All Projects → WangYihang → Sourceleakhacker

WangYihang / Sourceleakhacker

🐛 A multi threads web application source leak scanner

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Sourceleakhacker

Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-23.45%)
Mutual labels:  scanner, hacking-tool, websecurity
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+3106.19%)
Mutual labels:  scanner, hacking-tool
Bluescan
A powerful Bluetooth scanner
Stars: ✭ 206 (-8.85%)
Mutual labels:  scanner, hacking-tool
Phonia
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.
Stars: ✭ 221 (-2.21%)
Mutual labels:  scanner, hacking-tool
Appinfoscanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (+87.61%)
Mutual labels:  scanner, hacking-tool
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+185.4%)
Mutual labels:  scanner, hacking-tool
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+296.9%)
Mutual labels:  scanner, hacking-tool
Vault
swiss army knife for hackers
Stars: ✭ 346 (+53.1%)
Mutual labels:  scanner, hacking-tool
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+707.08%)
Mutual labels:  scanner, hacking-tool
Enteletaor
Message Queue & Broker Injection tool
Stars: ✭ 139 (-38.5%)
Mutual labels:  scanner, hacking-tool
Pycurity
Python Security Scripts
Stars: ✭ 218 (-3.54%)
Mutual labels:  scanner, hacking-tool
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+82.74%)
Mutual labels:  scanner, hacking-tool
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+82.74%)
Mutual labels:  scanner, hacking-tool
Wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Stars: ✭ 6,244 (+2662.83%)
Mutual labels:  scanner, hacking-tool
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+72.12%)
Mutual labels:  hacking-tool, websecurity
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+239.38%)
Mutual labels:  scanner, hacking-tool
Deep-Inside
Command line tool that allows you to explore IoT devices by using Shodan API.
Stars: ✭ 22 (-90.27%)
Mutual labels:  scanner, hacking-tool
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+753.1%)
Mutual labels:  scanner, hacking-tool
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+923.01%)
Mutual labels:  scanner, hacking-tool
Whatcms
CMS Detection and Exploit Kit based on Whatcms.org API
Stars: ✭ 205 (-9.29%)
Mutual labels:  scanner, hacking-tool

Description

SourceLeakHacker is a muilt-threads web directories scanner.

Installation

pip install -r requirements.txt

Usage 

usage: SourceLeakHacker.py [options]

optional arguments:
  -h, --help            show this help message and exit
  --url URL             url to scan, eg: 'http://127.0.0.1/'
  --urls URLS           file contains urls to scan, one line one url.
  --scale {full,tiny}   build-in dictionary scale
  --output OUTPUT       output folder, default: result/YYYY-MM-DD hh:mm:ss
  --threads THREADS, -t THREADS
                        threads numbers, default: 4
  --timeout TIMEOUT     HTTP request timeout
  --level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG}
                        log level
  --version, -V         show program's version number and exit

Example

$ python SourceLeakHacker.py --url=http://baidu.com --threads=4 --timeout=8
[302]   0       3.035766        text/html; charset=iso-8859-1   http://baidu.com/_/_index.php
[302]   0       3.038096        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
...
[302]   0       0.063973        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php
[302]   0       0.081672        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.bak
Result save in file: result/2020-02-27 07:07:47.csv
$ cat url.txt                 
http://baidu.com/
http://google.com/

$ python SourceLeakHacker.py --urls=url.txt --threads=4 --timeout=8
[302]   0       2.363600        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
[302]   0       0.098417        text/html; charset=iso-8859-1   http://baidu.com/_adm/__index.php.bak
...
[302]   0       0.060524        text/html; charset=iso-8859-1   http://google.com/_adm/_index.php.bak
[302]   0       0.075042        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.back
Result save in file: result/2020-02-27 07:08:54.csv

Demo

screenshot-00.png screenshot-01.png screenshot-02.png

TODOs

  • [x] Arguments parser.
  • [x] Store scan result into csv file.
  • [x] Support for multiple urls (from file).
  • [x] Add help comments for every params.
  • [x] Update Usage.
  • [x] Adjust dictionary elements order systematically.
  • [x] Change logger in order to suite for both windows and linux.
  • [x] Add log level.
  • [x] Update Screenshots.
  • [ ] Retry and avoid dead lock
  • [ ] Store scan result into sqlite database.
  • [ ] Download small url contents, then store them into sqlite database.

Known Bugs

  • [ ] CTRL C does not works on windows platform
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].