mazen160 / bfac Goto Github PK
View Code? Open in Web Editor NEWBFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
License: GNU General Public License v3.0
BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
License: GNU General Public License v3.0
Hey !
It would be great to have a bfac pypi release to install it via pip.
Is it something you have considered ?
I can take care of the PR if you want btw
while installing i see this reason, and i don't get the reason, can you figure it out why it's happening.
root@vps:~/bfac# sudo python setup.py install
running install
running bdist_egg
running egg_info
creating bfac.egg-info
writing requirements to bfac.egg-info/requires.txt
writing bfac.egg-info/PKG-INFO
writing top-level names to bfac.egg-info/top_level.txt
writing dependency_links to bfac.egg-info/dependency_links.txt
writing manifest file 'bfac.egg-info/SOURCES.txt'
reading manifest file 'bfac.egg-info/SOURCES.txt'
writing manifest file 'bfac.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
warning: install_lib: 'build/lib.linux-x86_64-2.7' does not exist -- no Python modules to install
creating build
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/EGG-INFO
installing scripts to build/bdist.linux-x86_64/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
creating build/scripts-2.7
copying and adjusting bfac -> build/scripts-2.7
changing mode of build/scripts-2.7/bfac from 644 to 755
creating build/bdist.linux-x86_64/egg/EGG-INFO/scripts
copying build/scripts-2.7/bfac -> build/bdist.linux-x86_64/egg/EGG-INFO/scripts
changing mode of build/bdist.linux-x86_64/egg/EGG-INFO/scripts/bfac to 755
copying bfac.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying bfac.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/bfac-1.3-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing bfac-1.3-py2.7.egg
Copying bfac-1.3-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding bfac 1.3 to easy-install.pth file
Installing bfac script to /usr/local/bin
Installed /usr/local/lib/python2.7/dist-packages/bfac-1.3-py2.7.egg
Processing dependencies for bfac==1.3
Traceback (most recent call last):
File "setup.py", line 30, in <module>
license='GPL-3.0'
File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
dist.run_commands()
File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File "/usr/lib/python2.7/dist-packages/setuptools/command/install.py", line 67, in run
self.do_egg_install()
File "/usr/lib/python2.7/dist-packages/setuptools/command/install.py", line 117, in do_egg_install
cmd.run()
File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 393, in run
self.easy_install(spec, not self.no_deps)
File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 617, in easy_install
return self.install_item(None, spec, tmpdir, deps, True)
File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 668, in install_item
self.process_distribution(spec, dist, deps)
File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 716, in process_distribution
[requirement], self.local_index, self.easy_install
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 645, in resolve
requirements.extend(dist.requires(req.extras)[::-1])
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2409, in requires
"%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: requests 2.4.3 has no such extra feature 'socks'
Hi @mazen160 , thanks for the tool!
I have created a docker image to use it:
https://github.com/giper45/bfac-docker-image
If you want, you could add it to documentation or move Dockerfile in your project.
Regards.
With SRI deployed, remote resources can be used safely, without fear of them being modified by malicious parties. BFAC's website contains remote resources that are under the control of third parties.
This is how it can be implemented:
<script src="file.js" integrity="sha384-hash" crossorigin="anonymous"></script>
<link href="file.css" rel="stylesheet" integrity="sha384-hash" crossorigin="anonymous">
Here are two ways one can generate SRI hashes manually:
Using https://www.srihash.org/.
Using OpenSSL: openssl dgst -sha384 -binary FILENAME | openssl base64 -A
First off thanks for putting the work into this tool. I'm unfortunately running into an issue where it stops working completely. I'm running on MacOS and am proxying through Burp to deal with a somewhat complicated authentication mechanism, so unproxied isn't really an option.
I've relaunched it several times from both a container and in a venv, but the behaviour remains the same. I haven't been able to find anything special about the requests it gets stuck on either, aside from the fact that it is always the 11th URL.
I'll do a bit more poking around to see whether I can find out what's going on but wanted to open an issue in case you'd run into this before.
Hi Mazen,
I checked out your tool on github , it look good for what i actually wanted, but the problem now is i can't get it working on windows PC actually , i have attached the error i encounter on windows. Kindly give the command to run the tool on window , i have already gotten the requirements install properly , still can not get the tool working.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.