Social

Hammer web vulnerability scanner framework ! Scan Vulnerability of Website





What's Hammer?

A web vulnerability scanner framework

Basic usage

   ██░ ██  ▄▄▄       ███▄ ▄███▓ ███▄ ▄███▓▓█████  ██▀███  
  ▓██░ ██▒▒████▄    ▓██▒▀█▀ ██▒▓██▒▀█▀ ██▒▓█   ▀ ▓██ ▒ ██▒
  ▒██▀▀██░▒██  ▀█▄  ▓██    ▓██░▓██    ▓██░▒███   ▓██ ░▄█ ▒
  ░▓█ ░██ ░██▄▄▄▄██ ▒██    ▒██ ▒██    ▒██ ▒▓█  ▄ ▒██▀▀█▄  
  ░▓█▒░██▓ ▓█   ▓██▒▒██▒   ░██▒▒██▒   ░██▒░▒████▒░██▓ ▒██▒
   ▒ ░░▒░▒ ▒▒   ▓▒█░░ ▒░   ░  ░░ ▒░   ░  ░░░ ▒░ ░░ ▒▓ ░▒▓░
   ▒ ░▒░ ░  ▒   ▒▒ ░░  ░      ░░  ░      ░ ░ ░  ░  ░▒ ░ ▒░
   ░  ░░ ░  ░   ▒   ░      ░   ░      ░      ░     ░░   ░ 
   ░  ░  ░      ░  ░       ░          ░      ░  ░   ░     
 



Download Hammer:- Click Here To Download Hammer





Usage: hammer.py [Auth] [Options] [Targets]

[Auth]
-s --server: web server address, for domain name or ip
-t --token: token, found and updated in the user-setup interface
[Options]
-u --update-plugins: update the local plugin to the web, you can specify the local plugin directory
-v --verbose: The output is more detailed. The default output is info, and -v is debug.
--threads: number of processes, default is cpu cores
--auto-proxy: Enable automatic proxy
-h : output help information
[Targets]
-T --target: target, which can be ip, host, url or ip range. It can also be a file when using -p mode.
--no-gather: Do not use the information collection module, you can also use the following --gather-depth=0
--gather-depth: Information collection depth, default is 1
--conf-file: configuration file, default is conf/basic.conf
-p --plugin: Run a plugin separately
--plugin-arg: plugin parameter, the format is "port=20;name='hammer';"
-l --listen: listen mode, task assignment on WEB
--max-size: maximum thread pool for listen mode
--console: console mode
[Examples]
 hammer.py -s www.hammer.org -t 3r75... --update-plugins plugins/Info_Collect/
 hammer.py -s www.hammer.org -t 3r75... --console
 hammer.py -T http://testphp.vulnweb.com
 hammer.py --conf-file conf/basic.conf
 hammer.py -T vulnweb.com --conf-file conf/basic.conf
 hammer.py -p plugins/System/dnszone.py -T vulnweb.com
 hammer.py -l

Install


Currently recommended to run on Linux/Mac, please use blog to install pip on Mac:
1. Install python dependent library
Sudo apt-get install python-pip python-dev
Sudo pip install -r requirement.txt
2. Download the project
~$>git clone https://github.com/yangbh/Hammer.git & cd Hammer
Hammer$>git clone https://github.com/yangbh/Hammer.git
After the update, you can directly solve it with git pull origin master.
3. Database
1) mysql>create database Hammer;
2) and assign an account password to the Hammer database
3) Import sql file, address in bin/hammer.sql
Source bin/hammer.sql
4. Configure the web and modify the web/config.php configuration file.
$DB_HOST = 'localhost';
$DB_PORT = '3306';
$DB_NAME = 'Hammer';
$DB_USER = 'user';
$DB_PWD = 'password';
$DB_SALT = 'hammer'; # salt is salt, it is recommended to modify, please manually modify the web admin password hash in the database after the change
5. Import all plugin content in the plugins directory into the web database
1) Log in to the web, the default account password is admin/123456, and get the token in user.php
2) Update the local plugin information to WEB:
Python hammer.py -s www.hammer.org -t yourtokenhere -u plugins/
3) If you add a plugin later, you can specify a separate .py plugin for -u or specify a directory.
Python hammer.py -s www.hammer.org -t yourtokenhere -u yourpluginfilepath
6. Run hammer.py to scan
1) Set the local cache server and token for the first time using -c mode
Python hammer.py -c
Anonymous@local >set server 0xff.sinaapp.com
Anonymous@local >set token XiUfga4xlS4ajBWnlUyBph9wGRxlFHF3
Anonymous@local >connect
Admin@0xff.sinaapp.com >show user
2) If the token is not set, the server will need to bring the server and token for future scans. For specific scan commands, refer to web/documents.php. Common commands:
Python hammer.py -l
Python hammer.py -T yourtargethere
7. It is recommended to use the web for task distribution, set plugin parameters in configs.php

Related Posts

Subscribe Our Newsletter