Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shiblisec/kyubi

A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.
https://github.com/shiblisec/kyubi

Last synced: about 2 months ago
JSON representation

A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.

Host: GitHub
URL: https://github.com/shiblisec/kyubi
Owner: shiblisec
Created: 2019-10-04T09:30:56.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-12-10T11:44:26.000Z (about 1 year ago)
Last Synced: 2023-12-10T12:34:17.820Z (about 1 year ago)
Language: Python
Homepage:
Size: 15.6 KB
Stars: 80
Watchers: 3
Forks: 16
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

[![made with python](https://img.shields.io/badge/made%20in-python-red)](https://img.shields.io/badge/made%20in-python-red)
[![author](https://img.shields.io/badge/author-shibli2700-blue)](https://img.shields.io/badge/author-shibli2700-blue)
[![co-author](https://img.shields.io/badge/co_author-saami97-green)](https://img.shields.io/badge/author-shibli2700-green)
## Kyubi

A tool to discover Nginx alias traversal misconfiguration, read more [https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/](https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/)

## Installation

### OPTION 1:

```
git clone https://github.com/shibli2700/Kyubi.git
cd /Kyubi
sudo python3 setup.py install
pip install .
```

### OPTION 2: Pulling the Docker Image from Docker Hub

You can pull the Docker image from Docker Hub and running it locally using the following command:

```bash
docker pull saydocerr/kyubi
```

```bash
docker run -it saydocerr/kyubi
```

## Options
```
usage: kyubi [-h] [-v] [-a] url

This tool checks nginx alias traversal misconfiguration.

positional arguments:
url URL of the target

optional arguments:
-h, --help show this help message and exit
-v increase verbosity
-a append segment in the end
```

## Usage

```
$ kyubi -v https://127.0.0.1/resources/images/users/profile/profile.png
```

## Future Addition

* Brute forcing with filenames and directories.
* Web Interface.