一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出漏洞利用
Project description
Dump all: 多种泄漏形式,一种利用方式
https://github.com/0xHJK/dumpall
⚠️ 警告:本工具仅用于授权测试,不得用于非法用途,否则后果自负!
⚠️ WARNING:FOR LEGAL PURPOSES ONLY!
🤘 Features
- 支持多种泄漏情况利用
- Dumpall使用方式简单
- 使用asyncio异步处理速度快
适用于以下场景:
-
.git源代码泄漏 -
.svn源代码泄漏 -
.DS_Store信息泄漏 - 目录列出信息泄漏
TODO:
- 支持更多利用方式
- 优化大文件下载
- 优化多任务调度
- 增强绕过功能
项目地址:https://github.com/0xHJK/dumpall
在macOS下的Python 3.7中测试通过,建议使用Python 3.7+
🚀 QuickStart
# pip安装
pip install dumpall
# 查看版本
dumpall --version
# 手动下载使用
git clone https://github.com/0xHJK/dumpall
cd dumpall
# 查看版本
python3 dumpall.py --version
💫 Usage
# 下载文件(源代码)
dumpall -u <url> [-o <outdir>]
# 示例
dumpall -u http://example.com/.git/
dumpall -u http://example.com/.svn/
dumpall -u http://example.com/.DS_Store
dumpall -u http://example.com/
帮助
$ dumpall --help
Usage: dumpall [OPTIONS]
信息泄漏利用工具,适用于.git/.svn/.DS_Store,以及index页面
Example: dumpall -u http://example.com/.git
Options:
--version Show the version and exit.
-u, --url TEXT 指定目标URL,支持.git/.svn/.DS_Store,以及类index页面
-o, --outdir TEXT 指定下载目录,默认目录名为主机名
-f, --force 强制下载(可能会有蜜罐风险)
--help Show this message and exit.
.git源代码泄漏利用
.svn源代码泄漏利用
.DS_Store信息泄漏利用
📜 History
- 2022-03-01 v0.3.2
- 修复URL编码问题
- 2021-08-09 v0.3.1
- 修复任意位置存储漏洞、增加蜜罐警告
- 2020-05-22 v0.3.0
- 完成目录列出信息泄漏利用功能
- 2019-10-27 v0.2.0
- 优化下载方法
- 完成
.DS_Store信息泄漏利用功能
- 2019-10-24 v0.1.0
- 项目架构优化
- 完成
.svn源代码泄漏利用功能
- 2019-10-23
- 完成
.git源代码泄漏利用功能
- 完成
- 2019-10-19 项目启动
🤝 Credit
本项目参考或使用了以下项目,在此感谢相关开发者
- https://github.com/lijiejie/GitHack
- https://github.com/admintony/svnExploit
- https://github.com/sbp/gin
- https://github.com/gehaxelt/Python-dsstore
- https://github.com/aio-libs/aiohttp
- https://github.com/jreese/aiomultiprocess
- https://github.com/pallets/click
📄 License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dumpall-0.3.2.tar.gz.
File metadata
- Download URL: dumpall-0.3.2.tar.gz
- Upload date:
- Size: 16.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.0 importlib-metadata/4.11.2 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3afd6c99239a1052137f76be4a13bc9c8f415712369be7ab7b70e7008d7fd222
|
|
| MD5 |
8e32ebc1645769ed8d469035a8d4ad5c
|
|
| BLAKE2b-256 |
1974ca3661fe06883fcc0c15ebf66912ab0572dafda7e8fe8e0ac634d2419c87
|
File details
Details for the file dumpall-0.3.2-py3-none-any.whl.
File metadata
- Download URL: dumpall-0.3.2-py3-none-any.whl
- Upload date:
- Size: 19.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.0 importlib-metadata/4.11.2 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c4b288c7ebd2f4d773db94d54d6665f6ada6c044cba3120a87bc06936c097fd4
|
|
| MD5 |
994c4aef005ffc440d3b86beb0e51aeb
|
|
| BLAKE2b-256 |
5e718764c4f6b07f9883c8412ba467ee303f0ecf2f21db4df1c38964f25d660a
|
