Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jimywork/stretcher
Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
https://github.com/jimywork/stretcher
elasticsearch exposing hacking tool
Last synced: 28 days ago
JSON representation
Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
- Host: GitHub
- URL: https://github.com/jimywork/stretcher
- Owner: jimywork
- Created: 2019-01-03T16:08:24.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2019-01-03T17:14:48.000Z (almost 6 years ago)
- Last Synced: 2024-08-05T17:40:08.577Z (4 months ago)
- Topics: elasticsearch, exposing, hacking, tool
- Language: Python
- Size: 7.81 KB
- Stars: 92
- Watchers: 4
- Forks: 20
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - jimywork/stretcher - Tool designed to help identify open Elasticsearch servers that are exposing sensitive information (Python)
README
# Stretcher
Stretcher is a tool to search for open elasticsearch servers.```
Usage: python stretcher.py --shodan {key} --action analyze --threads {0..100} --dork
python stretcher.py --help
_____ __ __ __
/ ___// /_________ / /______/ /_ ___ _____
\__ \/ __/ ___/ _ \/ __/ ___/ __ \/ _ \/ ___/
___/ / /_/ / / __/ /_/ /__/ / / / __/ /
/____/\__/_/ \___/\__/\___/_/ /_/\___/_/
Tool designed to help identify incorrectly
Applications that are exposing sensitive
[+] Interesting indexes were found payment, address, email, userBrowser: http://34.224.104.129:80
Organization: Amazon.com
Hostnames: ec2-34-224-104-129.compute-1.amazonaws.com
Domains: amazonaws.com
City: Ashburn
Country: United States
Status: Without authentication (Open)```
### Installation
```
$ cd $HOME/
$ git clone https://github.com/6IX7ine/stretcher/
$ sudo chmod -R 777 stretcher/
```### Disclaimer
Code samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages from misuse of this information or code.