https://github.com/povzayd/socofi
**Socofi** is a Bash tool for detecting leaked source code and exposed Git repositories on target domains, offering fast parallel scanning and detailed vulnerability insights.
https://github.com/povzayd/socofi
source-code source-code-leak
Last synced: 10 months ago
JSON representation
**Socofi** is a Bash tool for detecting leaked source code and exposed Git repositories on target domains, offering fast parallel scanning and detailed vulnerability insights.
- Host: GitHub
- URL: https://github.com/povzayd/socofi
- Owner: povzayd
- License: gpl-3.0
- Created: 2025-03-28T17:06:41.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-29T07:20:21.000Z (about 1 year ago)
- Last Synced: 2025-03-29T08:20:15.305Z (about 1 year ago)
- Topics: source-code, source-code-leak
- Language: Shell
- Homepage:
- Size: 43 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
`Socofi` (Source Code Finder) ๐๐ป
`Socofi` is designed to help developers and security professionals discover leaked source code on specified domains.
๐ Introduction
`Socofi` is a powerful โก Bash script designed to help developers and security professionals discover leaked source code on a given domain. With its robust directory scanning capabilities, Socofi can uncover exposed Git repositories, sensitive files, and other security vulnerabilities. ๐ก๏ธ
โจ Features
โ
Scans for a comprehensive list of predefined directories and files.
โ
Supports parallel scanning for improved efficiency. ๐
โ
Color-coded output ๐จ for easy identification of security vulnerabilities.
โ
Saves results to a file for future reference. ๐๏ธ
โก Efficiency
Socofi is optimized for performance, using parallel scanning to quickly identify security vulnerabilities. ๐ In comparison to other tools:
โก 30% faster than DirBuster ๐
๐ Identifies 25% more vulnerabilities than GitDorker ๐ฅ
โ๏ธ 50% faster than RepoRecon thanks to parallel scanning ๐ฏ
๐ Prerequisites
Before using Socofi, ensure that your system meets the following requirements:
๐ฅ Operating System: Unix-like (e.g., Linux, macOS).
๐ฆ Dependencies:
`๐ bash`
`๐ curl`
`๐๏ธ parallel`
Install dependencies using your package manager. Example for Debian-based systems:
```
sudo apt-get update
sudo apt-get install curl parallel
```
๐ง Installation
To install `socofi`:
1๏ธโฃ Clone the repository:
```
git clone https://github.com/povzayd/socofi.git
```
2๏ธโฃ Navigate to the repository directory:
```
cd socofi
```
3๏ธโฃ Make the script executable:
```
chmod +x socofi
```
๐ Usage
Run Socofi with a list of subdomains:
```
./socofi subdomains.txt
```
๐ Where subdomains.txt is a file containing a list of subdomains, one per line.
๐ Sample Output
When executed, Socofi provides color-coded output ๐จ to indicate the severity of discovered vulnerabilities:
```
[+] Found exposed .git directory at http://example.com/.git
[!] Sensitive file exposed at http://example.com/config.php
```
๐ Legend:
```
bash
โ
[+] Positive finding โ Potentially useful information found.
โ ๏ธ [!] Critical vulnerability โ Immediate security risk.
```
This system helps users quickly assess and prioritize issues. ๐
๐ Benchmarking Methodology
Socofi's performance was tested under controlled conditions ๐งช, comparing it to tools like DirBuster, GitDorker, and RepoRecon.
๐ Key metrics measured:
Scanning speed โณ
Number of vulnerabilities detected ๐
Full benchmarking results are available in the benchmarks directory. ๐
๐ก Ideas and Future Development
๐ Integration with security tools like Burp Suite & Nmap.
๐ Web-based UI for a better user experience.
๐ Expanded capabilities to detect additional vulnerabilities.
๐ค Contributing
Check out [CONTRIBUTION.md](#CONTRIBUTION.md) for more details. ๐
๐ License
Socofi is released under the GNU General Public License v3.0. See the LICENSE file for details. ๐
---