Analysis updated 2026-05-18
Gather basic recon on a target domain like IP, server, and CMS during a pentest
Scan for subdomains and other sites hosted on the same server
Check WordPress sites for sensitive files and known vulnerabilities
| tuhinshubhra/red_hawk | jsonrainbow/json-schema | orvice/ss-panel | |
|---|---|---|---|
| Stars | 3,655 | 3,631 | 3,611 |
| Language | PHP | PHP | PHP |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 2/5 | 3/5 |
| Audience | developer | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Unmaintained since 2017, some scans may fail against modern sites or PHP versions.
RED HAWK is a command-line tool written in PHP that gathers information about a website and checks it for common security issues. It is designed for penetration testers, who are security professionals hired to probe systems for weaknesses before attackers find them. You point the tool at a domain name and choose which type of scan to run. The basic scan retrieves information like the IP address behind the domain, the web server software the site uses, whether the site is behind Cloudflare (a service that hides the real server location), and what content management system (CMS) the site runs on. WordPress, Joomla, Drupal, and Magento are among the CMSs it can identify. Additional scan types go further. A DNS lookup lists the domain's name server records. A sub-domain scanner searches for additional addresses attached to the same domain. A reverse IP lookup finds other websites hosted on the same server. There is also a port scan (powered by the separate Nmap tool), an error-based SQL injection scanner for finding a common type of database vulnerability, a WordPress-specific scanner that checks for sensitive files and known version vulnerabilities, and a crawler that follows links on a site. The Bloggers View mode is a broader sweep that pulls metrics like Alexa ranking, domain authority, and social media links for a given address. It requires a free API key from moz.com to return authority scores. Installation involves cloning the repository and running the tool with PHP, then typing the built-in fix command to install any missing dependencies. The tool was last updated in 2017 and is no longer under active development, so some features may not work correctly against modern sites or with current PHP versions.
RED HAWK is a PHP command-line tool that scans a website for information and common security weaknesses for penetration testers.
Mainly PHP. The stack also includes PHP, Nmap.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.