RapidScan is a python based scanning tool used for analyzing vulnerabilities in web applications. The tool is equipped with scanning utilities, such as Nmap, Golismero, Nikto, Uniscan, and Dnsrecon.
The tool runs these utilities to find vulnerabilities in web applications. Some well-known checks performed by the tool include XSS, SQLi, DNS zone transfer, Local File Inclusing (LFI), Remote File Inclusion (RFI), Open directory vulnerabilities, open ports, and SSL related vulnerabilities. The tool not only finds out the vulnerabilities but also classifies them into low, medium, high, and critical categories according to the risk definition.
How to Install The Tool
Installation of RapidScan is a straightforward process. The tool can be installed by cloning the Github repository using the following command.
git clone https://github.com/skavngr/rapidscan.git
The tool can be easily run on Kali Linux. The tool requires minimum python 2.7 and scanning tools like Nmap, Golismero, Nikto, Uniscan, and Dnsrecon . The majority of these tools come pre-installed in Kali Linux.
How to Scan with RapidScan
Once the tool is installed, it can be launched using the following command.
./rapidscan.py <target website>
The tool first verifies the availability of the supported scanning tools, and then performs in-depth scanning of the target web application. The tool performs some 80 vulnerability tests.
If a vulnerability is found, it is displayed in the scanning results along with threat level. The tool also provides background information about the discovered vulnerability and remediation suggestions.
Future Development
The tool developers are working to add some new features like:
– Associating the tool with OWASP
– Executive summaries of the discovered vulnerabilities.
– Automatic deployment of the scanning utilities according to the web applications’ architecture.
– A complete portable report about tools utilized in the scanning process along with the scan results.
What Bunny rating does it get?
RapidScan is a one-step installation tool. It uses multitude of scanning tools for in-depth scanning of the web applications. The tool not only provides information about the risk level but also gives suggestions to remediate the found vulnerabilities. Shortcut keys are available to bypass the scanning phases performed by any tool working under RapidScan. Some scanning phases including port scanning and brute forcing consume a lot of time. We will be rating this tool with 4 out of 5 bunnies.
