https://github.com/Dheerajmadhukar/back-me-up

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
https://github.com/Dheerajmadhukar/back-me-up

Last synced: 21 days ago
JSON representation

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.

• Host: GitHub
• URL: https://github.com/Dheerajmadhukar/back-me-up
• Owner: Dheerajmadhukar
• License: mit
• Created: 2021-04-08T15:55:51.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-08-14T09:18:22.000Z (4 months ago)
• Last Synced: 2024-11-19T14:32:48.065Z (23 days ago)
• Language: Shell
• Size: 1.12 MB
• Stars: 191
• Watchers: 3
• Forks: 48
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - Dheerajmadhukar/back-me-up - This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly. (Shell)

README

        


  

BACK-ME-UP

  

  


    A tool to automate a bugbounty process as: Tool will execute multiple tools to collect URLs from internet archives then use some useful patterns/RegEx to look for Sensitive Data Leakage in the form of multiple juicy extensions.

  

  

  




    View Demo

     · 

    Report Bug

   · 

    Request Feature

  






## Tool Description

Back-Me-Up is a powerful shell script tool designed to automate the bug bounty process by collecting URLs from internet archive data and searching for sensitive data leakage in the form of juicy extensions. The tool utilizes multiple tools, including `gau`, `gauplus`, `cariddi`, `waymore`, `gospider`, `crawley`, `hakrawler`,`katana`, and `waybackurls` to streamline the process.

## Prerequisites and Installation [Don't worry, back-me-up take care of this!!!]

### Requirements

 **[+] go**


 **[+] cariddi**


 **[+] waybackurls**


 **[+] git**


 **[+] waymore**


 **[+] gau**


 **[+] pip3**


 **[+] gauplus**


 **[+] katana**


 **[+] gospider**


 **[+] crawley**


 **[+] httpx**


 **[+] anew**


 **[+] curl**


 **[+] hakrawler**


### Installation

1. Clone the repo: `git clone https://github.com/Dheerajmadhukar/back-me-up.git`

2. Change dir & run the script: `cd back-me-up/`

3. To check installed prerequisite packages/tools/libs :

```

bash backmeup.sh --check/-c

```



4. To install all the prerequisite packages/tools/libs :

```

bash backmeup.sh --install/-i

```



## Usage/Help

To use Back-Me-Up, run the following command:

```

bash backmeup.sh --help/-h

```



### How it Works

Back-Me-Up works by combining the power of multiple tools to automate the bug bounty process. Here's a high-level overview of the process:

### Step 1: URL Collection

* The tool uses `gau`, `gauplus`, `waybackurls`, `cariddi`, `waymore`, `gospider`, `crawley`, `hakrawler` and `katana` to gather URLs from internet archive data.

### Step 2: Extension Filtering

* Back-Me-Up filters the URLs based on a list of juicy extensions, which are known to contain sensitive data e.g .sql, .bkp, .txt etc...

### Step 4: Data Analysis

* Finally, Back-Me-Up analyzes the extracted data using regular expressions and patterns to discover sensitive data leakage. 

## Features

* Automates the bug bounty process for sensitive data leakage discovery

* Utilizes multiple tools for URL collection, data extraction, and data analysis

* Flexible to add more Extensions as per user's demand

* Provides a user-friendly command-line interface

* Regular expression and pattern-based data analysis

## Supports 162 uniq extensions

```

$ cat ext.txt 

```

`dat,rtf,xls,ppt,sdf,odf,pptx,xlsx,exe,lnk,7z,bin,part,pdb,cgi,crdownload,ini,zipx,bak,torrent,jar,sys,deb,sh,docm,mdb,xla,zip,tar.gz,txt,json,csv,doc,docx,git,pem,bash_history,db,key,tar,log,sql,accdb,dbf,apk,cer,cfg,rar,sln,tmp,dll,iso,c,cpp,tgz,sqlite,pgsql.txt,mysql.txt,gz,config,backup,bkp,crt,eml,java,lst,passwd,pl,pwd,dir,orig,bz2,old,vbs,img,inf,py,vbproj,war,go,psql,sql.gz,vb,webinfo,jnlp,temp,webproj,xsql,raw,inc,lck,nz,rc,html.gz,env,yml,save,save.1,ovpn,secret,secrets,access,gitignore,properties,dtd,conf,configs,xml,rb,yaml,toml,tar.bz2,dochtml,odt,pdf,action,adr,ascx,asmx,axd,bkf,bok,achee,cfm,cnf,csr,ica,mai,mbox,mbx,md,nsf,ora,pac,pcf,pgp,plist,rdp,reg,skr,swf,tpl,url,wml,xsd,swp,bac,BAK,NEW,_bak,_old,bak1,lock,atom,_backup,~,%01,(1),gzip,cab,mysql-pconnect,mysql-connect`

## Custom extensions [Extension Filtering e.g .sql, .bkp, .txt etc...]

#### You want to add your custom/new 

```

$ echo "db" >> ext.txt

```

## Demo Video

Watch the demo video on
 [![Video](https://i.ytimg.com/vi/HenECEU9c34/maxresdefault.jpg)](https://www.youtube.com/watch?v=HenECEU9c34)

## Disclaimer

Back-Me-Up is designed for responsible use in legitimate penetration testing and bug bounty programs. Misuse of this tool may lead to legal consequences. The author is not responsible for any misuse of this tool.

## Author

**╔════════[ me_dheeraj ]════════════╗**

* Twitter: [@Dheerajmadhukar](https://twitter.com/Dheerajmadhukar)

* YouTube: [@Dheerajmadhukar](https://www.youtube.com/c/DheerajMadhukar)

* LinkedIn: [@dheerajtechnolegends](https://linkedin.com/in/dheerajtechnolegends)

  

**╚═════════════════════════════╝**

## Support Me

If you find Back-Me-Up useful, consider buying me a beer to support future development: