WangYihang / Sourceleakhacker
🐛 A multi threads web application source leak scanner
Stars: ✭ 226
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Sourceleakhacker
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-23.45%)
Mutual labels: scanner, hacking-tool, websecurity
Phonia
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.
Stars: ✭ 221 (-2.21%)
Mutual labels: scanner, hacking-tool
Appinfoscanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (+87.61%)
Mutual labels: scanner, hacking-tool
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+185.4%)
Mutual labels: scanner, hacking-tool
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+296.9%)
Mutual labels: scanner, hacking-tool
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+707.08%)
Mutual labels: scanner, hacking-tool
Enteletaor
Message Queue & Broker Injection tool
Stars: ✭ 139 (-38.5%)
Mutual labels: scanner, hacking-tool
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+82.74%)
Mutual labels: scanner, hacking-tool
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+82.74%)
Mutual labels: scanner, hacking-tool
Wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Stars: ✭ 6,244 (+2662.83%)
Mutual labels: scanner, hacking-tool
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+72.12%)
Mutual labels: hacking-tool, websecurity
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+239.38%)
Mutual labels: scanner, hacking-tool
Deep-Inside
Command line tool that allows you to explore IoT devices by using Shodan API.
Stars: ✭ 22 (-90.27%)
Mutual labels: scanner, hacking-tool
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+753.1%)
Mutual labels: scanner, hacking-tool
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+923.01%)
Mutual labels: scanner, hacking-tool
Whatcms
CMS Detection and Exploit Kit based on Whatcms.org API
Stars: ✭ 205 (-9.29%)
Mutual labels: scanner, hacking-tool
Description
SourceLeakHacker is a muilt-threads web directories scanner.
Installation
pip install -r requirements.txt
Usage
usage: SourceLeakHacker.py [options]
optional arguments:
-h, --help show this help message and exit
--url URL url to scan, eg: 'http://127.0.0.1/'
--urls URLS file contains urls to scan, one line one url.
--scale {full,tiny} build-in dictionary scale
--output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss
--threads THREADS, -t THREADS
threads numbers, default: 4
--timeout TIMEOUT HTTP request timeout
--level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG}
log level
--version, -V show program's version number and exit
Example
$ python SourceLeakHacker.py --url=http://baidu.com --threads=4 --timeout=8
[302] 0 3.035766 text/html; charset=iso-8859-1 http://baidu.com/_/_index.php
[302] 0 3.038096 text/html; charset=iso-8859-1 http://baidu.com/_/__index.php.bak
...
[302] 0 0.063973 text/html; charset=iso-8859-1 http://baidu.com/_adm/_index.php
[302] 0 0.081672 text/html; charset=iso-8859-1 http://baidu.com/_adm/_index.php.bak
Result save in file: result/2020-02-27 07:07:47.csv
$ cat url.txt
http://baidu.com/
http://google.com/
$ python SourceLeakHacker.py --urls=url.txt --threads=4 --timeout=8
[302] 0 2.363600 text/html; charset=iso-8859-1 http://baidu.com/_/__index.php.bak
[302] 0 0.098417 text/html; charset=iso-8859-1 http://baidu.com/_adm/__index.php.bak
...
[302] 0 0.060524 text/html; charset=iso-8859-1 http://google.com/_adm/_index.php.bak
[302] 0 0.075042 text/html; charset=iso-8859-1 http://baidu.com/_adm/_index.php.back
Result save in file: result/2020-02-27 07:08:54.csv
Demo
TODOs
- [x] Arguments parser.
- [x] Store scan result into csv file.
- [x] Support for multiple urls (from file).
- [x] Add help comments for every params.
- [x] Update Usage.
- [x] Adjust dictionary elements order systematically.
- [x] Change logger in order to suite for both windows and linux.
- [x] Add log level.
- [x] Update Screenshots.
- [ ] Retry and avoid dead lock
- [ ] Store scan result into sqlite database.
- [ ] Download small url contents, then store them into sqlite database.
Known Bugs
- [ ] CTRL C does not works on windows platform
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].