Vulnerability Scanning
Created bymhmdiaa-trickest
Last updated8/12/2024

Input Parameters

urls
file
required
List of URLs
header
string
Header(s) to include in HTTP requests
rate-limit
string
Maximum number of requests to send per second per machine
header-file
file
Header(s) to include in HTTP requests

Outputs

findings

Scan for Sensitive Files

Description

Scan for exposed files that may leak sensitive information, including logs, configuration files, and development artifacts.

Features

  • Scans for a wide range of sensitive files.
  • Validates the content to minimize false positives.
  • Can scan thousands of web servers simulataneously.

Inputs

Required

  • urls: a list of URLs
https://foo.example.com
https://bar.example.com
https://bar.example.com/app

Optional

  • header: Header(s) to include in HTTP requests
  • header-file: File with header(s) to include in HTTP requests
  • rate-limit: Maximum number of requests to send per second per machine (default: 300)

Outputs

  • findings: JSONLines records of finding details.
{"finding": "Git Configuration", "location": "https://foo.example.com/.git/config", "severity": "medium", "hostname": "foo.example.com", "domain_name": "example.com", "ip_address": "1.2.3.4", "method": "GET", "description": "Git configuration was detected via the pattern /.git/config and log file on passed URLs"}
{"finding": "AWS Credentials", "location": "https://bar.example.com/app/.aws/credentials", "severity": "high", "hostname": "bar.example.com", "domain_name": "example.com", "ip_address": "5.6.7.8", "method": "GET", "description": "AWS credentials found via /.aws/credentials endpoint"}

Changelog

  • v1.0.0
    • Initial release
  • v1.1.0
    • Added header-file input
  • v1.2.0
    • Added recursive scanning to detect vulnerabilities at every level of the input URL paths
  • v1.2.1
    • Included the HTTP request that triggered each finding in the request field of the findings output