https://github.com/thatlinuxguyyouknow/postboy
An opsec tool for endpoint discovery via POST requests
https://github.com/thatlinuxguyyouknow/postboy
Last synced: over 1 year ago
JSON representation
An opsec tool for endpoint discovery via POST requests
- Host: GitHub
- URL: https://github.com/thatlinuxguyyouknow/postboy
- Owner: ThatLinuxGuyYouKnow
- Created: 2024-07-02T20:29:03.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-07-17T06:43:23.000Z (almost 2 years ago)
- Last Synced: 2025-01-29T12:16:02.543Z (over 1 year ago)
- Language: Python
- Size: 13.7 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Postboy
An opsec tool for endpoint discovery via POST requests. Postboy is a Python script that tests endpoints on a target URL using a wordlist. It sends HTTP POST requests to the endpoints and logs the results.
This tool exists because other endpoint discovery tools(like Gobuster) are only configured to send GETrequests, this causes false negatives as some endpoints are only configured for POST requests.
### Requirements
Python 3.x
requests library
You can install the requests library using pip:
```bash
pip install requests
```
## Usage
To use Postboy, you need to provide a target URL and a wordlist file. The wordlist file should contain a list of endpoints, one per line.
Command-Line Arguments
> -t, --target: The target URL (e.g., http://example.com).
> -d, --dictionary: The path to the wordlist file.
## Example
```python
python postboy.py -t http://super.evilcorpserver.com -d lists.txt
```
## Output
The script will create an output file named found_endpoints.txt in the same directory, containing the endpoints that do not return a 404 status code.
## Development Roadmap
Make multithreaded to increase speed
Configure to support GET requests ✅
Detect redirects( prevents false positives when this tool is used on websites )