Easywins
Easywins is a simple security tool that can probe a web server for common paths that can be used for gathering information or for gaining a foothold on the system.
The list of paths is taken from @mubix's crowd-sourced list of common easy win paths: https://github.com/pwnwiki/webappurls
Installation
$ gem install easywins
Usage
Usage: easywins [options] base_url
Probe a web server for common files and endpoints that are useful for gathering information or gaining a foothold.
v0.2.1
Options:
-h, --help Show command line help
-g, --get Use GET requests instead of HEAD (slower but stealthier)
-s, --sleep Sleep between 0 and 10 seconds before each request
-x, --spoof Spoof X-Forwarded-For header with random IP addresses
-u, --update Update list of paths from GitHub
--timeout SECONDS Request timeout in seconds
(default: 2.5)
-r, --retries RETRIES Number of retries on failed requests
(default: 3)
-t, --threads THREADS Number of threads to use
(default: 3)
--no-verify Don't do SSL verification
--no-redirect-check Don't check if server redirects
--no-404-check Don't check if server responds with 404
--no-color Don't colorize output
--version Show help/version info
Example:
$ easywins --sleep --spoof --threads 5 http://somewebsite.com
Contributing
- Fork it ( https://github.com/michenriksen/easywins/fork )
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create a new Pull Request