snallygaster
snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities.
Details
Category: Misconfiguration
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/snallygaster:0.0.11
Source URL: https://github.com/hannob/snallygaster
Parameters
info
boolean
Command:
--info - Enable all info tests (no bugs/security vulnerabilities).path
string
Command:
--path - Base path on server (scans root dir by default).debug
boolean
Command:
--debug - Show detailed debugging infohosts
string
requiredCommand:
noisy
boolean
Command:
--noisy - Show noisy messages that indicate boring bugs, but no security issue.nowww
boolean
Command:
--nowww - Skip scanning www.[host].tests
string
Command:
--tests - Comma-separated tests to run.nohttp
boolean
Command:
--nohttp - Don't scan http.nohttps
boolean
Command:
--nohttps - Don't scan https.useragent
string
Command:
--useragent - User agent to send in request header.