String enumeration tool for webpages.
This tool takes an output file from feroxbuster and searches for potentially sensitive strings in found files.
Files should be formatted as follows:
200 GET 6l 15w 230c http://192.168.110.10/Admin/web.config
Currently implemented strings:
# Sensitive strings
(r"(passw.*[=,:].+)", "Sensitive string"),
(r"(cred.*[=,:].+)", "Sensitive string"),
(r"(datab.*[=,:].+)", "Sensitive string"),
(r"(server.*[=,:].+)", "Sensitive string"),
(r"(DB_.*)", "Sensitive string"),
(r"(PRIVATE.*[ ].+)", "Sensitive string"),
#bcrypt
(r"(\$2[aby]\$[0-9]{2}\$[./A-Za-z0-9]{53}([./A-Za-z0-9]{31})?\b)", "bcrypt"),
# MD5
(r"(\b[a-fA-F0-9]{32}\b)", "MD5"),
# SHA-1
(r"(\b[a-fA-F0-9]{40}\b)", "SHA-1"),
#scrypt
(r"\$scrypt\$\b.+", "scrypt"),
# Email Addresses
(r"(\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b)", "Email")
python webstrings.py -f ferox.dmp -t 2 -i ".js"
Tested on Python 3.11
Be careful with the threads