BFAC: Backup File Artifacts Checker
BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web application’s source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.
The goal of BFAC is to be an all-in-one tool for backup-file artifacts black-box testing.
Features
- Multithreaded scanning.
- Includes request rate throttling.
- HTTP proxy support.
- Uses multiple algorithms for automatically detecting valid and invalid pages.
- HTTP proxy support
- User-agent randomization.
- Batch processing.
- Works both as a command-line tool and Python module.
- Support for Windows, MacOS, and Linux operating systems.
- Reporting: simple, verbose, CSV, JSON.
Download
Usage
| Description | Command |
|---|---|
| Help | bfac --help |
| Check a single URL. | bfac --url http://example.com/test.php |
| Check a list of URLs. | bfac --list testing_list.txt |
| Single URL with a different level (level 2 for example). | bfac --url http://example.com/test.php --level 2 |
| Single URL and show the results only. | bfac --no-text --url http://example.com/test.php |
| Limit the test to exposed DVCS tests. | bfac --dvcs-test --url http://example.com/ |
| Verify existence of files using Content-Length checks only. | bfac --detection-technique content_length http://example.com/test.php |
| Verify existence of files using Status-Code checks only. | bfac --detection-technique status_code http://example.com/test.php |
| Exclude results with specific status-codes. | bfac --exclude-status-codes 301,999 http://example.com/test.php |
Source: https://github.com/mazen160/
