Scan for Exposed Backups
Scan for exposed backup files that may leak sensitive information
Vulnerability Scanning
Created by
mhmdiaa-trickest
Last updated
8/12/2024
Scan for Exposed Backups
Description
Scan for exposed backup files that may leak sensitive information, including source code, database backups, and application logs.
Features
- Generates custom wordlists dynamically based on the hostname.
- Runs heuristic analysis on brute force results to minimize false positives.
- Can scan thousands of web servers simultaneously.
Inputs
Required
- urls: a list of URLs
Optional
- header: Header(s) to include in HTTP requests
- header-file: File with header(s) to include in HTTP requests
- rate-limit: Maximum number of requests to send per second per machine (default: 300)
Outputs
- findings: JSONLines records of finding details.
Changelog
- v1.0.0
- Initial release
- v1.0.1
- Fixed a bug that caused false positives where some
text/plain
responses were incorrectly identified as exposed backups.
- Fixed a bug that caused false positives where some
- v1.1.0
- Added
header-file
input
- Added
- v1.2.0
- Added recursive scanning to detect vulnerabilities at every level of the input URL paths