bfac
BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application’s source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.
Details
Category: Discovery
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/bfac:18fb0b5
Source URL: https://github.com/mazen160/bfac
Parameters
host
string
Command:
--host - HTTP host header valuelevel
string
Command:
-level - Choose levelproxy
string
Command:
--proxy - Proxy authentication credentials (name:password).cookie
string
Command:
--cookie - HTTP cookie header valuetimeout
string
Command:
--timeout - HTTP request timeout in seconds (default:5)url-list
file
requiredCommand:
--list - Check a list of URLsproxy-file
file
Command:
--proxy-file - Use a proxy list filesingle-url
string
requiredCommand:
-u - Check a single URLuser-agent
string
Command:
-ua - HTTP User-Agent header valuerequest-rate
string
Command:
--request-rate-throttling - Request rate throttling per second (default: 30)results-only
boolean
Command:
--no-text - Show the results onlyextra-headers
string
Command:
--headers - Extra headers (e.g. Accept-Language: fr
ETag: 123)dvcs-tests-only
boolean
Command:
--dvcs-test - Limit the test to exposed DVCS testsuser-agent-file
file
Command:
--user-agents-file - Use a User-Agents fileexclude-status-code
string
Command:
-xsc - Specify status codes to exclude, separated by commasinvalid-content-length
string
Command:
--invalid-content-length - Manually specify the invalid Content-Length, instead of performing this check automatically.verification-technique
string
Command:
--technique - Technique to verify the availability of the file. (options: status_code, content_length, all) (default: all)invalid-content-length-offset
string
Command:
--invalid-content-length-offset - Manually specify the Content-Length offset for invalid pages (default: 50).