Skip to content

begininvoke/SensitiveFileFuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.idea
.idea
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SensitiveList.json
SensitiveList.json
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Sensitive File Finder for Websites

A security tool for discovering sensitive files on websites. Scans for multiple categories of sensitive files with customizable output formats.

Features

  • 🔍 Multiple scan categories:
    • Shell/backdoor files
    • Environment files
    • Git repository files
    • Other sensitive files
  • 📊 Flexible output formats (JSON, CSV)
  • 📁 Output file support
  • 🎯 Category-based result tracking

Installation

git clone https://github.com/begininvoke/SensitiveFileFuzzer.git cd SensitiveFileFuzzer go build

Usage

Basic scan:

./SensitiveFileFuzzer -url https://example.com --shell

Comprehensive scan with JSON output:

./SensitiveFileFuzzer -url https://example.com --all -f json -o ./results

Options

Usage of ./SensitiveFileFuzzer: -url string Target URL (e.g., https://example.com) -all Try all file lists -env Try environment file lists -git Try git-related file lists -sens Try sensitive file lists -shell Try shell/backdoor file lists -f string Output format: json or csv -o string Output directory path -v Show only successful results -config string Custom config JSON file path

Output Formats

JSON Output

{ "total_count": 4, "categories": { "Git": [ "https://example.com/.git/config", "https://example.com/.gitignore" ], "Environment": [ "https://example.com/.env", "https://example.com/.env.local" ] }, "summary": { "Git": 2, "Environment": 2 } }

CSV Output

Category,URL Git,https://example.com/.git/config Git,https://example.com/.gitignore Environment,https://example.com/.env Environment,https://example.com/.env.local

Console Output

🎯 Found 4 sensitive files: 📁 Git (2 files): └─ https://example.com/.git/config └─ https://example.com/.gitignore 📁 Environment (2 files): └─ https://example.com/.env └─ https://example.com/.env.local

Configuration

Customize detection rules using a JSON configuration file:

{ "path": "/test.txt", "content": "#application/json#text/html", "length": "*" }

Content-Type Rules

  • "*": Accept any Content-Type
  • "#application/json#text/html": Exclude specific Content-Types
  • "application/json": Match exact Content-Type

Content-Length Rules

  • "length": "10": Match responses with Content-Length >= 10
  • "length": "*": Accept any Content-Length

Contributing

Pull requests are welcome. For major changes, please open an issue first.

License

MIT

About

A tool for fuzzing files on the website

Topics

fuzzing pentesting vulnerability-scanners shellfinder sensitive webscanner webfuzzer urlfinder penetration-testing-tools gitfile

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages