snallygaster – Scan For Secret Files On HTTP Servers

The New Acunetix V12 Engine


snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn’t be public and can pose a security risk.

snallygaster - Scan For Secret Files On HTTP Servers


Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities.

snallygaster HTTP Secret File Scanner Features

This is an overview of the tests provided by snallygaster.

  • lfm_php – Checks for Lazy File Manager
  • idea – Config file for JetBrains
  • symphony_databases_yml – Symphony database config file
  • rails_database_yml – Ruby on Rails default config file
  • git_dir – Download the full Git repo
  • svn_dir – Download the full SVN repo
  • cvs_dir – Download the full CVS repo
  • apache_server_status – Apache server-status page
  • coredump – Memory dump file on Linux
  • sftp_config – Configuration file from sublime FTP client
  • wsftp_ini – Configuration file for WS_FTP
  • filezilla_xml – Configuration file for FileZilla
  • winscp_ini – Configuration file for WinSCP
  • ds_store – Apple OS X File Manager
  • backupfiles – Backup files and other leftovers from editors
  • deadjoe – JOE editor dump file
  • sql_dump – Checks for common names of SQL database dumps
  • bitcoin_wallet – Scans for Bitcoin wallet files
  • drupal_backup_migrate – Drupal migration backup
  • magento_config – Magento XML based config file
  • xaa – Output of the Linux split command
  • optionsbleed – Checks for Optionsbleed vuln
  • privatekey – Checks for private keys
  • sshkey – Looks for SSH private keys
  • dotenv – Looks for Laravel .env files
  • invalidsrc – Checks webpage source for all inaccessible references
  • ilias_defaultpw – Checks for the Ilias e-learning software default creds
  • cgiecho – Leaks files from cgiemail
  • phpunit_eval – Test for remote code execution
  • axfr – Checks for DNS AXFR zone transfer requests

You could probably achieve something similar with Burp Intruder or Patator and something like the quickhits list from SecLists.

You can download snallygaster here:

snallygaster-master.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


Comments are closed.