Project Eagle is a plugin based vulnerabilities scanner with threading support used for detection of low-hanging bugs on mass scale
.---. .-----------
/ \ __ / ------
/ / \( )/ -----
////// ' \/ ` --- Multipurpose vulnerability scanner
//// / // : : --- v1.0b
/ / / /` '-- 2019-2020
//..\\
====UU====UU====
'//||\\`
''``
Project Eagle
Requirements
- Python >= 3.6
- Install python libraries
$ python3 -m pip install -r requirements.txt
- Works on Windows and Linux however windows is not the primary platform
Usage
This mode is only for checking online targets
$ python3 main.py -f domains.txt --ping
Basic usage
$ python3 main.py -f domains.txt
domains.txt
: is a text file containing host names or ips, new line separated
$ python3 main.py -f domains.txt -w 10 --db output.db.json
domains.txt
: is a text file containing host names or ips, new line separatedoutput.db.json
: json formated output of the tool (will be used to restore state in future releases)10
: is the number of working threads. keep in mind, workers are able to start workers for their work not limited by this number
$ python3 main.py ...args -v*?
v
: success, warning vv
: success, warning, error vvv
: all suppored messages
Features
- CRLF
- Senstive files e.g(
.git
,info.php
..) - Subdomain takeover
- Anonymous FTP login
- S3 buckets misconfiguration including automatic takeover and upload
- HTTP Request Sumggling
- Firebase database misconfiguration
- Senstive information disclosure e.g(
API Keys
,Secrets
..) including JS files and HTML pages - Missing SPF Records
- Path Traversal
- PHP-CGI – CVE_2012_1823
- Shell Shock – CVE_2014_6271
- Struts RCE – CVE_2018_11776
- WebLogic RCE – CVE_2019_2725
- Confluence LFI – CVE_2019_3396
- Ruby on Rails LFI – CVE_2019_5418
- Atlassian SSRF – CVE_2019_8451
- Apache Httpd mod_rewrite – CVE_2019_10098
Eagle (this link opens in a new window) by BitTheByte (this link opens in a new window)
yet another vulnerability scanner