• Stars
    star
    379
  • Rank 113,004 (Top 3 %)
  • Language
    Python
  • Created over 7 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🐛 A multi threads web application source leak scanner

Description

SourceLeakHacker is a muilt-threads web directories scanner.

Installation

pip install -r requirements.txt

Usage 

usage: SourceLeakHacker.py [options]

optional arguments:
  -h, --help            show this help message and exit
  --url URL             url to scan, eg: 'http://127.0.0.1/'
  --urls URLS           file contains urls to scan, one line one url.
  --scale {full,tiny}   build-in dictionary scale
  --output OUTPUT       output folder, default: result/YYYY-MM-DD hh:mm:ss
  --threads THREADS, -t THREADS
                        threads numbers, default: 4
  --timeout TIMEOUT     HTTP request timeout
  --level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG}
                        log level
  --version, -V         show program's version number and exit

Example

$ python SourceLeakHacker.py --url=http://baidu.com --threads=4 --timeout=8
[302]   0       3.035766        text/html; charset=iso-8859-1   http://baidu.com/_/_index.php
[302]   0       3.038096        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
...
[302]   0       0.063973        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php
[302]   0       0.081672        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.bak
Result save in file: result/2020-02-27 07:07:47.csv
$ cat url.txt                 
http://baidu.com/
http://google.com/

$ python SourceLeakHacker.py --urls=url.txt --threads=4 --timeout=8
[302]   0       2.363600        text/html; charset=iso-8859-1   http://baidu.com/_/__index.php.bak
[302]   0       0.098417        text/html; charset=iso-8859-1   http://baidu.com/_adm/__index.php.bak
...
[302]   0       0.060524        text/html; charset=iso-8859-1   http://google.com/_adm/_index.php.bak
[302]   0       0.075042        text/html; charset=iso-8859-1   http://baidu.com/_adm/_index.php.back
Result save in file: result/2020-02-27 07:08:54.csv

Demo

screenshot-00.png screenshot-01.png screenshot-02.png

TODOs

  • Arguments parser.
  • Store scan result into csv file.
  • Support for multiple urls (from file).
  • Add help comments for every params.
  • Update Usage.
  • Adjust dictionary elements order systematically.
  • Change logger in order to suite for both windows and linux.
  • Add log level.
  • Update Screenshots.
  • Retry and avoid dead lock
  • Store scan result into sqlite database.
  • Download small url contents, then store them into sqlite database.

Known Bugs

  • CTRL C does not works on windows platform

More Repositories

1

Platypus

🔨 A modern multiple reverse shell sessions manager written in go
Go
1,503
star
2

GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
Python
1,408
star
3

Webshell-Sniper

🔨 Manage your website via terminal
Python
419
star
4

ccupp

基于社会工程学的弱口令密码字典生成工具
Python
340
star
5

UsbKeyboardDataHacker

USB键盘流量包取证工具 , 用于恢复用户的击键信息
Python
320
star
6

Reverse-Shell-Manager

🔨 A multiple reverse shell session/client manager via terminal
Python
237
star
7

USB-Mouse-Pcap-Visualizer

USB mouse traffic packet forensic tool, mainly used to draw mouse movements and dragging trajectories
JavaScript
233
star
8

Exploit-Framework

🔥 An Exploit framework for Web Vulnerabilities written in Python
Python
170
star
9

Apache-HTTP-Server-Module-Backdoor

👺 A Simple Backdoor For Apache HTTP Server
C
151
star
10

MIT-6.031-Readings-zh-cn

麻省理工大学-18年春季学期-软件构造(6.031)课程阅读中文版
84
star
11

awesome-web-security

📓 Some notes and impressive articles of Web Security
74
star
12

Codiad-Remote-Code-Execute-Exploit

A simple exploit to execute system command on codiad
Python
64
star
13

Find-PHP-Vulnerabilities

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities
Python
56
star
14

PwnMe

二进制渗透题目汇总
Python
54
star
15

IdiomsSolitaire

成语接龙
Python
48
star
16

sqli-labs

WriteUp of sqli-labs (GitBook : https://www.gitbook.com/book/wangyihang/sqli-labs/details)
39
star
17

12306

12306网站抢票Python脚本
Python
28
star
18

WebShellCracker

WebShell密码爆破工具
Python
19
star
19

LinuxShellScript

LinuxShell编程笔记
Shell
15
star
20

SQL-Hacker

简单SQL注入工具
Python
14
star
21

XorShellcode

Shellcode异或加密工具
Python
12
star
22

Subdomain-Crawler

A program for collecting subdomains of a list of given second-level domains (SLD)
Go
12
star
23

ShellcodeSpider

Shellcode Spider of Exploit-DB
C
12
star
24

HIT-Courses-Calendar

哈尔滨工业大学教务处课表Excel转换iCal脚本
Python
10
star
25

gojob

Go(od) Job is a simple job scheduler that supports task retries, logging, and task sharding.
Go
10
star
26

Proxy-Verifier

A set of tools designed to efficiently and effectively locate publicly available proxy server resources.
Go
9
star
27

PPT-Generator

Generate PPT via a simple summary
Python
9
star
28

tplayer

一个Linux终端播放器 , 使用字符绘制图片/视频 , 并按照帧率播放
Python
8
star
29

Presentations

8
star
30

t3sec-network-flow-analysis

6
star
31

acw-sc-v2.js

`acw_sc__v2` cookie generator
HTML
5
star
32

Docker-Container-Exposer

Expose docker containers to public network
Shell
5
star
33

pickle-pickle

A arbitary python code executer via python pickle
Python
5
star
34

CrackMe

CrackMe 汇总
Python
5
star
35

Platypus-Python

Python
5
star
36

SimpleEncrypter

简单shellcode加密工具(存在 0 字节)
Python
4
star
37

Markdown-URL-to-Title

Python
4
star
38

DBLP-Spider

A spider tool for downloading the DBLP search results into local BibTeX files.
Python
4
star
39

MovieSearcher

电影资源搜索工具
Python
3
star
40

Image-LSB-Stego

Python
3
star
41

http-grab

Go
2
star
42

tranco-go-package

Go
2
star
43

acw-sc-v2-py

Python requests.HTTPAdapter for `acw_sc__v2`
Python
2
star
44

dns-grab

Go
2
star
45

PrintableShellcodeCreator

可打印shellcode生成工具
C
2
star
46

DBAPPSecurity-Unified-Security-Management-Python-Connector

Python Connector for DBAPPSecurity Unified Security Management | 明御®运维审计与风险控制系统(堡垒机)
Python
1
star
47

bgphenet

Go
1
star
48

acw-sc-v2-go

Go
1
star
49

ModifyHeadersForChrome

ModifyHeadersForChrome
JavaScript
1
star
50

ProcessInjector

C
1
star
51

JBrowserWithPulgins

Java实现的一个简单的Web浏览器 , 提供了插件功能 , 目前插件有下载地址分析器
Java
1
star