bfac
BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application’s source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.
Details
Category: Discovery
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/bfac:18fb0b5
Source URL: https://github.com/mazen160/bfac
Parameters
host
string
Command:
--host
- HTTP host header valuelevel
string
Command:
-level
- Choose levelproxy
string
Command:
--proxy
- Proxy authentication credentials (name:password).cookie
string
Command:
--cookie
- HTTP cookie header valuetimeout
string
Command:
--timeout
- HTTP request timeout in seconds (default:5)url-list
file
requiredCommand:
--list
- Check a list of URLsproxy-file
file
Command:
--proxy-file
- Use a proxy list filesingle-url
string
requiredCommand:
-u
- Check a single URLuser-agent
string
Command:
-ua
- HTTP User-Agent header valuerequest-rate
string
Command:
--request-rate-throttling
- Request rate throttling per second (default: 30)results-only
boolean
Command:
--no-text
- Show the results onlyextra-headers
string
Command:
--headers
- Extra headers (e.g. Accept-Language: fr
ETag: 123)dvcs-tests-only
boolean
Command:
--dvcs-test
- Limit the test to exposed DVCS testsuser-agent-file
file
Command:
--user-agents-file
- Use a User-Agents fileexclude-status-code
string
Command:
-xsc
- Specify status codes to exclude, separated by commasinvalid-content-length
string
Command:
--invalid-content-length
- Manually specify the invalid Content-Length, instead of performing this check automatically.verification-technique
string
Command:
--technique
- Technique to verify the availability of the file. (options: status_code, content_length, all) (default: all)invalid-content-length-offset
string
Command:
--invalid-content-length-offset
- Manually specify the Content-Length offset for invalid pages (default: 50).