Skip to content

begininvoke/SensitiveFileFuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.idea
.idea
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SensitiveList.json
SensitiveList.json
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Sensitive File Finder for Websites

A security tool for discovering sensitive files on websites. Scans for multiple categories of sensitive files with customizable output formats.

Features

  • 🔍 Multiple scan categories:
    • Shell/backdoor files
    • Environment files
    • Git repository files
    • Other sensitive files
  • 📊 Flexible output formats (JSON, CSV)
  • 📁 Output file support
  • 🎯 Category-based result tracking

Installation

git clone https://github.com/begininvoke/SensitiveFileFuzzer.git
cd SensitiveFileFuzzer
go build

Usage

Basic scan:

./SensitiveFileFuzzer -url https://example.com --shell

Comprehensive scan with JSON output:

./SensitiveFileFuzzer -url https://example.com --all -f json -o ./results

Options

Usage of ./SensitiveFileFuzzer:
  -url string
        Target URL (e.g., https://example.com)
  -all
        Try all file lists
  -env
        Try environment file lists
  -git
        Try git-related file lists
  -sens
        Try sensitive file lists
  -shell
        Try shell/backdoor file lists
  -f string
        Output format: json or csv
  -o string
        Output directory path
  -v    
        Show only successful results
  -config string
        Custom config JSON file path

Output Formats

JSON Output

{
  "total_count": 4,
  "categories": {
    "Git": [
      "https://example.com/.git/config",
      "https://example.com/.gitignore"
    ],
    "Environment": [
      "https://example.com/.env",
      "https://example.com/.env.local"
    ]
  },
  "summary": {
    "Git": 2,
    "Environment": 2
  }
}

CSV Output

Category,URL
Git,https://example.com/.git/config
Git,https://example.com/.gitignore
Environment,https://example.com/.env
Environment,https://example.com/.env.local

Console Output

🎯 Found 4 sensitive files:

📁 Git (2 files):
  └─ https://example.com/.git/config
  └─ https://example.com/.gitignore

📁 Environment (2 files):
  └─ https://example.com/.env
  └─ https://example.com/.env.local

Configuration

Customize detection rules using a JSON configuration file:

{
  "path": "/test.txt",
  "content": "#application/json#text/html",
  "length": "*"
}

Content-Type Rules

  • "*": Accept any Content-Type
  • "#application/json#text/html": Exclude specific Content-Types
  • "application/json": Match exact Content-Type

Content-Length Rules

  • "length": "10": Match responses with Content-Length >= 10
  • "length": "*": Accept any Content-Length

Contributing

Pull requests are welcome. For major changes, please open an issue first.

License

MIT

About

A tool for fuzzing files on the website

Topics

fuzzing pentesting vulnerability-scanners shellfinder sensitive webscanner webfuzzer urlfinder penetration-testing-tools gitfile

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages