Red Hawk: Comprehensive Information Gathering & Vulnerability Scanning in Kali Linux

Table of Contents#

Introduction to Red Hawk
Key Features of Red Hawk
Installation Guide
Basic Command Structure
Practical Usage Examples
Interpreting Scan Results
Best Practices for Effective Scanning
Limitations and Mitigations
Conclusion
References

Key Features of Red Hawk#

Multi-Engine Reconnaissance:
- DNS record enumeration (A, MX, TXT, NS)
- Subdomain discovery via Google, VirusTotal, Netcraft
- WHOIS data retrieval
- GeoIP location mapping
- Web server fingerprinting (Server, WAF)
Vulnerability Detection:
- Automated SQL Injection scanning (sqlmap integration)
- Crawler-based XSS/LFI detection
- Open port identification with service banners
Output Formats:
- HTML reports (with visual graphs)
- Text-based summaries
- Scan logs for auditing
Third-Party API Integration:
- Built-in support for VirusTotal, Shodan, and HaveIBeenPwned APIs

Installation Guide#

Red Hawk is not pre-installed on Kali Linux. To install:

# Clone the repository
git clone https://github.com/Tuhinshubhra/RED_HAWK
 
# Navigate to directory
cd RED_HAWK
 
# Install PHP dependencies
sudo apt install php php-curl php-xml
 
# Run the tool
php rhawk.php

Basic Command Structure#

php rhawk.php [Options] [Target]

Common Options:#

Option	Description
`-d [domain]`	Target domain (e.g., example.com)
`-f [file]`	Scan targets from a file
`-s`	Enable SQL vulnerability scanning
`-p [proxy:port]`	Use proxy (e.g., 127.0.0.1:8080)
`-r`	Full reconnaissance (DNS/Subdomain/Whois/WAF)

Practical Usage Examples#

Example 1: Domain Information Gathering#

Perform basic DNS/WAF/WHOIS lookup:

php rhawk.php -d example.com

Output includes:

DNS records
WHOIS registrant details
Web Application Firewall (WAF) detection
Open ports/services via Nmap

Example 2: Full Reconnaissance Scan#

Enable SQLi scanning and subdomain enumeration:

php rhawk.php -d example.com -s -r

This triggers:

Subdomain discovery with Sublist3r
SQLi tests on discovered URLs
Port scanning (top 1000 ports)
HTML report generation at results/example.com.html

Example 3: Using a Proxy#

Route traffic via Burp Suite:

php rhawk.php -d example.com -p 127.0.0.1:8080

Interpreting Scan Results#

Red Hawk generates structured reports in /results:

WHOIS Data: Registrant names, emails, and expiry dates (potential for social engineering)
Subdomains: Highlighted critical hosts (e.g., dev.example.com)

SQLi Vulnerabilities:

[SQLi] Parameter: id (POST)  
Payload: admin' AND SLEEP(5)--  
Status: VULNERABLE

WAF Detection:
WAF: Cloudflare (Confirmed)

Open Ports:

PORT   STATE SERVICE   VERSION  
80/tcp open  http      Apache 2.4.41

Best Practices for Effective Scanning#

Legal Compliance:
- Obtain written permission before scanning ANY target.
- Use localhost or authorized VPS environments for practice.
Scan Optimization:
- Use -p with Burp Suite to debug false positives.
- Limit scans to business hours for production systems.
- Combine with -o (custom output directory) for organization.
False Positive Mitigation:
- Manually verify SQLi/XSS findings with sqlmap or Burp Repeater.
- Correlate port results with Nmap -sV for service validation.
API Integration:
Add your VirusTotal API key in api.php to bypass rate limits:
```
define('VT_API', 'your_api_key_here');
```

Limitations and Mitigations#

Limitation	Mitigation
Limited to basic SQLi/XSS checks	Pair with OWASP ZAP for advanced tests
No brute-force capabilities	Integrate with `ffuf` or `gobuster`
Slow subdomain enumeration	Use `amass` for large-scale recon
False positives in vuln scans	Manually verify critical findings

Conclusion#

Red Hawk provides a streamlined approach to reconnaissance and initial vulnerability scanning for Kali Linux users. While its consolidated outputs and ease of use make it ideal for quick audits, professionals should combine it with specialized tools like nmap, sqlmap, and Burp Suite for thorough engagements. Always adhere to ethical guidelines—unauthorized scanning is illegal.