Tool to scan for secret files on HTTP servers
Project description
snallygaster
Finds file leaks and other security problems on HTTP servers.
what?
snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.
Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities.
As an introduction to these kinds of issues you may want to watch this talk:
See the TESTS.md file for an overview of all tests and links to further information about the issues.
install
snallygaster is available via pypi:
pip3 install snallygaster
It's a simple python 3 script, so you can just download the file "snallygaster" and execute it. Dependencies are urllib3, lxml and dnspython. In Debian- or Ubuntu-based distributions you can install them via:
apt install python3-dnspython python3-lxml python3-urllib3
distribution packages
Some Linux and BSD systems have snallygaster packaged:
More at Repology.
faq
Q: I want to contribute / send a patch / a pull request!
A: That's great, but please read the CONTRIBUTIONS.md file.
Q: What's that name?
A: Snallygaster is the name of a dragon that according to some legends was seen in Maryland and other parts of the US. There's no particular backstory why this tool got named this way, other than that I was looking for a fun and interesting name.
I thought a name of some mythical creature would be nice, but most of those had the problem that I would have had name collisions with other software. Checking the list of dragons on Wikipedia I learned about the Snallygaster. The name sounded funny, the idea that there are dragon legends in the US interesting and I found no other piece of software with that name.
credit and thanks
- Thanks to Tim Philipp Schäfers and Sebastian Neef from the Internetwache for plenty of ideas about things to look for.
- Thanks to Craig Young for many discussions during the development of this script.
- Thanks to Sebastian Pipping for some help with Python programming during the development.
- Thanks to Benjamin Balder Bach for teaching me lots of things about Python packaging.
- Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom track at 34C3 for letting me present this work.
author
snallygaster is developed and maintained by Hanno Böck.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file snallygaster-0.0.15.tar.gz.
File metadata
- Download URL: snallygaster-0.0.15.tar.gz
- Upload date:
- Size: 23.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a870d1ca8164b2948fc2e24aac03fb11121dfa230928cd42470691ede37559c
|
|
| MD5 |
8155cac53b456d0413f8879e9c0d695a
|
|
| BLAKE2b-256 |
95659b48b5a1e37e8bbaa2fecb4ae291c7347850466344b90e054c46f6331497
|
File details
Details for the file snallygaster-0.0.15-py3-none-any.whl.
File metadata
- Download URL: snallygaster-0.0.15-py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
78350bc0ebf38ff02a7154c1d8b36967d7a9559d806e3099b66a7a0671f497ac
|
|
| MD5 |
4e09ea39deb30f8e34eb400b68546f74
|
|
| BLAKE2b-256 |
22fca080a9cfece6714cee6f25e0c6b4aaaf0baa64bd67793e6ed4e62bcfda17
|
