mazen160 / bfac Goto Github PK

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

License: GNU General Public License v3.0

Python 99.79% Dockerfile 0.21%

bfac's People

Contributors

Stargazers

Watchers

Forkers

grayhats samyoyo songofhack deepbugs alessiodallapiazza hmsh00d 5up3rc arbazkiraak johnjohnsp1 wflk random-robbie harmeet-1337 geonaute security-prince rajivraj ladyleet1337 c0dak mgcfish a0xnirudh clicknull p0wner cehfida mandeeps13k kuteminh11 hax0rg1rl av1080p witchfindertr expertasif tungpun jaikishantulswani qqgirllianxin sireof ykankaya pich4ya anshumanbh cmscardoso aeroglyphic hae mmg1 natrix-fork semimitoz flyingninja dorkwiz i0nay solomonsklash seabreg dr-aryone crim3hound xh4h marciopocebon modulexcite chanpu9 pentest-tools abdilahrf 5l1v3r1 fdlucifer n0b1t4 git-pub-ke polling-repo-continua superdeen giper45 harishvenkatram hmidani-abdelilah jeffrywu28 slooppe rande90 11developer hartl3y94 h121h noobsdt dannymas trickest-community metacatledger 3m1za4 jakre777 zeecka geisterfurz007 tung090120 johnstrong1 enzofreitas darkoneiroi cryptkeeperzz 0xgodson kopfjager007 imdavidpaul affilares bugbountydude tommalvoriddle securitystuffbackup incredibleindishell nanaao ruevaughn thezakman tuanbao250502 jrandomsage trusted-worker adrenaline6 4a0o harrytutor iq-scm

bfac's Issues

Pypi release for bfac ?

Hey !

It would be great to have a bfac pypi release to install it via pip.
Is it something you have considered ?

I can take care of the PR if you want btw

Installing error

while installing i see this reason, and i don't get the reason, can you figure it out why it's happening.

root@vps:~/bfac# sudo python setup.py install
running install
running bdist_egg
running egg_info
creating bfac.egg-info
writing requirements to bfac.egg-info/requires.txt
writing bfac.egg-info/PKG-INFO
writing top-level names to bfac.egg-info/top_level.txt
writing dependency_links to bfac.egg-info/dependency_links.txt
writing manifest file 'bfac.egg-info/SOURCES.txt'
reading manifest file 'bfac.egg-info/SOURCES.txt'
writing manifest file 'bfac.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
warning: install_lib: 'build/lib.linux-x86_64-2.7' does not exist -- no Python modules to install

creating build
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/EGG-INFO
installing scripts to build/bdist.linux-x86_64/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
creating build/scripts-2.7
copying and adjusting bfac -> build/scripts-2.7
changing mode of build/scripts-2.7/bfac from 644 to 755
creating build/bdist.linux-x86_64/egg/EGG-INFO/scripts
copying build/scripts-2.7/bfac -> build/bdist.linux-x86_64/egg/EGG-INFO/scripts
changing mode of build/bdist.linux-x86_64/egg/EGG-INFO/scripts/bfac to 755
copying bfac.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/bfac-1.3-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing bfac-1.3-py2.7.egg
Copying bfac-1.3-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding bfac 1.3 to easy-install.pth file
Installing bfac script to /usr/local/bin

Installed /usr/local/lib/python2.7/dist-packages/bfac-1.3-py2.7.egg
Processing dependencies for bfac==1.3
Traceback (most recent call last):
  File "setup.py", line 30, in <module>
    license='GPL-3.0'
  File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
    dist.run_commands()
  File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "/usr/lib/python2.7/dist-packages/setuptools/command/install.py", line 67, in run
    self.do_egg_install()
  File "/usr/lib/python2.7/dist-packages/setuptools/command/install.py", line 117, in do_egg_install
    cmd.run()
  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 393, in run
    self.easy_install(spec, not self.no_deps)
  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 617, in easy_install
    return self.install_item(None, spec, tmpdir, deps, True)
  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 668, in install_item
    self.process_distribution(spec, dist, deps)
  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 716, in process_distribution
    [requirement], self.local_index, self.easy_install
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 645, in resolve
    requirements.extend(dist.requires(req.extras)[::-1])
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2409, in requires
    "%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: requests 2.4.3 has no such extra feature 'socks'

Hi @mazen160 , thanks for the tool!
I have created a docker image to use it:
https://github.com/giper45/bfac-docker-image
If you want, you could add it to documentation or move Dockerfile in your project.
Regards.

Deploy Subresource Integrity

With SRI deployed, remote resources can be used safely, without fear of them being modified by malicious parties. BFAC's website contains remote resources that are under the control of third parties.

This is how it can be implemented:

<script src="file.js" integrity="sha384-hash" crossorigin="anonymous"></script>
<link href="file.css" rel="stylesheet" integrity="sha384-hash" crossorigin="anonymous">

Here are two ways one can generate SRI hashes manually:

Using https://www.srihash.org/.
Using OpenSSL: openssl dgst -sha384 -binary FILENAME | openssl base64 -A

bfac hang

First off thanks for putting the work into this tool. I'm unfortunately running into an issue where it stops working completely. I'm running on MacOS and am proxying through Burp to deal with a somewhat complicated authentication mechanism, so unproxied isn't really an option.

I've relaunched it several times from both a container and in a venv, but the behaviour remains the same. I haven't been able to find anything special about the requests it gets stuck on either, aside from the fact that it is always the 11th URL.

I'll do a bit more poking around to see whether I can find out what's going on but wanted to open an issue in case you'd run into this before.

issue while running your tool on windows

Hi Mazen,

I checked out your tool on github , it look good for what i actually wanted, but the problem now is i can't get it working on windows PC actually , i have attached the error i encounter on windows. Kindly give the command to run the tool on window , i have already gotten the requirements install properly , still can not get the tool working.

Warm Regards
Dere Sewa

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.