Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Dart

Crystal

Haskell

F#

Swift

Rust

Elixir

Zig

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

C++

JavaScript

Ruby

C

Go

Crystal

C#

Java

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇳🇨 New Caledonia

🇳🇺 Niue

🇷🇪 Réunion

🇺🇸 United States

🇻🇪 Venezuela

🇧🇼 Botswana

🇧🇩 Bangladesh

🇧🇲 Bermuda

All Countries Compare Countries

WangYihang/SourceLeakHacker

Stars
379
Rank 113,004 (Top 3 %)
Language
Python
Created over 7 years ago
Updated 4 months ago

WangYihang/SourceLeakHacker

WangYihang

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

🐛 A multi threads web application source leak scanner

Description

SourceLeakHacker is a muilt-threads web directories scanner.

Installation

pip install -r requirements.txt

Usage　

usage: SourceLeakHacker.py [options]

optional arguments:
  -h, --help            show this help message and exit
  --url URL             url to scan, eg: 'http://127.0.0.1/'
  --urls URLS           file contains urls to scan, one line one url.
  --scale {full,tiny}   build-in dictionary scale
  --output OUTPUT       output folder, default: result/YYYY-MM-DD hh:mm:ss
  --threads THREADS, -t THREADS
                        threads numbers, default: 4
  --timeout TIMEOUT     HTTP request timeout
  --level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG}
                        log level
  --version, -V         show program's version number and exit

Example

$ python SourceLeakHacker.py --url=http://baidu.com --threads=4 --timeout=8
[302]   0       3.035766        text/html; charset=iso-8859-1   http://baidu.com/_/_index.php
[302]   0       3.038096        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
...
[302]   0       0.063973        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php
[302]   0       0.081672        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.bak
Result save in file: result/2020-02-27 07:07:47.csv

$ cat url.txt                 
http://baidu.com/
http://google.com/

$ python SourceLeakHacker.py --urls=url.txt --threads=4 --timeout=8
[302]   0       2.363600        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
[302]   0       0.098417        text/html; charset=iso-8859-1   http://baidu.com/_adm/__index.php.bak
...
[302]   0       0.060524        text/html; charset=iso-8859-1   http://google.com/_adm/_index.php.bak
[302]   0       0.075042        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.back
Result save in file: result/2020-02-27 07:08:54.csv

Demo

TODOs

Known Bugs

CTRL C does not works on windows platform

Platypus

🔨 A modern multiple reverse shell sessions manager written in go

GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Webshell-Sniper

🔨 Manage your website via terminal

ccupp

基于社会工程学的弱口令密码字典生成工具

UsbKeyboardDataHacker

USB键盘流量包取证工具 , 用于恢复用户的击键信息

Reverse-Shell-Manager

🔨 A multiple reverse shell session/client manager via terminal

USB-Mouse-Pcap-Visualizer

USB mouse traffic packet forensic tool, mainly used to draw mouse movements and dragging trajectories

Exploit-Framework

🔥 An Exploit framework for Web Vulnerabilities written in Python

Apache-HTTP-Server-Module-Backdoor

👺 A Simple Backdoor For Apache HTTP Server

MIT-6.031-Readings-zh-cn

麻省理工大学-18年春季学期-软件构造(6.031)课程阅读中文版

awesome-web-security

📓 Some notes and impressive articles of Web Security

Codiad-Remote-Code-Execute-Exploit

A simple exploit to execute system command on codiad

Find-PHP-Vulnerabilities

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

PwnMe

二进制渗透题目汇总

IdiomsSolitaire

sqli-labs

WriteUp of sqli-labs (GitBook : https://www.gitbook.com/book/wangyihang/sqli-labs/details)

12306

12306网站抢票Python脚本

WebShellCracker

WebShell密码爆破工具

LinuxShellScript

LinuxShell编程笔记

SQL-Hacker

简单SQL注入工具

XorShellcode

Shellcode异或加密工具

Subdomain-Crawler

A program for collecting subdomains of a list of given second-level domains (SLD)

ShellcodeSpider

Shellcode Spider of Exploit-DB

HIT-Courses-Calendar

哈尔滨工业大学教务处课表Excel转换iCal脚本

gojob

Go(od) Job is a simple job scheduler that supports task retries, logging, and task sharding.

Proxy-Verifier

A set of tools designed to efficiently and effectively locate publicly available proxy server resources.

PPT-Generator

Generate PPT via a simple summary

tplayer

一个Linux终端播放器 , 使用字符绘制图片/视频 , 并按照帧率播放

Presentations

t3sec-network-flow-analysis

acw-sc-v2.js

`acw_sc__v2` cookie generator

Docker-Container-Exposer

Expose docker containers to public network

pickle-pickle

A arbitary python code executer via python pickle

CrackMe

Platypus-Python

SimpleEncrypter

简单shellcode加密工具(存在 0 字节)

Markdown-URL-to-Title

DBLP-Spider

A spider tool for downloading the DBLP search results into local BibTeX files.

MovieSearcher

电影资源搜索工具

Image-LSB-Stego

http-grab

tranco-go-package

acw-sc-v2-py

Python requests.HTTPAdapter for `acw_sc__v2`

dns-grab

PrintableShellcodeCreator

可打印shellcode生成工具

DBAPPSecurity-Unified-Security-Management-Python-Connector

Python Connector for DBAPPSecurity Unified Security Management | 明御®运维审计与风险控制系统（堡垒机）

bgphenet

acw-sc-v2-go

ModifyHeadersForChrome

ModifyHeadersForChrome

ProcessInjector

JBrowserWithPulgins

Java实现的一个简单的Web浏览器 , 提供了插件功能 , 目前插件有下载地址分析器