bfac
BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application’s source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.
Details
Category: Discovery
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/bfac:18fb0b5
Source URL: https://github.com/mazen160/bfac
Parameters
Command:
--host
- HTTP host header valueCommand:
-level
- Choose levelCommand:
--proxy
- Proxy authentication credentials (name:password).Command:
--cookie
- HTTP cookie header valueCommand:
--timeout
- HTTP request timeout in seconds (default:5)Command:
--list
- Check a list of URLsCommand:
--proxy-file
- Use a proxy list fileCommand:
-u
- Check a single URLCommand:
-ua
- HTTP User-Agent header valueCommand:
--request-rate-throttling
- Request rate throttling per second (default: 30)Command:
--no-text
- Show the results onlyCommand:
--headers
- Extra headers (e.g. Accept-Language: fr
ETag: 123)Command:
--dvcs-test
- Limit the test to exposed DVCS testsCommand:
--user-agents-file
- Use a User-Agents fileCommand:
-xsc
- Specify status codes to exclude, separated by commasCommand:
--invalid-content-length
- Manually specify the invalid Content-Length, instead of performing this check automatically.Command:
--technique
- Technique to verify the availability of the file. (options: status_code, content_length, all) (default: all)Command:
--invalid-content-length-offset
- Manually specify the Content-Length offset for invalid pages (default: 50).