RapidScan is a multi-tool web vulnerability scanner created to automate running several security scanning tools to find vulnerabilities, evaluate false positives, correlate findings, and save time during penetration testing engagements. While the Python2.7 source is accessible under the v1.1 releases section, the tool has been translated to Python3 (v1.2).

RapidScan is a versatile web vulnerability scanner that's created to streamline the task of running multiple security scanning tools for uncovering vulnerabilities. It automates the scanning process, assesses potential false positives, correlates results, and saves time during penetration testing assignments. The tool has been updated to Python 3 (v1.2), but you can still find the Python 2.7 codebase in the v1.1 releases section.


  • One-step     installation.
  • Executes     a multitude of security scanning tools, custom-coded checks, and prints     the results spontaneously.
  • Tools     include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd,     theharvester, amass, nikto, etc., all executed under one entity.
  • Saves     time by checking for the same vulnerabilities with multiple tools, helping     to zero in on false positives effectively.
  • Lightweight     and not process-intensive.
  • Legends     to help you understand which tests may take longer, so you can skip if     needed.
  • Association     with OWASP Top 10 & CWE 25 on the list of vulnerabilities discovered     (under development).
  • Critical,     high, medium, low, and informational classification of vulnerabilities.
  • Vulnerability     definitions guide you on what the vulnerability actually is and the threat     it can pose.
  • Remediation     information to help you fix the found vulnerability.
  • Executive     summary provides an overall context of the scan performed with critical,     high, low, and informational issues discovered.
  • Artificial     intelligence to deploy tools automatically depending upon the issues found     (under development).
  • Detailed     comprehensive report in a portable document format (*.pdf) with complete     details of the scans and tools used (under development).
  • On-the-run     Metasploit auxiliary modules to discover more vulnerabilities (under     development).

Vulnerability Checks

·        DNS/HTTP Load Balancers & Web ApplicationFirewalls.

·        Checks for Joomla, WordPress, and Drupal.

·        SSL-related Vulnerabilities (HEARTBLEED, FREAK,POODLE, CCS Injection, LOGJAM, OCSP Stapling).

·        Commonly Opened Ports.

·        DNS Zone Transfers using multiple tools (Fierce,DNSWalk, DNSRecon, DNSEnum).

·        Sub-Domains Brute Forcing (DNSMap, amass,nikto).

·        Open Directory/File Brute Forcing.

·        Shallow XSS, SQLi, and BSQLi Banners.

·        Slow-Loris DoS Attack, LFI (Local FileInclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).







Table of Contents: