{"id":26555185,"url":"https://github.com/copyleftdev/fatt","last_synced_at":"2025-09-01T12:06:14.003Z","repository":{"id":283792214,"uuid":"952917894","full_name":"copyleftdev/fatt","owner":"copyleftdev","description":"A high-performance, modular, asynchronous, and distributed security scanning CLI tool designed to rapidly identify sensitive or exposed files and directories across millions of domains.","archived":false,"fork":false,"pushed_at":"2025-03-22T22:42:37.000Z","size":50803,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-01T11:48:52.265Z","etag":null,"topics":["redteam-tools","redteaming","rust","security-audit","security-tools"],"latest_commit_sha":null,"homepage":"https://fatt-cli.vercel.app/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/copyleftdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-22T06:26:00.000Z","updated_at":"2025-05-21T03:23:13.000Z","dependencies_parsed_at":"2025-03-22T08:31:24.460Z","dependency_job_id":null,"html_url":"https://github.com/copyleftdev/fatt","commit_stats":null,"previous_names":["copyleftdev/fatt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/copyleftdev/fatt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/copyleftdev%2Ffatt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/copyleftdev%2Ffatt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/copyleftdev%2Ffatt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/copyleftdev%2Ffatt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/copyleftdev","download_url":"https://codeload.github.com/copyleftdev/fatt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/copyleftdev%2Ffatt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273121917,"owners_count":25049530,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-01T02:00:09.058Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["redteam-tools","redteaming","rust","security-audit","security-tools"],"created_at":"2025-03-22T10:25:18.494Z","updated_at":"2025-09-01T12:06:13.989Z","avatar_url":"https://github.com/copyleftdev.png","language":"Rust","readme":"![FATT Security Scanner](fatt.png)\n\n# FATT (Find All The Things)\n\n[![Rust Tests](https://github.com/copyleftdev/fatt/actions/workflows/test.yml/badge.svg)](https://github.com/copyleftdev/fatt/actions/workflows/test.yml)\n[![License: HFPL](https://img.shields.io/badge/License-HFPL-blue.svg)](LICENSE)\n[![Rust Version](https://img.shields.io/badge/rust-1.70%2B-orange.svg)](https://www.rust-lang.org/)\n[![GitHub issues](https://img.shields.io/github/issues/copyleftdev/fatt)](https://github.com/copyleftdev/fatt/issues)\n[![GitHub stars](https://img.shields.io/github/stars/copyleftdev/fatt)](https://github.com/copyleftdev/fatt/stargazers)\n\nA high-performance, modular, asynchronous, and distributed security scanning CLI tool designed to rapidly identify sensitive or exposed files and directories across millions of domains.\n\n## Features\n\n- 🚀 **High Performance**: Built in Rust for maximum speed and efficiency\n- 🔄 **Asynchronous**: Leverages Tokio for concurrent scanning operations\n- 🌐 **Distributed**: Scales horizontally across multiple worker nodes\n- 🧩 **Modular**: Easily extend with custom scanning rules via YAML configuration\n- 💾 **Persistent DNS Cache**: Dramatically improves scanning speed for repeat operations\n- 📊 **Comprehensive Reporting**: SQLite storage for efficient result management\n\n## Installation\n\n```bash\ncargo install fatt\n```\n\nOr build from source:\n\n```bash\ngit clone https://github.com/copyleftdev/fatt.git\ncd fatt\ncargo build --release\n```\n\n## Releases\n\nFATT is available as pre-built binaries for Windows, macOS (Intel and Apple Silicon), and Linux. These binaries are automatically generated through our CI/CD pipeline whenever a new release is tagged.\n\n### Download Pre-built Binaries\n\nVisit the [Releases page](https://github.com/copyleftdev/fatt/releases) to download the latest version for your platform:\n\n- **Windows**: `fatt-windows-amd64.zip`\n- **macOS Intel**: `fatt-macos-amd64.tar.gz`\n- **macOS Apple Silicon**: `fatt-macos-arm64.tar.gz`\n- **Linux**: `fatt-linux-amd64.tar.gz`\n\nEach release package includes the executable, LICENSE file, and rule-examples directory.\n\n### Creating a Release\n\nFor maintainers, creating a new release is as simple as pushing a new version tag:\n\n```bash\ngit tag -a v1.0.0 -m \"Release v1.0.0\"\ngit push origin v1.0.0\n```\n\nThis will trigger the GitHub Actions workflow that builds and packages FATT for all platforms.\n\n## Quick Start\n\n```bash\n# Scan domains from a list using default rules\nfatt scan -i domains.txt\n\n# Scan with custom rules\nfatt scan -i domains.txt -r custom-rules.yaml\n\n# Export results to CSV\nfatt results export -o findings.csv\n\n# Start a worker node for distributed scanning\nfatt worker start -m master-ip:port\n```\n\n## Configuration\n\nFATT uses YAML-based rules for scan configuration. Example:\n\n```yaml\nrules:\n  - name: Git Exposure\n    path: /.git/HEAD\n    signature: \"ref: refs/\"\n  - name: Env File Exposure\n    path: /.env\n    signature: \"APP_KEY=\"\n```\n\n## Rule Examples\n\nFATT includes a comprehensive set of rule examples in the `rule-examples` directory, organized by technology:\n\n- **admin-panels.yaml** - Common admin interfaces and control panels\n- **api-endpoints.yaml** - REST API endpoints and documentation resources\n- **cloud-service-paths.yaml** - AWS, GCP, Azure, and Kubernetes paths\n- **common-paths.yaml** - Comprehensive collection of various path types\n- **dangerous-defaults.yaml** - Exposed configs and sensitive files\n- **database-paths.yaml** - SQL and NoSQL database management interfaces\n- **debug-endpoints.yaml** - Debug, monitoring, and development endpoints\n- **ecommerce-webapp-paths.yaml** - eCommerce platforms and web frameworks\n- **graphql-endpoints.yaml** - GraphQL endpoints and development tools\n- **iot-embedded-paths.yaml** - IoT devices, routers, cameras, and ICS systems\n- **java-spring-paths.yaml** - Spring Boot actuators and Java web applications\n- **microsoft-paths.yaml** - Microsoft Exchange, SharePoint, and Azure paths\n\nLoad specific rule sets for targeted scanning:\n\n```rust\n// Use a single category\nlet rules = rules::load_rules(\"rule-examples/microsoft-paths.yaml\").unwrap();\n\n// Or add rules to your main ruleset\nrules::add_rule(\"rule-examples/database-paths.yaml\").unwrap();\n```\n\n## Usage\n\n```\nUSAGE:\n    fatt \u003cSUBCOMMAND\u003e\n\nSUBCOMMANDS:\n    scan      Scan domains for sensitive files and directories\n    rules     Manage scanning rules\n    results   Query and export scan results\n    dns       Manage DNS cache\n    worker    Control distributed worker nodes\n    help      Prints help information\n```\n\n## Performance Tuning\n\nFATT is designed for high performance but can be further optimized:\n\n- Increase concurrency with `-c/--concurrency` flag\n- Adjust batch size with `-b/--batch-size` flag\n- Optimize DNS cache lifetime with `--dns-ttl` option\n\n## License\n\nThis project is licensed under the HACKFU PUBLIC LICENSE (HFPL) - \"Don't Be A Noob\" Edition. See the [LICENSE](LICENSE) file for details.\n\n 2025 [copyleftdev](https://github.com/copyleftdev)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcopyleftdev%2Ffatt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcopyleftdev%2Ffatt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcopyleftdev%2Ffatt/lists"}