Let's talk

AUTOMATED RECON TOOL

REAVER

Project Details
BG Icon

About REAVER

Recon, Evasion & Vulnerability Exposure Tool is a python & bash(subprocess) based tool with 14 unique reconnaissance, enumeration & scanning features to scan a web application for vulnerabilities & security misconfigurations. The tool is natively built in python and is currently operable for Ubuntu Distribution of Linux. The tool is able to scan ports , perform enumeration using various techniques, evade firewalls and find vulnerabilities. The tool is in development for 3 versions namely CLI, GUI(Application or software) and Web Application. Tool also integrates pre existing open source, standard tools like Nmap , Nikto & Nuclei.

The development of Recon, Evasion And Vulnerability Exposure tool (REAVER) was very intricate and had to be planned thoroughly before execution. Hence planning the development procedure is a very crucial step.

Working Principle

Automated Vulnerability Scanning works in four different steps:
1. Recognizing the weaknesses : A vulnerability database is used by a web application security scanner or vulnerability scanning software to find security flaws in the target system.
2. Risk assessment : The severity and effects on the system of the identified vulnerability should be evaluated using a scoring system.
3. Remediation : Prioritization should be the first step in responding to the security breach. The vulnerabilities should be categorized based on their score, and a remediation inventory should be made as a result.
4. Reporting : Any breach that is discovered, assessed, and addressed must be properly reported in order to raise awareness going forward.

Project
BG
Icon

  • Built with

    Python

  • Built with

    Bash

  • Deployment Env

    Ubuntu / Kali

  • GUI Development

    Tkinter, Django

Scope of Development

Since the Tool only completed for cli version there are a lot of limitations and improvements which can be made to increase the usability and platform independence. Some of the limitations of the tool till date which will be removed over the next updates and versions of REAVER are as following:
1. Dependency of tool to run natively on Ubuntu a debian based linux distribution can limit the tool to be compatible for the windows counterparts.
2. The report generation is done in a very generic manner and will be improved to standards like SANS Top 25, PCI DSS Compliance Report, OWASP Top 10, ISO 27001 Compliance.
3. The absence of a database to store previous scans is a necessity ,which needs to be incorporated in the latter versions of the tool.
4. The dependency of REAVER on industry standard open source tools like NMAP is both a curse and a boon. But in future the dependence of REAVER on integration of external tools should be reduced by providing a natively available counterpart of the external tool

Project Details
Github Repo       Full Report