Razor is a web scanning tool to conduct basic recon steps and identify several vulnerabilites during your pentest process.
1-Clone the project:
git clone https://github.com/ysftzcn/razor.git
2-Install required libraries:
pip install -r requirements.txt
There are several use cases of this.
You can either test a single domain:
python3 razor.py -url https://example.com -all
Or you can test several domains by putting all in a file:
python3 razor.py -file domains.txt -all
You can use several flags at one such as:
python3 razor.py -url https://example.com -ssl -cookie -cors
options:
-h, --help show this help message and exit
-url [URL ...] URL of the website to be analyzed
-file FILE File containing URLs to be analyzed
-cookie Enable checking of cookie values
-method Check if HTTP DEBUG method is enabled
-headers Enable checking of security headers
-ssl Enable checking of SSL/TLS versions
-tech Identify web technologies used
-social Check social media links on the website
-cors Check for CORS vulnerabilities on the website
-ports Scan for popular ports
-spf Perform SPF policy check
-dmarc Perform DMARC policy check
-cjacking Perform clickjacking vulnerability check
-all Perform all checks
This project is purely for educational purposes, use at your own risk. I do not in any way encourage the illegal use of this software or attacking targets without prior authorization.