Hello and welcome to GitcodeX
In this article you will learn about web application Vulnerability Scanner tool for Kali linux "Recox".
Recox combines numerous methods to form the ultimate web application reconnaissance tool. The main aim of the script is to find and then classify vulnerabilities within web applications. With its in-depth mechanism, it can help the user find unexpected vulnerabilities which are normally overlooked by other web application scanners.
Recox: Web Application Vulnerability Finder
Recox automated numerous functions required in a manual penetration test to help the user save time and focus on the real issues instead. Some of these functions include:
Deep – Dom Scanner
– Subdomain takeover
– Passive Scan
– Active Scan
– CORS Misconfiguration
– Zone Transfer Test
– Web Content Discovery
Deep JS Analysis
Involves the extraction of source link and parameters inside the webpage.
– Static Analysis (SAST)
– Dynamic Analysis (DAST)
Web – Info
Comprises of three check-ups (not as technical as previous 2):
– DNS Record Extraction
– Subdomain
– Web of Trust (WOT)
The information is gathered recursively from each subdomain and IP address. After the web application is scanned, the various vulnerabilities are then presented to the user through the command line interface.
Features:
- Instead of performing a manual penetration test, the user can run this tool instead to find the vulnerabilities within the web application.
- This tool is easy to install and use.
- Finds uncommon vulnerabilities which are outside the OWASP top ten list of most common vulnerabilities.
- Saves significant amount of time for the user.
Supported Platforms:
- Linux
Requirements:
- None
Install :
Clone the GitHub repo:
$ git clone https://github.com/samhaxr/recox
Recox Usage
Enter the following commands:
$ chmod +x recox.sh $ ./recox.sh
Welcome Screen
██████╗ ███████╗ ██████╗ ██████╗ ██╗ ██╗ ██╔══██╗██╔════╝██╔════╝██╔═══██╗╚██╗██╔╝ ██████╔╝█████╗ ██║ ██║ //██║ ╚███╔╝ ██╔══██╗██╔══╝ ██║ ██║// ██║ ██╔██╗ ██║ ██║███████╗╚██████╗╚██████╔╝██╔╝ ██╗ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ Twitter: @sulemanmalik_3 V1.0 ----------------------------------------------- DONE [######################### 100%] [!] VirusTotal API OK [!] Shodan API OK [1] Deep-Dom Scanner [2] Deep-JS [3] Web-Info [0] Exit
To run the Recox from anywhere in the terminal, use the following command:
$ mv recox.sh /usr/local/bin/recox
Download :
https://github.com/samhaxr/recox
If you Guys have any Quary regarding this tool Please feel free to ask in Comment Section.
Thank you for Reading ; )
Post a Comment