RPCSCAN - A python tool to automate all the efforts that you put on finding the xmlrpc.php file on all of your target's subdomains and then finding the vulnerable methods and then finding the reports on hackerone and medium writeups.
RPCSCAN - A python tool to automate all the efforts that you put on finding the xmlrpc.php file on all of your targets subdomains and then finding the vulnerable methods and then finding the reports on hackerone and medium writeups.
Suggestions, Pull requests and Issues are welcome.
This command is for Debian/Linux Based Shells.
git clone https://github.com/HACKE-RC/RPCScan
cd RPCScan
chmod +x *
sudo python3 setup.py
For termux:
git clone https://github.com/HACKE-RC/RPCScan
cd RPCScan
chmod +x *
python termux-setup.py
After running setup.py you can simply type rpcscan -h to see the help menu.
If you get any error while installing the tool you can create an issue or message me at twitter.com/coder_rc or If you are not able to run it after running the setup.py you can simply run python3 setup.py -r
to repair it.
Just run the following command to see the help menu.
rpcscan -h
Use this command to start scanning on the list of subdomains.
rcpscan /path/to/listofdomains.txt
This tool can not only scan for the files it also shows if there are potential methods(such as pingback.ping) are enabled in the xmlrpc.php file.
It also provides some reports links from some the Hackerone reports and medium writeups.
It can also Indenify the Mod_Security WAF.
It can also print all the available methods that are present you can also save them to a file for further scanning and for msking reports.