snallygaster
============
Finds file leaks and other security problems on HTTP servers.
what?
-----
snallygaster is a tool that looks for files accessible on web servers that shouldn't be
public and can pose a security risk.
Typical examples include publicly accessible git repositories, backup files potentially
containing passwords or database dumps. In addition, it contains a few checks for other
security vulnerabilities.
As an introduction to these kinds of issues you may want to watch this talk:
* [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4)
See the [TESTS.md](TESTS.md) file for an overview of all tests and links to further
information about the issues.
install
-------
snallygaster is available [via pypi](https://pypi.org/project/snallygaster/):
```
pip3 install snallygaster
```
It's a simple python 3 script, so you can just download the file "snallygaster" and
execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In Debian- or
Ubuntu-based distributions you can install them via:
```
apt install python3-dnspython python3-urllib3 python3-bs4
```
distribution packages
---------------------
Some Linux and BSD systems have snallygaster packaged:
* [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster)
* [NetBSD](https://pkgsrc.se/security/snallygaster)
* [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/)
* [openSUSE](https://software.opensuse.org/package/snallygaster)
faq
---
Q: I want to contribute / send a patch / a pull request!
A: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file.
Q: What's that name?
A: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon
that according to some legends was seen in Maryland and other parts of the US. There's
no particular backstory why this tool got named this way, other than that I was looking
for a fun and interesting name.
I thought a name of some mythical creature would be nice, but most of those had the
problem that I would have had name collisions with other software. Checking the list of
dragons on Wikipedia I learned about the Snallygaster. The name sounded funny, the idea
that there are dragon legends in the US interesting and I found no other piece of
software with that name.
credit and thanks
-----------------
* Thanks to Tim Philipp Schäfers and Sebastian Neef from the [Internetwache](
https://www.internetwache.org/) for plenty of ideas about things to look for.
* Thanks to [Craig Young](https://secur3.us/) for many discussions during the
development of this script.
* Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python
programming during the development.
* Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of things
about Python packaging.
* Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom
track at 34C3 for letting me present this work.
author
------
snallygaster is developed and maintained by [Hanno Böck](https://hboeck.de/).
Raw data
{
"_id": null,
"home_page": "https://github.com/hannob/snallygaster",
"name": "snallygaster",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "security, vulnerability, http",
"author": "Hanno B\u00f6ck",
"author_email": "hanno@hboeck.de",
"download_url": "https://files.pythonhosted.org/packages/74/83/7356cd947778e20c3f8e5fe21e4f6ebc142c870b59332375e1c4472a4e26/snallygaster-0.0.13.tar.gz",
"platform": null,
"description": "snallygaster\n============\n\nFinds file leaks and other security problems on HTTP servers.\n\nwhat?\n-----\n\nsnallygaster is a tool that looks for files accessible on web servers that shouldn't be\npublic and can pose a security risk.\n\nTypical examples include publicly accessible git repositories, backup files potentially\ncontaining passwords or database dumps. In addition, it contains a few checks for other\nsecurity vulnerabilities.\n\nAs an introduction to these kinds of issues you may want to watch this talk:\n* [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4)\n\nSee the [TESTS.md](TESTS.md) file for an overview of all tests and links to further\ninformation about the issues.\n\ninstall\n-------\n\nsnallygaster is available [via pypi](https://pypi.org/project/snallygaster/):\n\n```\npip3 install snallygaster\n```\n\nIt's a simple python 3 script, so you can just download the file \"snallygaster\" and\nexecute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In Debian- or\nUbuntu-based distributions you can install them via:\n\n```\napt install python3-dnspython python3-urllib3 python3-bs4\n```\n\ndistribution packages\n---------------------\n\nSome Linux and BSD systems have snallygaster packaged:\n\n* [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster)\n* [NetBSD](https://pkgsrc.se/security/snallygaster)\n* [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/)\n* [openSUSE](https://software.opensuse.org/package/snallygaster)\n\nfaq\n---\n\nQ: I want to contribute / send a patch / a pull request!\n\nA: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file.\n\nQ: What's that name?\n\nA: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon\nthat according to some legends was seen in Maryland and other parts of the US. There's\nno particular backstory why this tool got named this way, other than that I was looking\nfor a fun and interesting name.\n\nI thought a name of some mythical creature would be nice, but most of those had the\nproblem that I would have had name collisions with other software. Checking the list of\ndragons on Wikipedia I learned about the Snallygaster. The name sounded funny, the idea\nthat there are dragon legends in the US interesting and I found no other piece of\nsoftware with that name.\n\ncredit and thanks\n-----------------\n\n* Thanks to Tim Philipp Sch\u00e4fers and Sebastian Neef from the [Internetwache](\n https://www.internetwache.org/) for plenty of ideas about things to look for.\n* Thanks to [Craig Young](https://secur3.us/) for many discussions during the\n development of this script.\n* Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python\n programming during the development.\n* Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of things\n about Python packaging.\n* Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom\n track at 34C3 for letting me present this work.\n\nauthor\n------\n\nsnallygaster is developed and maintained by [Hanno B\u00f6ck](https://hboeck.de/).\n",
"bugtrack_url": null,
"license": "0BSD",
"summary": "Tool to scan for secret files on HTTP servers",
"version": "0.0.13",
"project_urls": {
"Homepage": "https://github.com/hannob/snallygaster"
},
"split_keywords": [
"security",
" vulnerability",
" http"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "47273ce9d0cb369b24161fa834f83432faddf6e58a8ba621ecd14e15b15f4801",
"md5": "b934a772346a348e57d8e42ce29cbc24",
"sha256": "570da326106b16c08605a137f4064f33b3d921e199ee1f8261d4cf6c6f702979"
},
"downloads": -1,
"filename": "snallygaster-0.0.13-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b934a772346a348e57d8e42ce29cbc24",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 12831,
"upload_time": "2024-10-19T09:58:57",
"upload_time_iso_8601": "2024-10-19T09:58:57.032486Z",
"url": "https://files.pythonhosted.org/packages/47/27/3ce9d0cb369b24161fa834f83432faddf6e58a8ba621ecd14e15b15f4801/snallygaster-0.0.13-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "74837356cd947778e20c3f8e5fe21e4f6ebc142c870b59332375e1c4472a4e26",
"md5": "fbc113adb3f110a7ec86c18d27970a50",
"sha256": "9bc1e817f8b44d8da6e1bd0bee49541673d11d216ceb4afd4faa936cf055c589"
},
"downloads": -1,
"filename": "snallygaster-0.0.13.tar.gz",
"has_sig": false,
"md5_digest": "fbc113adb3f110a7ec86c18d27970a50",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 23374,
"upload_time": "2024-10-19T09:58:58",
"upload_time_iso_8601": "2024-10-19T09:58:58.376471Z",
"url": "https://files.pythonhosted.org/packages/74/83/7356cd947778e20c3f8e5fe21e4f6ebc142c870b59332375e1c4472a4e26/snallygaster-0.0.13.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-19 09:58:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "hannob",
"github_project": "snallygaster",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "snallygaster"
}
JSON
