BFAC v1.3: Backup File Artifacts Checker – Penetration Testing

BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application’s source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.

The goal of BFAC is to be an all-in-one tool for backup-file artifacts black-box testing.

Features

Multithreaded scanning.

Includes request rate throttling.

HTTP proxy support.

Uses multiple algorithms for automatically detecting valid and invalid pages.

HTTP proxy support

User agent randomization.

Batch processing.

Works both as a command-line tool and Python module.

Support for Windows, MacOS, and Linux operating systems.

Reporting: simple, verbose, CSV, JSON.

Download

git clone http://ift.tt/2takzhz

Usage

Description

Command

Help

bfac –help

Check a single URL.

bfac –url http://ift.tt/IcWlJf

Check a list of URLs.

bfac –list testing_list.txt

Single URL with a different level (level 2 for example).

bfac –url http://ift.tt/IcWlJf –level 2

Single URL and show the results only.

bfac –no-text –url http://ift.tt/IcWlJf

Limit the test to exposed DVCS tests.

bfac –dvcs-test –url http://example.com/

Verify existence of files using Content-Length checks only.

bfac –detection-technique content_length http://ift.tt/IcWlJf

Verify existence of files using Status-Code checks only.

bfac –detection-technique status_code http://ift.tt/IcWlJf

Exclude results with specific status-codes.

bfac –exclude-status-codes 301,999 http://ift.tt/IcWlJf

Source: Github

The post BFAC v1.3: Backup File Artifacts Checker appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s