Eagle – Yet Another Vulnerability Scanner

Venture Eagle is a plugin based vulnerabilities scanner with threading assistance applied for detection of very low-hanging bugs on mass scale

                              .---.        .-----------
                             /       __  /    ------
                            / /     (  )/    -----
                           //////   ' / `   ---      Multipurpose vulnerability scanner
                          //// / // :    : ---                    v1.0b
                          / /   /  /`    '--                    2019-2020
                                    //..           
                               ====UU====UU====       
                                   '//||`           
                                     ''``
                                Project Eagle

Formulated and managed: @BitTheByte Notion: @K4r1it0

Requirements

1. Python >= 3.6
2. Set up python libraries

$ python3 -m pip put in -r requirements.txt

3. Functions on Home windows and Linux nonetheless windows is not the primary system

Utilization

Ping

This manner is only for examining on the web targets

$ python3 principal.py -f domains.txt --ping

Simple usage

$ python3 key.py -f domains.txt

domains.txt: is a text file containing host names or ips, new line separated

State-of-the-art use

$ python3 most important.py -f domains.txt -w 10 --db output.db.json

domains.txt: is a textual content file containing host names or ips, new line separated
output.db.json: json formated output of the resource (will be applied to restore point out in future releases)
10: is the number of operating threads. keep in intellect, workers are equipped to start staff for their perform not minimal by this selection

Debug (verbose) manner

$ python3 main.py ...args -v*?

v: achievement, warning vv: achievements, warning, mistake vvv: all suppored messages

Features

1. CRLF
2. Senstive files e.g(.git, facts.php ..)
3. Subdomain takeover
4. Anonymous FTP login
5. S3 buckets misconfiguration together with automated takeover and upload
6. HTTP Ask for Sumggling
7. Firebase database misconfiguration
8. Senstive facts disclosure e.g(API Keys, Secrets and techniques ..) which includes JS data files and HTML webpages
9. Missing SPF Documents
10. Path Traversal
11. PHP-CGI – CVE_2012_1823
12. Shell Shock – CVE_2014_6271
13. Struts RCE – CVE_2018_11776
14. WebLogic RCE – CVE_2019_2725
15. Confluence LFI – CVE_2019_3396
16. Ruby on Rails LFI – CVE_2019_5418
17. Atlassian SSRF – CVE_2019_8451
18. Apache Httpd mod_rewrite – CVE_2019_10098

TODO-Options

• XSS Detection
• SSRF Attacks
• Platform Delection
• Platform Based attacks
• Computerized Login bruteforce
• Automatic listing bruteforce
• Parameter collecting and fuzzing
• Detecting Error messages
• Capacity to find plugins
• Automatic updates
• Port Scanning and provider detection

Impression and Short article Resource link

Study Much more on Pentesting Instruments