octograb - by evait security GmbH
This tool allows you to match the HTTP responses from an input list and a given path against a specific string.
Use Case: bug bounty low hanging fruits
You have a list of domains, subdomains or IP addresses (domains.txt
) with 200 entries.
Now you want to check if any of the target domains contains an open git repo on the web-root file system,
e.g. www.example.com/.git/
. The following command will do the task for all entries in domains.txt
:
octograb -f domains.txt -p '/.git/HEAD' -c 'ref:'
The -c
parameter contains a string that will matched against the HTTP response.
The corresponding HTTP request is a combination of any entry in the domains.txt
and the optional -p
parameter (path).
If the given string from the -c
parameter matches against an HTTP response you will get an output like this:
[+] Content match: www.example.com/.git/HEAD
All requests will be threaded by default (50 threads). You can adjust this behavior with the -t
parameter.
Installation
Installing from source (make sure your gem path / env is set properly for this):
gem build octograb.gemspec
gem install ./octograb-1.0.0.gem
Alternatively, you can run it directly from source:
bundle config --local path 'vendor/bundle'
bundle install
bundle exec octograb
Current ToDo
- output file parameter
- input match file (URL:MATCH) to define multiple URLs to check
- add
--data
option for post commands - add
--header
in order to add custom headers
FAQ
Why is it written in ruby?
- why not?!
Why not using Go lang?
- Maybe we will migrate to go later. PR welcome!
Why so salty on github issue discussion?
- This is a community project. We are a full time pentesting company and will not go into / care about every open issue that doesn't match our template or guidelines. If you get a rough answer or picture e.g. from a fully underwhelmed cat, you probably deserved it.