WAF>> SourceLeakHacker>> 返回
项目作者: WangYihang

项目描述 :
:bug: A multi threads web application source leak scanner
高级语言: Python
项目地址: git://github.com/WangYihang/SourceLeakHacker.git
创建时间: 2017-03-23T02:40:39Z
项目社区:https://github.com/WangYihang/SourceLeakHacker
开源协议:
下载


Description

SourceLeakHacker is a muilt-threads web directories scanner.

Installation

  1. pip install -r requirements.txt

Usage 

  1. usage: SourceLeakHacker.py [options]
  3. optional arguments:
  4.   -h, --help            show this help message and exit
  5.   --url URL             url to scan, eg: 'http://127.0.0.1/'
  6.   --urls URLS           file contains urls to scan, one line one url.
  7.   --scale {full,tiny}   build-in dictionary scale
  8.   --output OUTPUT       output folder, default: result/YYYY-MM-DD hh:mm:ss
  9.   --threads THREADS, -t THREADS
  10.                         threads numbers, default: 4
  11.   --timeout TIMEOUT     HTTP request timeout
  12.   --level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG}
  13.                         log level
  14.   --version, -V         show program's version number and exit

Example

  1. $ python SourceLeakHacker.py --url=http://baidu.com --threads=4 --timeout=8
  2. [302]   0       3.035766        text/html; charset=iso-8859-1   http://baidu.com/_/_index.php
  3. [302]   0       3.038096        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
  4. ...
  5. [302]   0       0.063973        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php
  6. [302]   0       0.081672        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.bak
  7. Result save in file: result/2020-02-27 07:07:47.csv
  1. $ cat url.txt                 
  2. http://baidu.com/
  3. http://google.com/
  5. $ python SourceLeakHacker.py --urls=url.txt --threads=4 --timeout=8
  6. [302]   0       2.363600        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
  7. [302]   0       0.098417        text/html; charset=iso-8859-1   http://baidu.com/_adm/__index.php.bak
  8. ...
  9. [302]   0       0.060524        text/html; charset=iso-8859-1   http://google.com/_adm/_index.php.bak
  10. [302]   0       0.075042        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.back
  11. Result save in file: result/2020-02-27 07:08:54.csv

Demo

screenshot-00.png
screenshot-01.png
screenshot-02.png

TODOs

  • Arguments parser.
  • Store scan result into csv file.
  • Support for multiple urls (from file).
  • Add help comments for every params.
  • Update Usage.
  • Adjust dictionary elements order systematically.
  • Change logger in order to suite for both windows and linux.
  • Add log level.
  • Update Screenshots.
  • Retry and avoid dead lock
  • Store scan result into sqlite database.
  • Download small url contents, then store them into sqlite database.

Known Bugs

  • CTRL C does not works on windows platform