Recox: Web Application Vulnerability Scanner


Hello and welcome to GitcodeX


In this article you will learn about web application Vulnerability Scanner tool for Kali linux "Recox".

Recox combines numerous methods to form the ultimate web application reconnaissance tool. The main aim of the script is to find and then classify vulnerabilities within web applications. With its in-depth mechanism, it can help the user find unexpected vulnerabilities which are normally overlooked by other web application scanners.


Recox: Web Application Vulnerability Finder 

Recox automated numerous functions required in a manual penetration test to help the user save time and focus on the real issues instead. Some of these functions include: 

Deep – Dom Scanner

– Subdomain takeover

– Passive Scan

– Active Scan

– CORS Misconfiguration

– Zone Transfer Test

– Web Content Discovery

Deep JS Analysis

Involves the extraction of source link and parameters inside the webpage.

– Static Analysis (SAST)

– Dynamic Analysis (DAST)

Web – Info

Comprises of three check-ups (not as technical as previous 2):

– DNS Record Extraction

– Subdomain

– Web of Trust (WOT)

The information is gathered recursively from each subdomain and IP address. After the web application is scanned, the various vulnerabilities are then presented to the user through the command line interface.

Features:

  • Instead of performing a manual penetration test, the user can run this tool instead to find the vulnerabilities within the web application. 
  • This tool is easy to install and use. 
  • Finds uncommon vulnerabilities which are outside the OWASP top ten list of most common vulnerabilities. 
  • Saves significant amount of time for the user. 

Supported Platforms:

  • Linux

Requirements:

  • None

Install :

Clone the GitHub repo: 

$ git clone https://github.com/samhaxr/recox 

Recox Usage


Enter the following commands: 

$ chmod +x recox.sh  
$ ./recox.sh

Welcome Screen


██████╗ ███████╗ ██████╗ ██████╗ ██╗  ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗╚██╗██╔╝
██████╔╝█████╗ ██║ ██║ //██║ ╚███╔╝
██╔══██╗██╔══╝ ██║ ██║// ██║ ██╔██╗
██║ ██║███████╗╚██████╗╚██████╔╝██╔╝ ██╗
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝

Twitter: @sulemanmalik_3 V1.0
-----------------------------------------------
DONE [######################### 100%]

[!] VirusTotal API OK
[!] Shodan API OK

[1] Deep-Dom Scanner
[2] Deep-JS
[3] Web-Info
[0] Exit


To run the Recox from anywhere in the terminal, use the following command:

$ mv recox.sh /usr/local/bin/recox

Download :


https://github.com/samhaxr/recox


If you Guys have any Quary regarding this tool Please feel free to ask in Comment Section.


Thank you for Reading ; )

Post a Comment

Previous Post Next Post