Skip to main content

Ragno Passive URL Crawler - Python Module

Project description

Ragno Logo

Ragno is a Passive URL Crawler | Written in Python3 | Fetches URLs from the Wayback Machine, AlienVault's Open Threat Exchange & Common Crawl

Disclaimer

:computer: This project was created only for good purposes and personal use.

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.

Features

  • Works on Windows/Linux/MacOS
  • Passive Crawler (Does not intract with target directly)
  • Crawl URLs from 3 Sources i.e.
Crawl URLs from
Wayback Machine
Common Crawl
AlienVault's OTX (Open Threat Exchange)
  • DeepCrawl Feature (If Enabled, then Ragno try to fetch URLs from all 74+ CommonCrawl APIs)
  • MultiThreading (Only Used When DeepCrawl Feature is Enabled)
  • Result of Subdomains could be excluded & included via CommandLine Argument (i.e. -s)
  • Save Result in TXT File
  • Quiet Mode

How To Use in Linux

# Installing using pip
$ pip3 install Ragno

# Checking Help Menu
$ ragno --help

# Run Normal (Fast) Crawl
$ ragno -d target.com 

# Run Normal (Fast) Crawl + Saving Result
$ ragno -d target.com -o result.txt

# Run Normal (Fast) Crawl + Saving Result + Quiet Mode (Without Showing URLs on screen)
$ ragno -d target.com -o result.txt -q

# Run Deep Crawl + Saving Result + Quiet Mode (Without Showing URLs on screen)
$ ragno -d target.com -o result.txt -q --deepcrawl

How To Use in Windows

# Install dependencies 
$ Install latest python 3.x from Official Site (https://www.python.org/downloads/)

# Installing ragno using pip
$ pip install Ragno

# Checking Help Menu
$ ragno --help

# Run Normal (Fast) Crawl
$ ragno -d target.com 

# Run Normal (Fast) Crawl + Saving Result
$ ragno -d target.com -o result.txt

# Run Normal (Fast) Crawl + Saving Result + Quiet Mode (Without Showing URLs on screen)
$ ragno -d target.com -o result.txt -q

# Run Deep Crawl + Saving Result + Quiet Mode (Without Showing URLs on screen)
$ ragno -d target.com -o result.txt -q --deepcrawl

Available Arguments

  • Optional Arguments
Short Hand Full Hand Description
-h --help show this help message and exit
-o OUTPUT --output OUTPUT Save Result in TXT file
-s --subs Include Result of Subdomains
-q --quiet Run Scan Without printing URLs on screen
--deepcrawl Uses All Available APIs of CommonCrawl for Crawling URLs [Takes Time]
-t THREAD --thread THREAD Number of Threads to Used. Default=50 [Use When deepcrawl is Enabled]
  • Required Arguments
Short Hand Full Hand Description
-d DOMAIN --domain DOMAIN Target Domain Name, ex:- google.com

Use Cases

After Finding URLs, you can filter them on the basics of your attack & can Mass Hunt Particular vulnerabilites such as XSS, LFI, Open redirect, SSRF, etc

Example 1: One Liner for Hunting Open Redirect

  • Install qsreplace:
sudo wget https://github.com/tomnomnom/qsreplace/releases/download/v0.0.3/qsreplace-linux-amd64-0.0.3.tgz && sudo tar zvfx qsreplace-linux-amd64-0.0.3.tgz && sudo rm qsreplace-linux-amd64-0.0.3.tgz && sudo mv qsreplace /usr/bin/ && sudo chmod +x /usr/bin/qsreplace
  • Run One Liner
ragno -d testphp.vulnweb.com -q -o ragno_urls.txt && cat ragno_urls.txt | grep -a -i \=http | qsreplace "http://evil.com" | while read target_url do; do curl -s -L $target_url -I | grep "evil.com" && echo "[+] [Vulnerable] $target_url \n"; done
  • You can Use GF Tool by Tomnonnom, to filter URLs with juice parameters, and then you can test them further.

Contribute

  • All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Ragno-1.5.tar.gz (6.9 kB view details)

Uploaded Source

Built Distribution

Ragno-1.5-py3-none-any.whl (7.0 kB view details)

Uploaded Python 3

File details

Details for the file Ragno-1.5.tar.gz.

File metadata

  • Download URL: Ragno-1.5.tar.gz
  • Upload date:
  • Size: 6.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.1

File hashes

Hashes for Ragno-1.5.tar.gz
Algorithm Hash digest
SHA256 0d004f937341ae7e9dfa2183fe10ae965703e448bf48517fc82543ddb3f7c693
MD5 ad53b1e9b41bc8eae55268464b47a0db
BLAKE2b-256 485e2649dad860fb40d163ee9c87595bdadfa92fc712aa0e1ab972f7de11b6fc

See more details on using hashes here.

File details

Details for the file Ragno-1.5-py3-none-any.whl.

File metadata

  • Download URL: Ragno-1.5-py3-none-any.whl
  • Upload date:
  • Size: 7.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.1

File hashes

Hashes for Ragno-1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 1626e5a911eb4367905026fa05aa4cc1bcece92ed98eb382ab8f4bc717a76ad1
MD5 624723c3fddb67b45ee15d84fddfb3aa
BLAKE2b-256 0a9acfde989b699f4bc4c2ebfbc9a2f62724eb97e315b0cde982ccf6a14af163

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page