, csv, txt           \n```\n\n# Examples\n\n```\n    //Basic\n     python hawkscan.py -u https://www.exemple.com/\n\n    //With specific dico\n     python hawkscan.py -u https://www.exemple.com/ -w dico_extra.txt\n\n    //with 30 threads\n     python hawkscan.py -u https://www.exemple.com/ -t 30\n\n    //With backup files scan\n     python hawkscan.py -u https://www.exemple.com/ -b\n\n    //With an exclude page\n     python hawkscan.py -u https://www.exemple.com/ --exclude profile.php\n\n    //With an exclude response code\n     python hawkscan.py -u https://www.exemple.com/ --exclude 403\n\n    //With an exclude bytes number\n     python hawkscan.py -u https://www.exemple.com/ --exclude 1337b \n\n    //With two excludes type\n     python hawkscan.py -u https://www.exemple.com/ --exclude 1337b,403\n\n```\n\n# Thanks\nLayno (https://github.com/Clayno/) [Technical helper]      \nSanguinarius (https://twitter.com/sanguinarius_Bt) [Technical helper]  \nJamb0n69 (https://twitter.com/jamb0n69) [Technical helper]           \nCyber_Ph4ntoM (https://twitter.com/__PH4NTOM__) [Beta tester \u0026 Logo Graphist]\n\n\n# Donations\n\nhttps://www.paypal.me/c0dejump\n\nOr if you want to offer me a coffee :)\n\nhttps://ko-fi.com/c0dejump\n\n\n## Tools used\n\nThis script use \"WafW00f\" to detect the WAF in the first step (https://github.com/EnableSecurity/wafw00f)\n\nThis script use \"Sublist3r\" to scan subdomains (https://github.com/aboul3la/Sublist3r)\n","funding_links":["https://ko-fi.com/c0dejump","https://www.paypal.me/c0dejump"],"categories":["Python","Python (1887)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc0dejump%2FHawkScan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fc0dejump%2FHawkScan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc0dejump%2FHawkScan/lists"}