lijiejie/MisConfig_HTTP_Proxy_Scanner lijiejie/MisConfig_HTTP_Proxy_Scanner

  • Stars
    star
    170
  • Rank 223,357 (Top 5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 1 year ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
lijiejie/MisConfig_HTTP_Proxy_Scanner
github

lijiejie

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The scanner helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers

MisConfig HTTP Proxy Scanner

The scanner helps to:

  1. Scan misconfigured reverse proxy servers, to find those web services designed Intra-net access only but accidentally exposed to the Internet.
  2. Attack known forward proxy servers, brute with generated intra-net domains to find those existed ones, like:
    • *.company.internal
    • *.company.local
    • *.company-inc.net

Install

This app developed and tested with python3.8 only. Create a python3.8 virtual env, and then install with

pip3 install -r requirements.txt

ChangeLog

  • 2023-04-19: Fix vulnerability report panel sort bug.

How To Use

For the left side input box, input some public IPs or domains that you find via brute / crawler / PassiveDNS etc.

For the right side input box, you have two choices:

  • Input some domains you already know that are resolved to private IPs (10.x.x.x 192.168.x.x)
  • If the target corp uses private DNS Zone, use the brute force attack to find valid private domain names.

Screenshot

More Repositories

1

subDomainsBrute

A fast sub domain brute tool for pentesters
Python
3,444
star
2

GitHack

A `.git` folder disclosure exploit
Python
3,050
star
3

BBScan

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers
Python
2,166
star
4

ds_store_exp

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
Python
1,495
star
5

swagger-exp

A Swagger API Exploit
JavaScript
1,136
star
6

htpwdScan

HTTP weak pass scanner
Python
900
star
7

EasyPen

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation
JavaScript
606
star
8

IIS_shortname_Scanner

an IIS shortname Scanner
Python
522
star
9

eyes.sh

Optimized DNS/HTTP Log Tool for pentesters, faster and easy to use.
HTML
378
star
10

idea_exploit

Gather sensitive information from (.idea) folder for pentesters
Python
357
star
11

edu-dns-zone-transfer

script to scan edu.cn DNS Servers
Python
89
star
12

log4j2_vul_local_scanner

Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)
Python
85
star
13

struts2_045_scan

Struts2-045 Scanner
Python
73
star
14

OutLook_WebAPP_Brute

Microsoft Outlook WebAPP Brute
Python
64
star
15

WIFIpass

decrypt all saved WIFI passwords on your PC
Python
61
star
16

chromePass

Decrypt all saved Chrome passwords
Python
41
star
17

NPUcat

NPUcat one click proxy
Python
9
star
18

DNS_AXFR_Client

A python DNS Transfer Client
Python
8
star
19

lijiejie

1
star