RPCSCAN – Finding the subdomains vulnerable methods

RPCSCAN – so many hacking tools are found on the web but no one can find subdomains vulnerability so in this article I will show vulnerability finding tool.

A python tool to automate all the efforts that you put on finding the xmlrpc.php file on all of your targets subdomains and then finding the vulnerable methods and then finding the reports on HackerOne and medium writeups.


  1. Python 3.x.x or greater.
  2. sh based shell(Works fine in WSL, WSL2 and termux)

How to install RPCSCAN?

Step 1:

First, we need to download the RPCSCAN package so type the below command on your terminal.

					git clone https://github.com/HACKE-RC/RPCScan.git

Step 2:

Now change the directory root to RPCSCAN so type the below command on your terminal.

					cd RPCScan

Step 3:

Permit to read write and execute all python files so type the below command

					chmod +x *.py

Step 4:

Now install the tool on your terminal so type the below command.

					python termux-setup.py
  1. git clone https://github.com/HACKE-RC/RPCScan
  2. cd RPCScan
  3. chmod +x *
  4. sudo python3 setup.py
  1. git clone https://github.com/HACKE-RC/RPCScan
  2. cd RPCScan
  3. chmod +x *
  4. python termux-setup.py

For Termux

pkg install python && pkg install python2

For Linux

sudo apt-get install python && sudo apt-get install python2

After running setup.py you can simply type rpcscan -h to see the help menu. If you get any error while installing the tool you can create an issue or message me at twitter.com/coder_rc or If you are not able to run it after running the setup.py you can simply run python3 setup.py -r to repair it.

How to use?

Just run the following command to see the help menu.

					rpcscan -h

Use this command to start scanning on the list of subdomains.

					rcpscan /path/to/listofdomains.txt

Why use this?

Check for potential methods :

This tool can not only scan for the files it also shows if there are potential methods(such as pingback.ping) are enabled in the xmlrpc.php file.

References from reports and writeups :

It also provides some reports links from some the Hackerone reports and medium writeups.

Indentifies the Mod_Security WAF :

It can also Indenify the Mod_Security WAF.

Get all the methods on terminal and save them for making POCs :

It can also print all the available methods that are present you can also save them to a file for further scanning and for msking reports.

Leave a Reply

Your email address will not be published. Required fields are marked *