Termux Pentesting tool that works from your mobile phone: REDHAWK tutorial

Currently there are multiple varieties of tools for pentesting work, mainly for scanning the target system. This time, pentesting experts from the International Institute of Cyber Security (IICS) will show you how to use REDHAWK from your smartphone, as this scanning tool will give us all kinds of information about the target, including the type of lens, weaknesses and settings in general using the Termux emulator.

Remember that this material was made for entirely academic purposes, so IICS is not responsible for any misuse that may be given to the tool.

DOWNLOAD AND INSTALLATION

To get started, as usual, we’ll update Termux and its contents with the following commands:

apt update && apt upgrade

Download from Github:

 apt install git

Download PHP:

apt install php

Download the script:

git clone https://github.com/Tuhinshubhra/RED_HAWK

Next we will run the following command:

cd RED_HAWK
php rhawk.php

After launching the tool, we enter the target URL (without HTTP/HTTPS) and select http/ https as the following item:

Next, we need to select the check type.

As pentesting experts show us, REDHAWK has multiple target website verification options:

BASIC SCAN:
- Website name
- IP address
- Web server discovery
- CMS discovery
- Cloudflare discovery
- robots.txt scanner
- Whois search
- Search by geo-IP
- Banner analysis
- DNS lookup
- Subnet calculator
- Nmap port scan
SUBDOMAIN SCANNER:
- Subdomain
- IP address
REVERSE IP SEARCH AND CMS DISCOVERY:
- Host name
- IP address
- CMS
- Scanner based on SQLi errors
BLOGGERS VIEW:
- HTTP response code
- Site name
- Alexa ranking
- Domain authority
- Authority of the page
- Extractor of links to social media
- Link extraction
WORDPRESS TRACKING:
- Scan confidential files
- Version detection
- Vulnerability Scanner Version
- Crawler
- MX search
SCAN ALL

For example, by choosing basic scanning, pentesting experts may discover that Cloudflare is installed on the site, allowing you to learn how to bypass this feature in a possible attack.

And that’s it. It seems very simple, but this tool will allow you to learn countless qualities of a specific platform before deploying a pentesting process. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.

Atul Narula

He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.

Termux Pentesting tool that works from your mobile phone: REDHAWK tutorial

DOWNLOAD AND INSTALLATION

Dual Vulnerabilities in Microsoft SharePoint Server: Essential Steps to Mitigate Vulnerabilities

Exploiting the High-Risk Vulnerabilities in Secure Boot of Most Linux Devices on the Planet

Hackers’ New Target is containerized environments through vulnerabilities in runC

Hacking Android, Linux, macOS, iOS, Windows Devices via Bluetooth using a single vulnerability

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Healthcare Hack Horror: Cyberattacks Leave French Hospitals in Chaos for $10 Million

Hacking the Unhackable: The Story of How CISA Was Breached

The Cloudflare Hack: A Hacker, 5000 Credentials, and Operation Code Red

Hijacked Data:LockBit Ransomware Gang Targets Aerospace Giant Boeing

Timeless Targets: After Casio, Seiko Group hacked again by Ransomware gang

Unlocked Doors: The Inside Story of Casio’s Global Data Breach!

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Google Gemini Under Fire: Critical Security Vulnerabilities You Need to Know to hack Gemini

Cracking SCCM Wide Open: Pentesting System Center Configuration Manager with Misconfiguration Manager

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Hacking SSH Connections by exploiting SSH Protocol Vulnerabilities: Different Terrapin Attack Vectors

Understanding Latest DHCP DNS Vulnerabilities and How DHCP Exploits work in Active Directory

Hacking Bluetooth via MiTM: The BLUFFS Bluetooth attack to hack into Millions of Devices

6 Steps to File Anonymous SEC Complaints Against Data Breachers & Force Them to Pay Fines or Take Action

Inside the Exploit: How Your ChatGPT’s Uploaded Files Could Be Stolen by Prompt Injection Vulnerability

This Google Calendar technique allows to hack into companies without getting detected

This telegram bot is like ChatGPT for scammers to steal money from victims easily

How easy is to bomb someone mobile phone with thousands of SMS messages?

This new DDoS attack prevention technique has a 99% accuracy rate

How to secure Cisco Firepower Threat Defense (FTD) firewalls ?

How to use AWS SSM agent as backdoor and hack into EC2 instances?

New tool FraudGPT allows scamming and easy hacking of victims using AI

The Dark Side of PDFs: How Opening a Simple PDF Could Unleash a Cybersecurity Nightmare

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Visited thesaurus.com in search for Synonyms? You have Coinminer malware infection

How to send malware via Teams, even “Safe Attachments” or “Safe Links” can’t protect you

2 Big Cloud hosting companies shutdown by ransomware and lose all customer data