snallygaster
snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities.
Details
Category: Misconfiguration
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/snallygaster:0.0.11
Source URL: https://github.com/hannob/snallygaster
Parameters
info
boolean
Command:
--info
- Enable all info tests (no bugs/security vulnerabilities).path
string
Command:
--path
- Base path on server (scans root dir by default).debug
boolean
Command:
--debug
- Show detailed debugging infohosts
string
requiredCommand:
- Hostname to scan.noisy
boolean
Command:
--noisy
- Show noisy messages that indicate boring bugs, but no security issue.nowww
boolean
Command:
--nowww
- Skip scanning www.[host].tests
string
Command:
--tests
- Comma-separated tests to run.nohttp
boolean
Command:
--nohttp
- Don't scan http.nohttps
boolean
Command:
--nohttps
- Don't scan https.useragent
string
Command:
--useragent
- User agent to send in request header.