Uberfind
Uberfind is a search tool for finding hardcoded usernames/passwords, encryption keys and other sensitive information inside multiple files within a given path. It can parse all files recursively, or search based on file extensions. The output text file contains file names, line numbers and a specified number of characters before and after all instances of the searched keywords. Added support for accepting comma separated keywords and file extensions as arguments. The parsing is via case-insensitive regex, which allows for catching variations of the keywords.
Arguments
$ python uberfind.py -h
usage: uberfind.py [-h] [-v] [-p PATH] [-k KEYWORDS] [-e EXTENSIONS]
[-r RESULTS] [-n CHARS] [-a]
optional arguments:
-h, --help show this help message and exit
-v, --verbose Enable verbosity
-p PATH Specify path to search in
-k KEYWORDS Specify keywords to search for
-e EXTENSIONS Specify file types to search in
-r RESULTS Specify results output file, default 'results.txt'
-n CHARS Number of characters to return before and after a keyword
-a Search ALL files, no filter
Usage Examples
Default settings: Search recursively in the current folder for keywords 'username' and 'password'. Look inside .dll, .xml, .db, .conf, .ini, .txt, .dat, .vbs, .bat, .yml files, then return 25 characters before/after each instance of the keyword from any line that contains it with the line number and the name of the file. Results go in 'results.txt' inside the current folder.
$ python uberfind.py
Search inside .dll files in c:\Windows folder for keyword 'password' verbosely:
$ python uberfind.py -p c:\Windows -e dll -k password -v
Sample Output
Search inside .yml, .db and .conf files for the keywords 'user' and 'password' in the given path /usr/local/share/metasploit-framework/
$ python uberfind.py -p /usr/local/share/metasploit-framework/ -k password,user -e yml,db,conf -v
$$\ $$\ $$\ $$$$$$$$\ $$\ $$\
$$ | $$ |$$ | $$ _____|\__| $$ |
$$ | $$ |$$$$$$$\ $$$$$$\ $$$$$$\ $$ | $$\ $$$$$$$\ $$$$$$$ |
$$ | $$ |$$ __$$\ $$ __$$\ $$ __$$\ $$$$$\ $$ |$$ __$$\ $$ __$$ |
$$ | $$ |$$ | $$ |$$$$$$$$ |$$ | \__|$$ __| $$ |$$ | $$ |$$ / $$ |
$$ | $$ |$$ | $$ |$$ ____|$$ | $$ | $$ |$$ | $$ |$$ | $$ |
\$$$$$$ |$$$$$$$ |\$$$$$$$\ $$ | $$ | $$ |$$ | $$ |\$$$$$$$ |
\______/ \_______/ \_______|\__| \__| \__|\__| \__| \_______|
Search path: /usr/local/share/metasploit-framework/
Keywords: password, user
File extensions: yml, db, conf
Return 25 characters before and after a keyword.
/usr/local/share/metasploit-framework/config/database.yml
/usr/local/share/metasploit-framework/data/john/confs/john.conf
/usr/local/share/metasploit-framework/data/lab/test_lab.yml
/usr/local/share/metasploit-framework/data/lab/test_targets.yml
Searched through 12 files.
Found keyword in 4 files.
For more details, check the results file: /Users/Temp/uberfind/results.txt
results.txt
=== FILE ===> /usr/local/share/metasploit-framework/config/database.yml
--> Found "user": Line 4
username: msf4
--> Found "password": Line 5
password: msf4