Rapid Assessment of Web Resources (RAWR) is an automated tool capable of enumerating a network and bringing visibility to the web resources that lie therein. It not only finds them, but also takes screenshots and pulls as much data as it possibly can through the request. It extends to functions such as spidering, reverse DNS resolution, cookies, and pulling other information such as robots.txt for your review. The output is simple, structured data that can be easily visually skimmed as well as parsed.
I could go on and on about this tool, because it has saved me innumerable hours in enumeration and data collection on web resources, but I'll not submit you to that today.
Adam Byers (@al14s), and myself were extremely honored to be able to present RAWR at DerbyCon 3.0 this year! DerbyCon has been one of my favorite InfoSec conferences since it's inception, and I can't put into words my thankfulness to the staff for not only considering us, but also allowing us to present in such an amazing time slot! This opportunity has allowed us a platform to communicate this tool to a large number of people who we hope are able to benefit from it as much as we have!
You can view the video recording of our presentation here, however Irongeek has done an amazing job of posting all of the DerbyCon 3.0 videos here and I highly recommend going through them as there were so many amazing talks!
You can view our slide deck on SlideShare here!
The videos that were embedded in the slide deck are on YouTube at the following links:
https://bitbucket.org/al14s/rawr
Please let us know what you think! We would love to hear how RAWR has helped you, or how you could envision us improving the tool!
- c0ncealed
No comments:
Post a Comment