Project Eagle is a plugin-based vulnerability scanner used to detect low-severity errors.
Conditions
- Python> = 3.6
- Install python libraries
$ python3 -m pip install -r requirements.txt
- Works on Windows and Linux
Use
Attack online target
$ python3 main.py -f domains.txt –ping
Basic use
$ python3 main.py -f domains.txt
Advanced use
$ python3 main.py -f domains.txt -w 10 –db output.db.json
Specifications
- CRLF
- Sensitive files eg (.git, info.php ..)
- Subdomain takeover
- Anonymous FTP login
- S3 buckets misconfiguration including automatic takeover and upload
- HTTP Request Smuggling
- Firebase misconfiguration
- Senstive information disclosure eg (API Keys, Secrets ..) including JS files and HTML pages
- Missing SPF Records
- Path Traversal
- PHP-CGI - CVE_2012_1823
- Shell Shock - CVE_2014_6271
- Struts RCE - CVE_2018_11776
- WebLogic RCE - CVE_2019_2725
- Confluence LFI - CVE_2019_3396
- Ruby on Rails LFI - CVE_2019_5418
- Atlassian SSRF - CVE_2019_8451
- Apache Httpd mod_rewrite - CVE_2019_10098
You can download it program from here.