whatisgithub

What is red_hawk?

tuhinshubhra/red_hawk — explained in plain English

Analysis updated 2026-05-18

3,655PHPAudience · developerComplexity · 3/5Setup · moderate

In one sentence

RED HAWK is a PHP command-line tool that scans a website for information and common security weaknesses for penetration testers.

Mindmap

mindmap
  root((RED HAWK))
    What it does
      Website recon
      Vulnerability checks
      CMS detection
    Tech stack
      PHP
      Nmap
    Use cases
      Penetration testing recon
      Find subdomains
      Check WordPress sites
    Audience
      Security researchers
      Penetration testers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Gather basic recon on a target domain like IP, server, and CMS during a pentest

USE CASE 2

Scan for subdomains and other sites hosted on the same server

USE CASE 3

Check WordPress sites for sensitive files and known vulnerabilities

What is it built with?

PHPNmap

How does it compare?

tuhinshubhra/red_hawkjsonrainbow/json-schemaorvice/ss-panel
Stars3,6553,6313,611
LanguagePHPPHPPHP
Setup difficultymoderateeasymoderate
Complexity3/52/53/5
Audiencedeveloperdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Unmaintained since 2017, some scans may fail against modern sites or PHP versions.

So what is it?

RED HAWK is a command-line tool written in PHP that gathers information about a website and checks it for common security issues. It is designed for penetration testers, who are security professionals hired to probe systems for weaknesses before attackers find them. You point the tool at a domain name and choose which type of scan to run. The basic scan retrieves information like the IP address behind the domain, the web server software the site uses, whether the site is behind Cloudflare (a service that hides the real server location), and what content management system (CMS) the site runs on. WordPress, Joomla, Drupal, and Magento are among the CMSs it can identify. Additional scan types go further. A DNS lookup lists the domain's name server records. A sub-domain scanner searches for additional addresses attached to the same domain. A reverse IP lookup finds other websites hosted on the same server. There is also a port scan (powered by the separate Nmap tool), an error-based SQL injection scanner for finding a common type of database vulnerability, a WordPress-specific scanner that checks for sensitive files and known version vulnerabilities, and a crawler that follows links on a site. The Bloggers View mode is a broader sweep that pulls metrics like Alexa ranking, domain authority, and social media links for a given address. It requires a free API key from moz.com to return authority scores. Installation involves cloning the repository and running the tool with PHP, then typing the built-in fix command to install any missing dependencies. The tool was last updated in 2017 and is no longer under active development, so some features may not work correctly against modern sites or with current PHP versions.

Copy-paste prompts

Prompt 1
Help me install RED HAWK and run a basic scan against a domain
Prompt 2
Explain what the DNS lookup and sub-domain scan features find
Prompt 3
Show me how to use the WordPress-specific scanner in RED HAWK
Prompt 4
Walk me through getting a Moz API key for the Bloggers View mode

Frequently asked questions

What is red_hawk?

RED HAWK is a PHP command-line tool that scans a website for information and common security weaknesses for penetration testers.

What language is red_hawk written in?

Mainly PHP. The stack also includes PHP, Nmap.

How hard is red_hawk to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is red_hawk for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.