{"id":13449380,"url":"https://github.com/hannob/snallygaster","last_synced_at":"2025-05-13T20:19:17.887Z","repository":{"id":31796282,"uuid":"128925862","full_name":"hannob/snallygaster","owner":"hannob","description":"Tool to scan for secret files on HTTP servers","archived":false,"fork":false,"pushed_at":"2025-04-15T07:25:09.000Z","size":280,"stargazers_count":2086,"open_issues_count":14,"forks_count":232,"subscribers_count":70,"default_branch":"main","last_synced_at":"2025-04-28T10:58:38.049Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"0bsd","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hannob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-10T12:01:16.000Z","updated_at":"2025-04-25T19:15:59.000Z","dependencies_parsed_at":"2022-08-24T06:21:13.250Z","dependency_job_id":"7e167fa9-5928-411a-bc67-87bda29aec8d","html_url":"https://github.com/hannob/snallygaster","commit_stats":{"total_commits":191,"total_committers":18,"mean_commits":10.61111111111111,"dds":0.1361256544502618,"last_synced_commit":"3179b7ae902b779eab02e67eb937007e39c9d495"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fsnallygaster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fsnallygaster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fsnallygaster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fsnallygaster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hannob","download_url":"https://codeload.github.com/hannob/snallygaster/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254020659,"owners_count":22000757,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T06:00:36.749Z","updated_at":"2025-05-13T20:19:17.866Z","avatar_url":"https://github.com/hannob.png","language":"Python","funding_links":[],"categories":["Python","Tools","\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","others","web shell、shellcode","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具","Other","\u003ca name=\"webdev\"\u003e\u003c/a\u003eWeb development"],"sub_categories":["Leaking","\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner","网络服务_其他"],"readme":"snallygaster\n============\n\nFinds file leaks and other security problems on HTTP servers.\n\nwhat?\n-----\n\nsnallygaster is a tool that looks for files accessible on web servers that shouldn't be\npublic and can pose a security risk.\n\nTypical examples include publicly accessible git repositories, backup files potentially\ncontaining passwords or database dumps. In addition, it contains a few checks for other\nsecurity vulnerabilities.\n\nAs an introduction to these kinds of issues you may want to watch this talk:\n* [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4)\n\nSee the [TESTS.md](TESTS.md) file for an overview of all tests and links to further\ninformation about the issues.\n\ninstall\n-------\n\nsnallygaster is available [via pypi](https://pypi.org/project/snallygaster/):\n\n```\npip3 install snallygaster\n```\n\nIt's a simple python 3 script, so you can just download the file \"snallygaster\" and\nexecute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In Debian- or\nUbuntu-based distributions you can install them via:\n\n```\napt install python3-dnspython python3-urllib3 python3-bs4\n```\n\ndistribution packages\n---------------------\n\nSome Linux and BSD systems have snallygaster packaged:\n\n* [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster)\n* [NetBSD](https://pkgsrc.se/security/snallygaster)\n* [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/)\n* [openSUSE](https://software.opensuse.org/package/snallygaster)\n\nfaq\n---\n\nQ: I want to contribute / send a patch / a pull request!\n\nA: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file.\n\nQ: What's that name?\n\nA: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon\nthat according to some legends was seen in Maryland and other parts of the US. There's\nno particular backstory why this tool got named this way, other than that I was looking\nfor a fun and interesting name.\n\nI thought a name of some mythical creature would be nice, but most of those had the\nproblem that I would have had name collisions with other software. Checking the list of\ndragons on Wikipedia I learned about the Snallygaster. The name sounded funny, the idea\nthat there are dragon legends in the US interesting and I found no other piece of\nsoftware with that name.\n\ncredit and thanks\n-----------------\n\n* Thanks to Tim Philipp Schäfers and Sebastian Neef from the [Internetwache](\n  https://www.internetwache.org/) for plenty of ideas about things to look for.\n* Thanks to [Craig Young](https://secur3.us/) for many discussions during the\n  development of this script.\n* Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python\n  programming during the development.\n* Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of things\n  about Python packaging.\n* Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom\n  track at 34C3 for letting me present this work.\n\nauthor\n------\n\nsnallygaster is developed and maintained by [Hanno Böck](https://hboeck.de/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhannob%2Fsnallygaster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhannob%2Fsnallygaster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhannob%2Fsnallygaster/lists"}