diff --git a/.google-cookie b/.google-cookie new file mode 100644 index 0000000..75b5fdc --- /dev/null +++ b/.google-cookie @@ -0,0 +1,3 @@ +#LWP-Cookies-2.0 +Set-Cookie3: AEC="AZ6Zc-WthhZX5Bc5CSzrUHksLujVmgOR3T7ydYuZ6aSrG_rNy4W4c1DqgQ4"; path="/"; domain=".google.co.in"; path_spec; domain_dot; secure; expires="2025-04-21 06:48:02Z"; HttpOnly=None; SameSite=lax; version=0 +Set-Cookie3: NID="518=O3VkznglaZNpsJTwOZyWThe6drIc_74l2AegKIssCruaW3H_pz_0Dgk15-b1-XKtwL92FJ59F4BqhgKLlsR3lnhfNdNOFnBJIN94nTWA8Ys_nt9MqogfbGrhv7z_l9CPW7Aih2LAkO-nf9qcZXuMFbs8jihyDM_8k2L5s0iSv8FhhU2qeBtH68sAsN-3erSEa_g"; path="/"; domain=".google.co.in"; path_spec; domain_dot; expires="2025-04-24 06:48:02Z"; HttpOnly=None; version=0 diff --git a/duck_duck_leak/__init__.py b/duck_duck_leak/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/duck_duck_leak/__pycache__/__init__.cpython-310.pyc b/duck_duck_leak/__pycache__/__init__.cpython-310.pyc new file mode 100644 index 0000000..645da35 Binary files /dev/null and b/duck_duck_leak/__pycache__/__init__.cpython-310.pyc differ diff --git a/duck_duck_leak/__pycache__/settings.cpython-310.pyc b/duck_duck_leak/__pycache__/settings.cpython-310.pyc new file mode 100644 index 0000000..07ba6b3 Binary files /dev/null and b/duck_duck_leak/__pycache__/settings.cpython-310.pyc differ diff --git a/duck_duck_leak/__pycache__/urls.cpython-310.pyc b/duck_duck_leak/__pycache__/urls.cpython-310.pyc new file mode 100644 index 0000000..61cef83 Binary files /dev/null and b/duck_duck_leak/__pycache__/urls.cpython-310.pyc differ diff --git a/duck_duck_leak/__pycache__/wsgi.cpython-310.pyc b/duck_duck_leak/__pycache__/wsgi.cpython-310.pyc new file mode 100644 index 0000000..286f42d Binary files /dev/null and b/duck_duck_leak/__pycache__/wsgi.cpython-310.pyc differ diff --git a/duck_duck_leak/asgi.py b/duck_duck_leak/asgi.py new file mode 100644 index 0000000..049ee93 --- /dev/null +++ b/duck_duck_leak/asgi.py @@ -0,0 +1,16 @@ +""" +ASGI config for duck_duck_leak project. + +It exposes the ASGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/4.2/howto/deployment/asgi/ +""" + +import os + +from django.core.asgi import get_asgi_application + +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'duck_duck_leak.settings') + +application = get_asgi_application() diff --git a/duck_duck_leak/settings.py b/duck_duck_leak/settings.py new file mode 100644 index 0000000..c2d530f --- /dev/null +++ b/duck_duck_leak/settings.py @@ -0,0 +1,127 @@ +""" +Django settings for duck_duck_leak project. + +Generated by 'django-admin startproject' using Django 4.2.16. + +For more information on this file, see +https://docs.djangoproject.com/en/4.2/topics/settings/ + +For the full list of settings and their values, see +https://docs.djangoproject.com/en/4.2/ref/settings/ +""" + +from pathlib import Path + +# Build paths inside the project like this: BASE_DIR / 'subdir'. +BASE_DIR = Path(__file__).resolve().parent.parent + + +# Quick-start development settings - unsuitable for production +# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = 'django-insecure-8)egv6p9l1#$#ppb7x-jqku%614dzv6z5&epxfo)z$0lt_b+6w' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True + +ALLOWED_HOSTS = [ + '192.168.8.100', + '127.0.0.1' +] + + +# Application definition + +INSTALLED_APPS = [ + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', + 'myapp', +] + +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', +] + +ROOT_URLCONF = 'duck_duck_leak.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + ], + }, + }, +] + +WSGI_APPLICATION = 'duck_duck_leak.wsgi.application' + + +# Database +# https://docs.djangoproject.com/en/4.2/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': BASE_DIR / 'db.sqlite3', + } +} + + +# Password validation +# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + + +# Internationalization +# https://docs.djangoproject.com/en/4.2/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/4.2/howto/static-files/ + +STATIC_URL = 'static/' + +# Default primary key field type +# https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field + +DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' diff --git a/duck_duck_leak/urls.py b/duck_duck_leak/urls.py new file mode 100644 index 0000000..81509b1 --- /dev/null +++ b/duck_duck_leak/urls.py @@ -0,0 +1,7 @@ +from django.contrib import admin +from django.urls import include, path + +urlpatterns = [ + path('', include('myapp.urls')), + path('admin/', admin.site.urls), +] \ No newline at end of file diff --git a/duck_duck_leak/wsgi.py b/duck_duck_leak/wsgi.py new file mode 100644 index 0000000..f920663 --- /dev/null +++ b/duck_duck_leak/wsgi.py @@ -0,0 +1,16 @@ +""" +WSGI config for duck_duck_leak project. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/ +""" + +import os + +from django.core.wsgi import get_wsgi_application + +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'duck_duck_leak.settings') + +application = get_wsgi_application() diff --git a/manage.py b/manage.py new file mode 100644 index 0000000..1dd50a9 --- /dev/null +++ b/manage.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +"""Django's command-line utility for administrative tasks.""" +import os +import sys + + +def main(): + """Run administrative tasks.""" + os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'duck_duck_leak.settings') + try: + from django.core.management import execute_from_command_line + except ImportError as exc: + raise ImportError( + "Couldn't import Django. Are you sure it's installed and " + "available on your PYTHONPATH environment variable? Did you " + "forget to activate a virtual environment?" + ) from exc + execute_from_command_line(sys.argv) + + +if __name__ == '__main__': + main() diff --git a/myapp/__init__.py b/myapp/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/myapp/__pycache__/__init__.cpython-310.pyc b/myapp/__pycache__/__init__.cpython-310.pyc new file mode 100644 index 0000000..9e2493e Binary files /dev/null and b/myapp/__pycache__/__init__.cpython-310.pyc differ diff --git a/myapp/__pycache__/admin.cpython-310.pyc b/myapp/__pycache__/admin.cpython-310.pyc new file mode 100644 index 0000000..265348f Binary files /dev/null and b/myapp/__pycache__/admin.cpython-310.pyc differ diff --git a/myapp/__pycache__/apps.cpython-310.pyc b/myapp/__pycache__/apps.cpython-310.pyc new file mode 100644 index 0000000..ce7e25d Binary files /dev/null and b/myapp/__pycache__/apps.cpython-310.pyc differ diff --git a/myapp/__pycache__/base64find.cpython-310.pyc b/myapp/__pycache__/base64find.cpython-310.pyc new file mode 100644 index 0000000..1fd61db Binary files /dev/null and b/myapp/__pycache__/base64find.cpython-310.pyc differ diff --git a/myapp/__pycache__/cleardata.cpython-310.pyc b/myapp/__pycache__/cleardata.cpython-310.pyc new file mode 100644 index 0000000..3849d08 Binary files /dev/null and b/myapp/__pycache__/cleardata.cpython-310.pyc differ diff --git a/myapp/__pycache__/crawledlinks.cpython-310.pyc b/myapp/__pycache__/crawledlinks.cpython-310.pyc new file mode 100644 index 0000000..25cbf10 Binary files /dev/null and b/myapp/__pycache__/crawledlinks.cpython-310.pyc differ diff --git a/myapp/__pycache__/crypt.cpython-310.pyc b/myapp/__pycache__/crypt.cpython-310.pyc new file mode 100644 index 0000000..15b0ed4 Binary files /dev/null and b/myapp/__pycache__/crypt.cpython-310.pyc differ diff --git a/myapp/__pycache__/direnum.cpython-310.pyc b/myapp/__pycache__/direnum.cpython-310.pyc new file mode 100644 index 0000000..b8895f5 Binary files /dev/null and b/myapp/__pycache__/direnum.cpython-310.pyc differ diff --git a/myapp/__pycache__/forms.cpython-310.pyc b/myapp/__pycache__/forms.cpython-310.pyc new file mode 100644 index 0000000..de7e2f4 Binary files /dev/null and b/myapp/__pycache__/forms.cpython-310.pyc differ diff --git a/myapp/__pycache__/git_secret.cpython-310.pyc b/myapp/__pycache__/git_secret.cpython-310.pyc new file mode 100644 index 0000000..a235906 Binary files /dev/null and b/myapp/__pycache__/git_secret.cpython-310.pyc differ diff --git a/myapp/__pycache__/glsearch.cpython-310.pyc b/myapp/__pycache__/glsearch.cpython-310.pyc new file mode 100644 index 0000000..e5efc00 Binary files /dev/null and b/myapp/__pycache__/glsearch.cpython-310.pyc differ diff --git a/myapp/__pycache__/linkchecker.cpython-310.pyc b/myapp/__pycache__/linkchecker.cpython-310.pyc new file mode 100644 index 0000000..7fde907 Binary files /dev/null and b/myapp/__pycache__/linkchecker.cpython-310.pyc differ diff --git a/myapp/__pycache__/linkscraping.cpython-310.pyc b/myapp/__pycache__/linkscraping.cpython-310.pyc new file mode 100644 index 0000000..108b273 Binary files /dev/null and b/myapp/__pycache__/linkscraping.cpython-310.pyc differ diff --git a/myapp/__pycache__/linkscrapping.cpython-310.pyc b/myapp/__pycache__/linkscrapping.cpython-310.pyc new file mode 100644 index 0000000..51276bb Binary files /dev/null and b/myapp/__pycache__/linkscrapping.cpython-310.pyc differ diff --git a/myapp/__pycache__/models.cpython-310.pyc b/myapp/__pycache__/models.cpython-310.pyc new file mode 100644 index 0000000..797c8a3 Binary files /dev/null and b/myapp/__pycache__/models.cpython-310.pyc differ diff --git a/myapp/__pycache__/scraper.cpython-310.pyc b/myapp/__pycache__/scraper.cpython-310.pyc new file mode 100644 index 0000000..ee4ec88 Binary files /dev/null and b/myapp/__pycache__/scraper.cpython-310.pyc differ diff --git a/myapp/__pycache__/secret.cpython-310.pyc b/myapp/__pycache__/secret.cpython-310.pyc new file mode 100644 index 0000000..b223556 Binary files /dev/null and b/myapp/__pycache__/secret.cpython-310.pyc differ diff --git a/myapp/__pycache__/sitemap_scan.cpython-310.pyc b/myapp/__pycache__/sitemap_scan.cpython-310.pyc new file mode 100644 index 0000000..26f123d Binary files /dev/null and b/myapp/__pycache__/sitemap_scan.cpython-310.pyc differ diff --git a/myapp/__pycache__/subdom.cpython-310.pyc b/myapp/__pycache__/subdom.cpython-310.pyc new file mode 100644 index 0000000..a11b828 Binary files /dev/null and b/myapp/__pycache__/subdom.cpython-310.pyc differ diff --git a/myapp/__pycache__/trigger.cpython-310.pyc b/myapp/__pycache__/trigger.cpython-310.pyc new file mode 100644 index 0000000..ba3bf08 Binary files /dev/null and b/myapp/__pycache__/trigger.cpython-310.pyc differ diff --git a/myapp/__pycache__/trufflehog.cpython-310.pyc b/myapp/__pycache__/trufflehog.cpython-310.pyc new file mode 100644 index 0000000..ac8692d Binary files /dev/null and b/myapp/__pycache__/trufflehog.cpython-310.pyc differ diff --git a/myapp/__pycache__/urls.cpython-310.pyc b/myapp/__pycache__/urls.cpython-310.pyc new file mode 100644 index 0000000..f2e788f Binary files /dev/null and b/myapp/__pycache__/urls.cpython-310.pyc differ diff --git a/myapp/__pycache__/views.cpython-310.pyc b/myapp/__pycache__/views.cpython-310.pyc new file mode 100644 index 0000000..4c50996 Binary files /dev/null and b/myapp/__pycache__/views.cpython-310.pyc differ diff --git a/myapp/admin.py b/myapp/admin.py new file mode 100644 index 0000000..8c38f3f --- /dev/null +++ b/myapp/admin.py @@ -0,0 +1,3 @@ +from django.contrib import admin + +# Register your models here. diff --git a/myapp/apps.py b/myapp/apps.py new file mode 100644 index 0000000..c34fb20 --- /dev/null +++ b/myapp/apps.py @@ -0,0 +1,6 @@ +from django.apps import AppConfig + + +class MyappConfig(AppConfig): + default_auto_field = 'django.db.models.BigAutoField' + name = 'myapp' diff --git a/myapp/base64find.py b/myapp/base64find.py new file mode 100644 index 0000000..224bbef --- /dev/null +++ b/myapp/base64find.py @@ -0,0 +1,49 @@ +import requests +from bs4 import BeautifulSoup +import base64 +import re + +def is_base64_encoded(data): + try: + if isinstance(data, str): + if len(data) % 4 == 0 and re.match(r'^[A-Za-z0-9+/]+={0,2}$', data): + # Attempt to decode the base64 string + base64.b64decode(data, validate=True) + return True + return False + except Exception: + return False + +def decode_base64(data): + try: + decoded_bytes = base64.b64decode(data) + return decoded_bytes.decode('utf-8', errors='ignore') + except Exception as e: + print(f"Error decoding base64: {e}") + return None + +def find_and_decode_base64_in_source(url): + decoded_results = [] + try: + response = requests.get(url, timeout=5) + response.raise_for_status() + soup = BeautifulSoup(response.text, 'html.parser') + + page_content = soup.get_text() + + potential_base64_strings = re.findall(r'[A-Za-z0-9+/]{16,}={0,2}', page_content) + + for encoded_str in potential_base64_strings: + if is_base64_encoded(encoded_str): + decoded_str = decode_base64(encoded_str) + if decoded_str: + decoded_results.append((encoded_str, decoded_str)) + + if not decoded_results: + print(f"No Base64 encoded strings found in {url}") + + except requests.RequestException as e: + print(f"Failed to retrieve the webpage at {url}: {e}") + + return decoded_results + diff --git a/myapp/cleardata.py b/myapp/cleardata.py new file mode 100644 index 0000000..dbcc272 --- /dev/null +++ b/myapp/cleardata.py @@ -0,0 +1,12 @@ +# cleardata.py +from .models import GoogleLink, Subdomain, DirectoryEnumeration, GitHubScan, SecretScan, Linkscrap, SitemapURL,GitDataLeak + +def clear_data(): + GoogleLink.objects.all().delete() + Subdomain.objects.all().delete() + DirectoryEnumeration.objects.all().delete() + GitHubScan.objects.all().delete() + SecretScan.objects.all().delete() + Linkscrap.objects.all().delete() + SitemapURL.objects.all().delete() + GitDataLeak.objects.all().delete() diff --git a/myapp/common.txt b/myapp/common.txt new file mode 100644 index 0000000..98334fa --- /dev/null +++ b/myapp/common.txt @@ -0,0 +1,4734 @@ +.bash_history +.bashrc +.cache +.config +.cvs +.cvsignore +.env +.forward +.git +.git-rewrite +.git/HEAD +.git/config +.git/index +.git/logs/ +.git_release +.gitattributes +.gitconfig +.gitignore +.gitk +.gitkeep +.gitmodules +.gitreview +.history +.hta +.htaccess +.htpasswd +.listing +.listings +.mysql_history +.passwd +.perf +.profile +.rhosts +.sh_history +.ssh +.subversion +.svn +.svn/entries +.svnignore +.swf +.web +.well-known/acme-challenge +.well-known/apple-app-site-association +.well-known/apple-developer-merchantid-domain-association +.well-known/ashrae +.well-known/assetlinks.json +.well-known/autoconfig/mail +.well-known/browserid +.well-known/caldav +.well-known/carddav +.well-known/change-password +.well-known/coap +.well-known/core +.well-known/csvm +.well-known/dnt +.well-known/dnt-policy.txt +.well-known/dots +.well-known/ecips +.well-known/enterprise-transport-security +.well-known/est +.well-known/genid +.well-known/hoba +.well-known/host-meta +.well-known/host-meta.json +.well-known/http-opportunistic +.well-known/idp-proxy +.well-known/jmap +.well-known/jwks.json +.well-known/keybase.txt +.well-known/looking-glass +.well-known/matrix +.well-known/mercure +.well-known/mta-sts.txt +.well-known/mud +.well-known/nfv-oauth-server-configuration +.well-known/ni +.well-known/nodeinfo +.well-known/oauth-authorization-server +.well-known/openid-configuration +.well-known/openid-federation +.well-known/openorg +.well-known/openpgpkey +.well-known/pki-validation +.well-known/posh +.well-known/pvd +.well-known/reload-config +.well-known/repute-template +.well-known/resourcesync +.well-known/security.txt +.well-known/humans.txt +.well-known/stun-key +.well-known/thread +.well-known/time +.well-known/timezone +.well-known/uma2-configuration +.well-known/void +.well-known/webfinger +0 +00 +01 +02 +03 +04 +05 +06 +07 +08 +09 +1 +10 +100 +1000 +1001 +101 +102 +103 +11 +12 +123 +13 +14 +15 +1990 +1991 +1992 +1993 +1994 +1995 +1996 +1997 +1998 +1999 +1x1 +2 +20 +200 +2000 +2001 +2002 +2003 +2004 +2005 +2006 +2007 +2008 +2009 +2010 +2011 +2012 +2013 +2014 +2015 +2016 +2017 +2018 +2019 +2020 +2021 +2022 +21 +22 +2257 +23 +24 +25 +2g +3 +30 +300 +32 +3g +3rdparty +4 +400 +401 +403 +404 +42 +4DWEBTEST +4DSTATS +4DHTMLSTATS +5 +50 +500 +51 +6 +64 +7 +7z +8 +9 +96 +@ +A +ADM +ADMIN +ADMON +AT-admin.cgi +About +AboutUs +Admin +AdminService +AdminTools +Administration +AggreSpy +AppsLocalLogin +AppsLogin +Archive +Articles +B +BUILD +BackOffice +Base +Blog +Books +Browser +Business +C +CMS +CPAN +CVS +CVS/Entries +CVS/Repository +CVS/Root +CYBERDOCS +CYBERDOCS25 +CYBERDOCS31 +ChangeLog +Computers +Contact +ContactUs +Content +Creatives +D +DB +DMSDump +Database_Administration +Default +Documents and Settings +Download +Downloads +E +Education +English +Entertainment +Entries +Events +Extranet +F +FAQ +FCKeditor +G +Games +Global +Graphics +H +HTML +Health +Help +Home +I +INSTALL_admin +Image +Images +Index +Indy_admin +Internet +J +JMXSoapAdapter +Java +L +LICENSE +Legal +Links +Linux +Log +LogFiles +Login +Logs +Lotus_Domino_Admin +M +MANIFEST.MF +META-INF +Main +Main_Page +Makefile +Media +Members +Menus +Misc +Music +N +News +O +OA +OAErrorDetailPage +OA_HTML +OasDefault +Office +P +PDF +PHP +PMA +Pages +People +Press +Privacy +Products +Program Files +Projects +Publications +R +RCS +README +RSS +Rakefile +Readme +RealMedia +Recycled +Research +Resources +Root +S +SERVER-INF +SOAPMonitor +SQL +SUNWmc +Scripts +Search +Security +Server +ServerAdministrator +Services +Servlet +Servlets +Shibboleth.sso/Metadata +SiteMap +SiteScope +SiteServer +Sites +Software +Sources +Sports +Spy +Statistics +Stats +Super-Admin +Support +SysAdmin +SysAdmin2 +T +TEMP +TMP +TODO +Technology +Themes +Thumbs.db +Travel +U +US +UserFiles +Utilities +V +Video +W +W3SVC +W3SVC1 +W3SVC2 +W3SVC3 +WEB-INF +WS_FTP +WS_FTP.LOG +WebAdmin +Windows +X +XML +XXX +_ +_adm +_admin +_ajax +_archive +_assets +_backup +_baks +_borders +_cache +_catalogs +_common +_conf +_config +_css +_data +_database +_db_backups +_derived +_dev +_dummy +_files +_flash +_fpclass +_framework/blazor.boot.json +_framework/blazor.webassembly.js +_framework/wasm/dotnet.wasm +_framework/_bin/WebAssembly.Bindings.dll +_images +_img +_inc +_include +_includes +_install +_js +_layouts +_lib +_media +_mem_bin +_mm +_mmserverscripts +_mygallery +_notes +_old +_overlay +_pages +_private +_reports +_res +_resources +_scriptlibrary +_scripts +_source +_src +_stats +_styles +_swf +_temp +_tempalbums +_template +_templates +_test +_themes +_tmp +_tmpfileop +_vti_aut +_vti_bin +_vti_bin/_vti_adm/admin.dll +_vti_bin/_vti_aut/author.dll +_vti_bin/shtml.dll +_vti_cnf +_vti_inf +_vti_log +_vti_map +_vti_pvt +_vti_rpc +_vti_script +_vti_txt +_www +a +aa +aaa +abc +abc123 +abcd +abcd1234 +about +about-us +about_us +aboutus +abstract +abuse +ac +academic +academics +acatalog +acc +access +access-log +access-log.1 +access.1 +access_db +access_log +access_log.1 +accessgranted +accessibility +accessories +accommodation +account +account_edit +account_history +accountants +accounting +accounts +accountsettings +acct_login +achitecture +acp +act +action +actions +activate +activation +active +activeCollab +activex +activities +activity +ad +ad_js +adaptive +adclick +add +add_cart +addfav +addnews +addons +addpost +addreply +address +address_book +addressbook +addresses +addtocart +adlog +adlogger +adm +admin +admin-admin +admin-console +admin-interface +administrator-panel +admin.cgi +admin.php +admin.pl +admin1 +admin2 +admin3 +admin4_account +admin4_colon +admin_ +admin_area +admin_banner +admin_c +admin_index +admin_interface +admin_login +admin_logon +admincontrol +admincp +adminhelp +administer +administr8 +administracion +administrador +administrat +administratie +administration +administrator +administratoraccounts +administrators +administrivia +adminlogin +adminlogon +adminpanel +adminpro +admins +adminsessions +adminsql +admintools +admissions +admon +adobe +adodb +ads +adserver +adsl +adv +adv_counter +advanced +advanced_search +advancedsearch +advert +advertise +advertisement +advertisers +advertising +adverts +advice +adview +advisories +af +aff +affiche +affiliate +affiliate_info +affiliate_terms +affiliates +affiliatewiz +africa +agb +agency +agenda +agent +agents +aggregator +ajax +ajax_cron +akamai +akeeba.backend.log +alarm +alarms +album +albums +alcatel +alert +alerts +alias +aliases +alive +all +all-wcprops +alltime +alpha +alt +alumni +alumni_add +alumni_details +alumni_info +alumni_reunions +alumni_update +am +amanda +amazon +amember +analog +analog.html +analyse +analysis +analytics +and +android +android/config +announce +announcement +announcements +annuaire +annual +anon +anon_ftp +anonymous +ansi +answer +answers +antibot_image +antispam +antivirus +anuncios +any +aol +ap +apac +apache +apanel +apc +apexec +api +api/experiments +api/experiments/configurations +apis +apl +apm +app +app_browser +app_browsers +app_code +app_data +app_themes +appeal +appeals +append +appl +apple +apple-app-site-association +applet +applets +appliance +appliation +application +application.wadl +applications +apply +apps +apr +ar +arbeit +arcade +arch +architect +architecture +archiv +archive +archives +archivos +arquivos +array +arrow +ars +art +article +articles +artikel +artists +arts +artwork +as +ascii +asdf +ashley +asia +ask +ask_a_question +askapache +asmx +asp +aspadmin +aspdnsfcommon +aspdnsfencrypt +aspdnsfgateways +aspdnsfpatterns +aspnet_client +asps +aspx +asset +assetmanage +assetmanagement +assets +at +atom +attach +attach_mod +attachment +attachments +attachs +attic +au +auction +auctions +audio +audit +audits +auth +authentication +author +authoring +authorization +authorize +authorized_keys +authors +authuser +authusers +auto +autobackup +autocheck +autodeploy +autodiscover +autologin +automatic +automation +automotive +aux +av +avatar +avatars +aw +award +awardingbodies +awards +awl +awmdata +awstats +awstats.conf +axis +axis-admin +axis2 +axis2-admin +axs +az +b +b1 +b2b +b2c +back +back-up +backdoor +backend +background +backgrounds +backoffice +backup +backup-db +backup2 +backup_migrate +backups +bad_link +bak +bak-up +bakup +balance +balances +ban +bandwidth +bank +banking +banks +banned +banner +banner2 +banner_element +banneradmin +bannerads +banners +bar +base +baseball +bash +basic +basket +basketball +baskets +bass +bat +batch +baz +bb +bb-hist +bb-histlog +bbadmin +bbclone +bboard +bbs +bc +bd +bdata +be +bea +bean +beans +beehive +beheer +benefits +benutzer +best +beta +bfc +bg +big +bigadmin +bigip +bilder +bill +billing +bin +binaries +binary +bins +bio +bios +bitrix +biz +bk +bkup +bl +black +blah +blank +blb +block +blocked +blocks +blog +blog_ajax +blog_inlinemod +blog_report +blog_search +blog_usercp +blogger +bloggers +blogindex +blogs +blogspot +blow +blue +bm +bmz_cache +bnnr +bo +board +boards +bob +body +bofh +boiler +boilerplate +bonus +bonuses +book +booker +booking +bookmark +bookmarks +books +bookstore +boost_stats +boot +bot +bot-trap +bots +bottom +boutique +box +boxes +br +brand +brands +broadband +brochure +brochures +broken +broken_link +broker +browse +browser +bs +bsd +bt +bug +bugs +build +builder +buildr +bulk +bulksms +bullet +busca +buscador +buscar +business +button +buttons +buy +buynow +buyproduct +bypass +bz2 +c +cPanel +ca +cabinet +cache +cachemgr +cachemgr.cgi +caching +cad +cadmins +cal +calc +calendar +calendar_events +calendar_sports +calendarevents +calendars +call +callback +callee +caller +callin +calling +callout +cam +camel +campaign +campaigns +can +canada +captcha +car +carbuyaction +card +cardinal +cardinalauth +cardinalform +cards +career +careers +carp +carpet +cars +cart +carthandler +carts +cas +cases +casestudies +cash +cat +catalog +catalog.wci +catalogs +catalogsearch +catalogue +catalyst +catch +categoria +categories +category +catinfo +cats +cb +cc +ccbill +ccount +ccp14admin +ccs +cd +cdrom +centres +cert +certenroll +certificate +certificates +certification +certified +certs +certserver +certsrv +cf +cfc +cfcache +cfdocs +cfg +cfide +cfm +cfusion +cgi +cgi-bin +cgi-bin/ +cgi-bin2 +cgi-data +cgi-exe +cgi-home +cgi-image +cgi-local +cgi-perl +cgi-pub +cgi-script +cgi-shl +cgi-sys +cgi-web +cgi-win +cgi_bin +cgibin +cgis +cgiwrap +cgm-web +ch +chan +change +change_password +change-password +changed +changelog +changepw +changes +channel +charge +charges +chart +charts +chat +chats +check +checking +checkout +checkout_iclear +checkoutanon +checkoutreview +checkpoint +checks +check-email +child +children +china +chk +choosing +chris +chrome +cinema +cisco +cisweb +cities +citrix +city +ck +ckeditor +ckfinder +cl +claim +claims +class +classes +classic +classified +classifieds +classroompages +cleanup +clear +clearcookies +clearpixel +click +clickheat +clickout +clicks +client +client_configs +clientaccesspolicy +clientapi +clientes +clients +clientscript +clipart +clips +clk +clock +close +closed +closing +club +cluster +clusters +cm +cmd +cmpi_popup +cms +cmsadmin +cn +cnf +cnstats +cnt +co +cocoon +code +codec +codecs +codepages +codes +coffee +cognos +coke +coldfusion +collapse +collection +college +columnists +columns +com +com1 +com2 +com3 +com4 +com_sun_web_ui +comics +comm +command +comment +comment-page +comment-page-1 +commentary +commented +comments +commerce +commercial +common +commoncontrols +commun +communication +communications +communicator +communities +community +comp +compact +companies +company +compare +compare_product +comparison +comparison_list +compat +compiled +complaint +complaints +compliance +component +components +compose +composer +compress +compressed +computer +computers +computing +comunicator +con +concrete +conditions +conf +conference +conferences +config +config.local +config.properties +configs +configuration +configure +confirm +confirmed +conlib +conn +connect +connections +connector +connectors +console +constant +constants +consulting +consumer +cont +contact +contact-form +contact-us +contact_bean +contact_us +contactinfo +contacto +contacts +contacts.txt +contactus +contao +contato +contenido +content +contents +contest +contests +contract +contracts +contrib +contribute +contribute.json +contributor +control +controller +controllers +controlpanel +controls +converge_local +converse +cookie +cookie_usage +cookies +cool +copies +copy +copyright +copyright-policy +corba +core +coreg +corp +corpo +corporate +corporation +corrections +cosign.key +cosign.pub +count +counter +counters +country +counts +coupon +coupons +coupons1 +course +courses +cover +covers +cp +cpadmin +cpanel +cpanel_file +cpath +cpp +cps +cpstyles +cr +crack +crash +crashes +create +create_account +createaccount +createbutton +creation +creator +credentials +credentials.txt +credit +creditcards +credits +crime +crm +crms +cron +cronjobs +crons +crontab +crontabs +crossdomain +crossdomain.xml +crs +crtr +crypt +crypto +cs +cse +csproj +css +csv +ct +ctl +culture +currency +current +custom +custom-log +custom_log +customavatars +customcode +customer +customer_login +customers +customgroupicons +customize +cute +cutesoft_client +cv +cvs +cxf +cy +cyberworld +cycle_image +cz +czcmdcvt +d +da +daemon +daily +dan +dana-na +dark +dashboard +dat +data +database +database_administration +databases +datafiles +datas +date +daten +datenschutz +dating +dav +day +db +db_connect +dba +dbadmin +dbase +dbboon +dbg +dbi +dblclk +dbm +dbman +dbmodules +dbms +dbutil +dc +dcforum +dclk +de +de_DE +deal +dealer +dealers +deals +debian +debug +dec +decl +declaration +declarations +decode +decoder +decrypt +decrypted +decryption +def +default +default_icon +default_image +default_logo +default_page +default_pages +defaults +definition +definitions +del +delete +deleted +deleteme +deletion +delicious +demo +demo2 +demos +denied +deny +departments +deploy +deployment +descargas +design +designs +desktop +desktopmodules +desktops +destinations +detail +details +deutsch +dev +dev2 +dev60cgi +devel +develop +developement +developer +developers +development +development.log +device +devices +devs +devtools +df +dh_ +dh_phpmyadmin +di +diag +diagnostics +dial +dialog +dialogs +diary +dictionary +diff +diffs +dig +digest +digg +digital +dir +dir-login +dir-prop-base +dirbmark +direct +directadmin +directions +directories +directorio +directory +dirs +disabled +disallow +disclaimer +disclosure +discootra +discount +discovery +discus +discuss +discussion +disdls +disk +dispatch +dispatcher +display +display_vvcodes +dist +divider +django +dk +dl +dll +dm +dm-config +dmdocuments +dms +dms0 +dns +do +doc +docebo +docedit +dock +docroot +docs +docs41 +docs51 +document +document_library +documentation +documents +doinfo +dokuwiki +domain +domains +donate +donations +done +dot +doubleclick +down +download +download_private +downloader +downloads +downsys +draft +drafts +dragon +draver +driver +drivers +drop +dropped +drupal +ds +dummy +dump +dumpenv +dumps +dumpuser +dvd +dwr +dyn +dynamic +dyop_addtocart +dyop_delete +dyop_quan +e +e-mail +e-store +e107_admin +e107_files +e107_handlers +e2fs +ear +easy +ebay +eblast +ebook +ebooks +ebriefs +ec +ecard +ecards +echannel +ecommerce +ecrire +edge +edgy +edit +edit_link +edit_profile +editaddress +editor +editorial +editorials +editors +editpost +edits +edp +edu +education +ee +effort +efforts +egress +ehdaa +ejb +el +electronics +element +elements +elmar +em +email +email-a-friend +email-addresses +emailafriend +emailer +emailhandler +emailing +emailproduct +emails +emailsignup +emailtemplates +embed +embedd +embedded +emea +emergency +emoticons +employee +employees +employers +employment +empty +emu +emulator +en +en_US +en_us +enable-cookies +enc +encode +encoder +encrypt +encrypted +encryption +encyption +end +enduser +endusers +energy +enews +eng +engine +engines +english +enterprise +entertainment +entries +entropybanner +entry +env +environ +environment +ep +eproducts +equipment +eric +err +erraddsave +errata +error +error-espanol +error-log +error404 +error_docs +error_log +error_message +error_pages +errordocs +errorpage +errorpages +errors +erros +es +es_ES +esale +esales +eshop +esp +espanol +established +estilos +estore +esupport +et +etc +ethics +eu +europe +evb +event +events +evil +evt +ewebeditor +ews +ex +example +examples +excalibur +excel +exception_log +exch +exchange +exchweb +exclude +exe +exec +executable +executables +exiar +exit +expert +experts +exploits +explore +explorer +export +exports +ext +ext2 +extension +extensions +extern +external +externalid +externalisation +externalization +extra +extranet +extras +ezshopper +ezsqliteadmin +f +fa +fabric +face +facebook +faces +facts +faculty +fail +failed +failure +fake +family +fancybox +faq +faqs +fashion +favicon.ico +favorite +favorites +fb +fbook +fc +fcategory +fcgi +fcgi-bin +fck +fckeditor +fdcp +feature +featured +features +federation/clients +fedora +feed +feedback +feedback_js +feeds +felix +fetch +fi +field +fields +file +fileadmin +filelist +filemanager +files +fileupload +fileuploads +filez +film +films +filter +finance +financial +find +finger +finishorder +firefox +firewall +firewalls +firmconnect +firms +firmware +first +fixed +fk +fla +flag +flags +flash +flash-intro +flex +flights +flow +flowplayer +flows +flv +flvideo +flyspray +fm +fn +focus +foia +folder +folder_new +folders +font +fonts +foo +food +football +footer +footers +for +forcedownload +forget +forgot +forgot-password +forgot_password +forgotpassword +forgotten +form +format +formatting +formhandler +formmail +forms +forms1 +formsend +formslogin +formupdate +foro +foros +forrest +fortune +forum +forum1 +forum2 +forum_old +forumcp +forumdata +forumdisplay +forums +forward +foto +fotos +foundation +fpdb +fpdf +fr +fr_FR +frame +frames +frameset +framework +francais +france +free +freebsd +freeware +french +friend +friends +frm_attach +frob +from +front +frontend +frontpage +fs +fsck +ftp +fuck +fuckoff +fuckyou +full +fun +func +funcs +function +function.require +functionlude +functions +fund +funding +funds +furl +fusion +future +fw +fwlink +fx +g +ga +gadget +gadgets +gaestebuch +galeria +galerie +galleries +gallery +gallery2 +game +gamercard +games +gaming +ganglia +garbage +gate +gateway +gb +gbook +gccallback +gdform +geeklog +gen +general +generateditems +generator +generic +gentoo +geo +geoip +german +geronimo +gest +gestion +gestione +get +get-file +getFile.cfm +get_file +getaccess +getconfig +getfile +getjobid +getout +gettxt +gfen +gfx +gg +gid +gif +gifs +gift +giftcert +giftoptions +giftreg_manage +giftregs +gifts +git +gitweb +gl +glance_config +glimpse +global +global.asa +global.asax +globalnav +globals +globes_admin +glossary +go +goaway +gold +golf +gone +goods +goods_script +google +google_sitemap +googlebot +goto +government +gp +gpapp +gpl +gprs +gps +gr +gracias +grafik +grant +granted +grants +graph +graphics +green +greybox +grid +group +group_inlinemod +groupcp +groups +groupware +gs +gsm +guess +guest +guest-tracking +guestbook +guests +gui +guide +guidelines +guides +gump +gv_faq +gv_redeem +gv_send +gwt +gz +h2-console +h +hack +hacker +hacking +hackme +hadoop +handle +handler +handlers +handles +hangfire +happen +happening +hard +hardcore +hardware +harm +harming +harmony +head +header +header_logo +headers +headlines +health +healthz +healthcare +hello +helloworld +help +help_answer +helpdesk +helper +helpers +hi +hidden +hide +high +highslide +hilfe +hipaa +hire +history +hit +hitcount +hits +hold +hole +holiday +holidays +home +homepage +homes +homework +honda +hooks +hop +horde +host +host-manager +hosted +hosting +hosts +hotel +hotels +hour +hourly +house +how +howto +hp +hpwebjetadmin +hr +ht +hta +htbin +htdig +htdoc +htdocs +htm +html +htmlarea +htmls +htpasswd +http +httpd +httpdocs +httpmodules +https +httpuser +hu +human +humans +humans.txt +humor +hyper +i +ia +ibm +icat +ico +icon +icons +icq +id +id_rsa +id_rsa.pub +idbc +idea +ideas +identity +idp +ids +ie +if +iframe +iframes +ig +ignore +ignoring +iis +iisadmin +iisadmpwd +iissamples +im +image +imagefolio +imagegallery +imagenes +imagens +images +images01 +images1 +images2 +images3 +imanager +img +img2 +imgs +immagini +imp +import +important +imports +impressum +in +inbound +inbox +inc +incl +include +includes +incoming +incs +incubator +index +index.htm +index.html +index.php +index1 +index2 +index2.php +index3 +index3.php +index_01 +index_1 +index_2 +index_adm +index_admin +index_files +index_var_de +indexes +industries +industry +indy_admin +inetpub +inetsrv +inf +info +info.php +information +informer +infos +infos.php +infraction +ingres +ingress +ini +init +injection +inline +inlinemod +input +inquire +inquiries +inquiry +insert +install +install-xaff +install-xaom +install-xbench +install-xfcomp +install-xoffers +install-xpconf +install-xrma +install-xsurvey +install.mysql +install.pgsql +installation +installer +installwordpress +instance +instructions +insurance +int +intel +intelligence +inter +interactive +interface +interim +intermediate +intern +internal +international +internet +interview +interviews +intl +intra +intracorp +intranet +intro +introduction +inventory +investors +invitation +invite +invoice +invoices +ioncube +ios/config +ip +ipc +ipdata +iphone +ipn +ipod +ipp +ips +ips_kernel +ir +iraq +irc +irc-macadmin +is +is-bin +isapi +iso +isp +issue +issues +it +it_IT +ita +item +items +iw +j +j2ee +j2me +ja +ja_JP +jacob +jakarta +japan +jar +java +java-plugin +java-sys +javac +javadoc +javascript +javascripts +javax +jboss +jbossas +jbossws +jdbc +jdk +jennifer +jessica +jexr +jhtml +jigsaw +jira +jj +jmx-console +job +jobs +joe +john +join +joinrequests +joomla +journal +journals +jp +jpa +jpegimage +jpg +jquery +jre +jrun +js +js-lib +jsFiles +jscript +jscripts +jsession +jsf +json +json-api +jsp +jsp-examples +jsp2 +jsps +jsr +jsso +jsx +jump +juniper +junk +jvm +jwks.json +k +katalog +kb +kb_results +kboard +kcaptcha +keep +kept +kernel +key +keygen +keys +keyword +keywords +kids +kill +kiosk +known_hosts +ko +ko_KR +kontakt +konto-eroeffnen +kr +kunden +l +la +lab +labels +labs +landing +landingpages +landwind +lang +lang-en +lang-fr +langs +language +languages +laptops +large +lastnews +lastpost +lat_account +lat_driver +lat_getlinking +lat_signin +lat_signout +lat_signup +latest +launch +launcher +launchpage +law +layout +layouts +ldap +leader +leaders +leads +learn +learners +learning +left +legacy +legal +legal-notice +legislation +lenya +lessons +letters +level +lg +lgpl +lib +librairies +libraries +library +libs +lic +licence +license +license_afl +licenses +licensing +life +lifestyle +lightbox +limit +line +link +link-to-us +linkex +linkmachine +links +links_submit +linktous +linux +lisence +lisense +list +list-create +list-edit +list-search +list-users +list-view +list_users +listadmin +listinfo +listing +listings +lists +listusers +listview +live +livechat +livehelp +liveness +livesupport +livezilla +lo +load +loader +loading +loc +local +locale +localstart +location +locations +locator +lock +locked +lockout +lofiversion +log +log4j +log4net +logfile +logfiles +logfileview +logger +logging +login +login-redirect +login-us +login1 +login_db +login_sendpass +login_check +loginadmin +loginflat +logins +logo +logo_sysadmin +logoff +logon +logos +logout +logs +logview +loja +lost +lost+found +lostpassword +love +low +lp +lpt1 +lpt2 +ls +lst +lt +lucene +lunch_menu +lv +m +m1 +m6 +m6_edit_item +m6_invoice +m6_pay +m7 +m_images +ma +mac +macadmin +macromedia +maestro +magazin +magazine +magazines +magento +magic +magnifier_xml +magpierss +mail +mail_link +mail_password +mailbox +mailer +mailing +mailinglist +mailings +maillist +mailman +mails +mailtemplates +mailto +main +main.mdb +mainfile +maint +maintainers +mainten +maintenance +makefile +mal +mall +mambo +mambots +man +mana +manage +managed +management +manager +manifest +manifest.mf +mantis +manual +manuallogin +manuals +manufacturer +manufacturers +map +maps +mark +market +marketing +marketplace +markets +master +master.passwd +masterpages +masters +masthead +match +matches +math +matrix +matt +maven +mb +mbo +mbox +mc +mchat +mcp +mdb +mdb-database +me +media +media_center +mediakit +mediaplayer +medias +mediawiki +medium +meetings +mein-konto +mein-merkzettel +mem +member +member2 +memberlist +members +membership +membre +membres +memcached +memcp +memlogin +memo +memory +menu +menus +merchant +merchant2 +message +messageboard +messages +messaging +meta +meta-inf +meta_login +meta_tags +metabase +metadata +metaframe +metatags +mfa/challenge +mgr +michael +microsoft +midi +migrate +migrated +migration +military +min +mina +mine +mini +mini_cal +minicart +minimum +mint +minute +mirror +mirrors +misc +miscellaneous +missing +mission +mix +mk +mkstats +ml +mlist +mm +mm5 +mms +mmwip +mo +mobi +mobil +mobile +mock +mod +modcp +mode +model +models +modelsearch +modem +moderation +moderator +modify +modlogan +mods +module +modules +modulos +mojo +money +monitor +monitoring +monitors +month +monthly +moodle +more +motd +moto-news +moto1 +mount +move +moved +movie +movies +moving.page +mozilla +mp +mp3 +mp3s +mqseries +mrtg +ms +ms-sql +msadc +msadm +msft +msg +msie +msn +msoffice +mspace +msql +mssql +mstpre +mt +mt-bin +mt-search +mt-static +mta +multi +multimedia +music +mx +my +my-account +my-components +my-gift-registry +my-sql +my-wishlist +myaccount +myadmin +myblog +mycalendar +mycgi +myfaces +myhomework +myicons +mypage +myphpnuke +myspace +mysql +mysqld +mysqldumper +mysqlmanager +mytag_js +mytp +n +nachrichten +nagios +name +names +national +nav +navSiteAdmin +navigation +navsiteadmin +nc +ne +net +netbsd +netcat +nethome +nets +netscape +netstat +netstorage +network +networking +new +newadmin +newattachment +newposts +newreply +news +news_insert +newsadmin +newsite +newsletter +newsletters +newsline +newsroom +newssys +newstarter +newthread +newticket +next +nextcloud +nfs +nice +nieuws +ningbar +nk9 +nl +no +no-index +nobody +node +noindex +nokia +none +note +notes +notfound +noticias +notification +notifications +notified +notifier +notify +novell +nr +ns +nsf +ntopic +nude +nuke +nul +null +number +nxfeed +nz +o +oa_servlets +oauth +oauth/authorize +oauth/device/code +oauth/revoke +oauth/token +oauth/token/info +obdc +obj +object +objects +obsolete +obsoleted +odbc +ode +oem +of +ofbiz +off +offer +offerdetail +offers +office +offices +offline +ogl +oidc/register +old +old-site +old_site +oldie +oldsite +omited +on +onbound +online +onsite +op +open +open-account +openads +openapp +openbsd +opencart +opendir +openejb +openfile +openjpa +opensearch +opensource +openvpnadmin +openx +opera +operations +operator +opinion +opinions +opml +oprocmgr-status +opros +opt +option +options +ora +oracle +oradata +order +order-detail +order-follow +order-history +order-opc +order-return +order-slip +order_history +order_status +orderdownloads +ordered +orderfinished +orders +orderstatus +ordertotal +org +organisation +organisations +organizations +orig +original +os +osc +oscommerce +other +others +otrs +out +outcome +outgoing +outils +outline +output +outreach +oversikt +overview +owa +owl +owncloud +owners +ows +ows-bin +p +p2p +p7pm +pa +pack +package +package.json +packaged +packages +packaging +packed +pad +page +page-not-found +page1 +page2 +page_1 +page_2 +page_sample1 +pageid +pagenotfound +pager +pages +pagination +paid +paiement +pam +panel +panelc +paper +papers +parse +par +part +partenaires +partner +partners +parts +party +pass +passes +passive +passport +passw +passwd +passwor +password +passwords +past +patch +patches +patents +path +pay +payment +payment_gateway +payments +paypal +paypal_notify +paypalcancel +paypalok +pbc_download +pbcs +pbcsad +pbcsi +pbo +pc +pci +pconf +pd +pda +pdf +pdf-invoice +pdf-order-slip +pdfs +pear +peek +peel +pem +pending +people +perf +performance +perl +perl5 +person +personal +personals +pfx +pg +pgadmin +pgp +pgsql +phf +phishing +phone +phones +phorum +photo +photodetails +photogallery +photography +photos +php +php-bin +php-cgi +php.ini +php168 +php3 +phpBB +phpBB2 +phpBB3 +phpEventCalendar +phpMyAdmin +phpMyAdmin2 +phpSQLiteAdmin +php_uploads +phpadmin +phpads +phpadsnew +phpbb +phpbb2 +phpbb3 +phpinfo +phpinfo.php +phpinfos.php +phpldapadmin +phplist +phplive +phpmailer +phpmanual +phpmv2 +phpmyadmin +phpmyadmin2 +phpnuke +phppgadmin +phps +phpsitemapng +phpthumb +phtml +pic +pics +picts +picture +picture_library +picturecomment +pictures +pii +ping +pingback +pipe +pipermail +piranha +pivot +piwik +pix +pixel +pixelpost +pkg +pkginfo +pkgs +pl +placeorder +places +plain +plate +platz_login +play +player +player.swf +players +playing +playlist +please +plenty +plesk-stat +pls +plugin +plugins +plus +plx +pm +pma +pmwiki +pnadodb +png +pntables +pntemp +poc +podcast +podcasting +podcasts +poi +poker +pol +policies +policy +politics +poll +pollbooth +polls +pollvote +pool +pop +pop3 +popular +populate +popup +popup_content +popup_cvv +popup_image +popup_info +popup_magnifier +popup_poptions +popups +porn +port +portal +portals +portfolio +portfoliofiles +portlet +portlets +ports +pos +post +post_thanks +postcard +postcards +posted +postgres +postgresql +posthistory +postinfo +posting +postings +postnuke +postpaid +postreview +posts +posttocar +power +power_user +pp +ppc +ppcredir +ppt +pr +pr0n +pre +preferences +preload +premiere +premium +prepaid +prepare +presentation +presentations +preserve +press +press_releases +presse +pressreleases +pressroom +prev +preview +previews +previous +price +pricelist +prices +pricing +print +print_order +printable +printarticle +printenv +printer +printers +printmail +printpdf +printthread +printview +priv +privacy +privacy-policy +privacy_policy +privacypolicy +privat +private +private2 +privateassets +privatemsg +prive +privmsg +privs +prn +pro +probe +problems +proc +procedures +process +process_order +processform +procure +procurement +prod +prodconf +prodimages +producers +product +product-sort +product_compare +product_image +product_images +product_info +product_reviews +product_thumb +productdetails +productimage +production +production.log +productquestion +products +products_new +productspecs +productupdates +produkte +professor +profil +profile +profiles +profiling +proftpd +prog +program +programming +programs +progress +project +project-admins +projects +promo +promos +promoted +promotion +promotions +proof +proofs +prop +prop-base +properties +property +props +prot +protect +protected +protection +proto +provider +providers +proxies +proxy +prueba +pruebas +prv +prv_download +ps +psd +psp +psql +pt +pt_BR +ptopic +pub +public +public_ftp +public_html +publication +publications +publicidad +publish +published +publisher +pubs +pull +purchase +purchases +purchasing +pureadmin +push +put +putty +putty.reg +pw +pw_ajax +pw_api +pw_app +pwd +py +python +q +q1 +q2 +q3 +q4 +qa +qinetiq +qotd +qpid +qsc +quarterly +queries +query +question +questions +queue +queues +quick +quickstart +quiz +quote +quotes +r +r57 +radcontrols +radio +radmind +radmind-1 +rail +rails +ramon +random +rank +ranks +rar +rarticles +rate +ratecomment +rateit +ratepic +rates +ratethread +rating +rating0 +ratings +rb +rcLogin +rcp +rcs +rct +rd +rdf +read +reader +readfile +readfolder +readiness +readme +real +realaudio +realestate +receipt +receipts +receive +received +recent +recharge +recherche +recipes +recommend +recommends +record +recorded +recorder +records +recoverpassword +recovery +recycle +recycled +red +reddit +redesign +redir +redirect +redirector +redirects +redis +ref +refer +reference +references +referer +referral +referrers +refuse +refused +reg +reginternal +region +regional +register +registered +registration +registrations +registro +reklama +related +release +releases +religion +remind +remind_password +reminder +remote +remotetracer +removal +removals +remove +removed +render +render?url=https://www.google.com +render/https://www.google.com +rendered +reorder +rep +repl +replica +replicas +replicate +replicated +replication +replicator +reply +repo +report +reporting +reports +reports list +repository +repost +reprints +reputation +req +reqs +request +requested +requests +require +requisite +requisition +requisitions +res +research +reseller +resellers +reservation +reservations +resin +resin-admin +resize +resolution +resolve +resolved +resource +resources +respond +responder +rest +restaurants +restore +restored +restricted +result +results +resume +resumes +retail +returns +reusablecontent +reverse +reversed +revert +reverted +review +reviews +rfid +rhtml +right +ro +roadmap +roam +roaming +robot +robotics +robots +robots.txt +role +roles +roller +room +root +rorentity +rorindex +rortopics +route +router +routes +rpc +rs +rsa +rss +rss10 +rss2 +rss20 +rssarticle +rssfeed +rsync +rte +rtf +ru +rub +ruby +rule +rules +run +rus +rwservlet +s +s1 +sa +safe +safety +sale +sales +salesforce +sam +samba +saml +sample +samples +san +sandbox +sav +save +saved +saves +sb +sbin +sc +scan +scanned +scans +scgi-bin +sched +schedule +scheduled +scheduling +schema +schemas +schemes +school +schools +science +scope +scr +scratc +screen +screens +screenshot +screenshots +script +scripte +scriptlet +scriptlets +scriptlibrary +scriptresource +scripts +sd +sdk +se +search +search-results +search_result +search_results +searchnx +searchresults +searchurl +sec +seccode +second +secondary +secret +secrets +section +sections +secure +secure_login +secureauth +secured +secureform +secureprocess +securimage +security +security.txt +seed +select +selectaddress +selected +selection +self +sell +sem +seminar +seminars +send +send-password +send-email +send_order +send_pwd +send_to_friend +sendform +sendfriend +sendmail +sendmessage +sendpm +sendthread +sendto +sendtofriend +sensepost +sensor +sent +seo +serial +serv +serve +server +server-info +server-status +server_admin_small +server_stats +servers +service +services +servicios +servlet +servlets +servlets-examples +servlet/GetProductVersion +sess +session +sessionid +sessions +set +setcurrency +setlocale +setting +settings +setup +setvatsetting +sex +sf +sg +sh +shadow +shaken +share +shared +shares +shell +shim +ship +shipped +shipping +shipping_help +shippinginfo +shipquote +shit +shockwave +shop +shop_closed +shop_content +shopadmin +shopper +shopping +shopping-lists +shopping_cart +shoppingcart +shops +shops_buyaction +shopstat +shopsys +shoutbox +show +show_post +show_thread +showallsites +showcase +showcat +showcode +showcode.asp +showenv +showgroups +showjobs +showkey +showlogin +showmap +showmsg +showpost +showroom +shows +showthread +shtml +si +sid +sign +sign-up +sign_up +signature +signaturepics +signed +signer +signin +signing +signoff +signon +signout +signup +simple +simpleLogin +simplelogin +single +single_pages +sink +site +site-map +site_map +siteadmin +sitebuilder +sitecore +sitefiles +siteimages +sitemap +sitemap.gz +sitemap.xml +sitemaps +sitemgr +sites +sitesearch +sk +skel +skin +skin1 +skin1_original +skins +skip +sl +slabel +slashdot +slide_show +slides +slideshow +slimstat +sling +sm +small +smarty +smb +smblogin +smf +smile +smiles +smileys +smilies +sms +smtp +snippets +snoop +snp +so +soap +soapdocs +soaprouter +social +soft +software +sohoadmin +solaris +sold +solution +solutions +solve +solved +somebody +songs +sony +soporte +sort +sound +sounds +source +sources +sox +sp +space +spacer +spain +spam +spamlog.log +spanish +spaw +speakers +spec +special +special_offers +specials +specified +specs +speedtest +spellchecker +sphider +spider +spiders +splash +sponsor +sponsors +spool +sport +sports +spotlight +spryassets +spyware +sq +sql +sql-admin +sqladmin +sqlmanager +sqlnet +sqlweb +squelettes +squelettes-dist +squirrel +squirrelmail +sr +src +srchad +srv +ss +ss_vms_admin_sm +ssfm +ssh +sshadmin +ssi +ssl +ssl_check +sslvpn +ssn +sso +ssp_director +st +stackdump +staff +staff_directory +stage +staging +stale +standalone +standard +standards +star +staradmin +start +starter +startpage +stat +state +statement +statements +states +static +staticpages +statistic +statistics +statistik +stats +statshistory +status +statusicon +stock +stoneedge +stop +storage +store +store_closed +stored +stores +stories +story +stow +strategy +stream +string +strut +struts +student +students +studio +stuff +style +style_avatars +style_captcha +style_css +style_emoticons +style_images +styles +stylesheet +stylesheets +sub +sub-login +subdomains +subject +submenus +submissions +submit +submitter +subs +subscribe +subscribed +subscriber +subscribers +subscription +subscriptions +success +suche +sucontact +suffix +suggest +suggest-listing +suite +suites +summary +sun +sunos +super +supplier +support +support_login +supported +surf +survey +surveys +suspended.page +suupgrade +sv +svc +svn +svn-base +svr +sw +swajax1 +swf +swfobject.js +swfs +switch +sws +synapse +sync +synced +syndication +sys +sys-admin +sysadmin +sysadmin2 +sysadmins +sysmanager +system +system-admin +system-administration +system_admin +system_administration +system_web +systems +sysuser +szukaj +t +t1 +t3lib +table +tabs +tag +tagline +tags +tail +talk +talks +tape +tapes +tapestry +tar +tar.bz2 +tar.gz +target +tartarus +task +tasks +taxonomy +tb +tcl +te +team +tech +technical +technology +tel +tele +television +tell_a_friend +tell_friend +tellafriend +temaoversikt +temp +templ +template +templates +templates_c +templets +temporal +temporary +temps +term +terminal +terms +terms-of-use +terms_privacy +termsofuse +terrorism +test +test-cgi +test-env +test1 +test123 +test1234 +test2 +test3 +test_db +teste +testimonial +testimonials +testing +tests +testsite +texis +text +text-base +textobject +textpattern +texts +tgp +tgz +th +thank-you +thanks +thankyou +the +theme +themes +thickbox +third-party +this +thread +threadrate +threads +threadtag +thumb +thumbnail +thumbnails +thumbs +thumbs.db +ticket +ticket_list +ticket_new +tickets +tienda +tiki +tiles +time +timeline +tiny_mce +tinymce +tip +tips +title +titles +tl +tls +tmp +tmpl +tmps +tn +tncms +to +toc +today +todel +todo +toggle +token +token/introspect +token/revoke +tomcat +tomcat-docs +tool +toolbar +toolkit +tools +top +top1 +topic +topicadmin +topics +toplist +toplists +topnav +topsites +torrent +torrents +tos +tour +tours +toys +tp +tpl +tpv +tr +trac +trace +traceroute +traces +track +trackback +trackclick +tracker +trackers +tracking +trackpackage +tracks +trade +trademarks +traffic +trailer +trailers +training +trans +transaction +transactions +transfer +transformations +translate +translations +transparent +transport +trap +trash +travel +treasury +tree +trees +trends +trial +true +trunk +tslib +tsweb +tt +tuning +turbine +tuscany +tutorial +tutorials +tv +tw +twatch +tweak +twiki +twitter +tx +txt +type +typo3 +typo3_src +typo3conf +typo3temp +typolight +u +ua +ubb +uc +uc_client +uc_server +ucenter +ucp +uddi +uds +ui +ui_config.properties +uk +umbraco +umbraco_client +umts +uncategorized +under_update +uninstall +union +unix +unlock +unpaid +unreg +unregister +unsafe +unsubscribe +unused +up +upcoming +upd +update +updated +updateinstaller +updater +updates +updates-topic +upgrade +upgrade.readme +upload +upload_file +upload_files +uploaded +uploadedfiles +uploadedimages +uploader +uploadfile +uploadfiles +uploads +ur-admin +urchin +url +urlrewriter +urls +us +usa +usage +user +user_upload +useradmin +userapp +usercontrols +usercp +usercp2 +userdir +userfiles +userimages +userinfo +userlist +userlog +userlogin +usermanager +username +usernames +usernote +users +usr +usrmgr +usrs +ustats +usuario +usuarios +util +utilities +utility +utility_login +utils +v +v1 +v1/client_configs +v2 +v2/client_configs +v3 +v4 +vadmind +validation +validatior +vap +var +vault +vb +vbmodcp +vbs +vbscript +vbscripts +vbseo +vbseocp +vcss +vdsbackup +vector +vehicle +vehiclemakeoffer +vehiclequote +vehicletestdrive +velocity +venda +vendor +vendors +ver +ver1 +ver2 +version +version.json +verwaltung +vfs +vi +viagra +vid +video +videos +view +view-source +view_cart +viewcart +viewcvs +viewer +viewfile +viewforum +viewlogin +viewonline +views +viewsource +viewsvn +viewthread +viewtopic +viewvc +vip +virtual +virus +visit +visitor +visitormessage +vista +vm +vmailadmin +void +voip +vol +volunteer +vote +voted +voter +votes +vp +vpg +vpn +vs +vsadmin +vuln +vvc_display +w +w3 +w3c +w3svc +wa +wallpaper +wallpapers +wap +war +warenkorb +warez +warn +way-board +wbboard +wbsadmin +wc +wcs +wdav +weather +web +web-beans +web-console +web-inf +web.config +web.xml +web1 +web2 +web3 +web_users +webaccess +webadm +webadmin +webagent +webalizer +webapp +webapps +webb +webbbs +webboard +webcalendar +webcam +webcart +webcast +webcasts +webcgi +webcharts +webchat +webctrl_client +webdata +webdav +webdb +webdist +webedit +webfm_send +webhits +webim +webinar +weblog +weblogic +weblogs +webmail +webmaster +webmasters +webpack.manifest.json +webpages +webplus +webresource +websearch +webservice +webservices +webshop +website +websites +websphere +websql +webstat +webstats +websvn +webtrends +webusers +webvpn +webwork +wedding +week +weekly +welcome +wellcome +werbung +wget +what +whatever +whatnot +whatsnew +white +whitepaper +whitepapers +who +whois +wholesale +whosonline +why +wicket +wide_search +widget +widgets +wifi +wii +wiki +will +win +win32 +windows +wink +winnt +wireless +wishlist +with +wizmysqladmin +wml +wolthuis +word +wordpress +work +workarea +workflowtasks +working +workplace +works +workshop +workshops +world +worldpayreturn +worldwide +wow +wp +wp-admin +wp-app +wp-atom +wp-blog-header +wp-comments +wp-commentsrss2 +wp-config +wp-content +wp-cron +wp-dbmanager +wp-feed +wp-icludes +wp-images +wp-includes +wp-links-opml +wp-load +wp-login +wp-mail +wp-pass +wp-rdf +wp-register +wp-rss +wp-rss2 +wp-settings +wp-signup +wp-syntax +wp-trackback +wpau-backup +wpcallback +wpcontent +wps +wrap +writing +ws +ws-client +ws_ftp +wsdl +wss +wstat +wstats +wt +wtai +wusage +wwhelp +www +www-sql +www1 +www2 +www3 +wwwboard +wwwjoin +wwwlog +wwwroot +wwwstat +wwwstats +wwwthreads +wwwuser +wysiwyg +wysiwygpro +x +xajax +xajax_js +xalan +xbox +xcache +xcart +xd_receiver +xdb +xerces +xfer +xhtml +xlogin +xls +xmas +xml +xml-rpc +xmlfiles +xmlimporter +xmlrpc +xmlrpc.php +xn +xsl +xslt +xsql +xx +xxx +xyz +xyzzy +y +yahoo +year +yearly +yesterday +yml +yonetici +yonetim +youtube +yshop +yt +yui +z +zap +zboard +zencart +zend +zero +zeus +zh +zh-cn +zh-tw +zh_CN +zh_TW +zimbra +zip +zipfiles +zips +zoeken +zoom +zope +zorum +zt +~adm +~admin +~administrator +~amanda +~apache +~bin +~ftp +~guest +~http +~httpd +~log +~logs +~lp +~mail +~nobody +~operator +~root +~sys +~sysadm +~sysadmin +~test +~tmp +~user +~webmaster +~www +dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB +dns-query?name=google.com&type=A \ No newline at end of file diff --git a/myapp/crawledlinks.py b/myapp/crawledlinks.py new file mode 100644 index 0000000..bf8dc63 --- /dev/null +++ b/myapp/crawledlinks.py @@ -0,0 +1,59 @@ +import requests +from bs4 import BeautifulSoup +from urllib.parse import urljoin, urlparse +import concurrent.futures + +# Set of visited URLs to avoid duplicate crawling +visited_urls = set() + +# Function to find and process links and resources on a given page +def crawl(url, base_url): + links = [] + resources = [] + try: + response = requests.get(url, timeout=5) + response.raise_for_status() + soup = BeautifulSoup(response.text, "html.parser") + + # Find all anchor tags and their href attributes + for a_tag in soup.find_all("a", href=True): + link = urljoin(url, a_tag["href"]) + # Process only internal links + if is_internal_link(link, base_url): + links.append(link) + + # Find resources like images, scripts, and stylesheets + for tag in soup.find_all(["img", "script", "link"]): + src = tag.get("src") or tag.get("href") + if src: + resource_url = urljoin(url, src) + resources.append(resource_url) + + except requests.RequestException as e: + print(f"Error fetching {url}: {e}") + + return links, resources + +# Helper function to check if a link is internal +def is_internal_link(url, base_url): + return urlparse(url).netloc == urlparse(base_url).netloc + +# Function to crawl the website and return all unique links +def crawl_website(base_url): + visited_urls.clear() # Reset visited URLs for each new crawl + all_links = set() + + def _crawl_recursive(url): + if url in visited_urls: + return + visited_urls.add(url) + links, resources = crawl(url, base_url) + all_links.update(links) + + # Crawl each link concurrently + with concurrent.futures.ThreadPoolExecutor() as executor: + executor.map(_crawl_recursive, links) + + # Start crawling from the base URL + _crawl_recursive(base_url) + return list(all_links) # Return all unique links as a list diff --git a/myapp/directory-enum.txt b/myapp/directory-enum.txt new file mode 100644 index 0000000..def5e7e --- /dev/null +++ b/myapp/directory-enum.txt @@ -0,0 +1,74 @@ +http://192.168.8.102/ +http://192.168.8.102/0 +http://192.168.8.102/0/ +http://192.168.8.102/D +http://192.168.8.102/ducky/ +http://192.168.8.102/Image +http://192.168.8.102/Image/ +http://192.168.8.102/admin +http://192.168.8.102/admin/ +http://192.168.8.102/audio +http://192.168.8.102/audio/ +http://192.168.8.102/atom +http://192.168.8.102/feed/atom/ +http://192.168.8.102/blog +http://192.168.8.102/blog/ +http://192.168.8.102/cgi-bin/ +http://192.168.8.102/css +http://192.168.8.102/css/ +http://192.168.8.102/d +http://192.168.8.102/ducky/ +http://192.168.8.102/dashboard +http://192.168.8.102/wp-admin/ +http://192.168.8.102/favicon.ico +http://192.168.8.102/feed +http://192.168.8.102/feed/ +http://192.168.8.102/images +http://192.168.8.102/images/ +http://192.168.8.102/image +http://192.168.8.102/image/ +http://192.168.8.102/index.php +http://192.168.8.102/ +http://192.168.8.102/intro +http://192.168.8.102/js +http://192.168.8.102/js/ +http://192.168.8.102/license +http://192.168.8.102/login +http://192.168.8.102/wp-login.php +http://192.168.8.102/page1 +http://192.168.8.102/ +http://192.168.8.102/phpmyadmin +http://192.168.8.102/readme +http://192.168.8.102/rdf +http://192.168.8.102/feed/rdf/ +http://192.168.8.102/render/https://www.google.com +http://192.168.8.102/render/https:/www.google.com +http://192.168.8.102/robots +http://192.168.8.102/robots.txt +http://192.168.8.102/rss +http://192.168.8.102/feed/ +http://192.168.8.102/rss2 +http://192.168.8.102/feed/ +http://192.168.8.102/sitemap +http://192.168.8.102/sitemap.xml +http://192.168.8.102/video +http://192.168.8.102/video/ +http://192.168.8.102/wp-admin +http://192.168.8.102/wp-admin/ +http://192.168.8.102/wp-content +http://192.168.8.102/wp-content/ +http://192.168.8.102/wp-includes +http://192.168.8.102/wp-includes/ +http://192.168.8.102/wp-blog-header +http://192.168.8.102/wp-config +http://192.168.8.102/wp-cron +http://192.168.8.102/wp-links-opml +http://192.168.8.102/wp-load +http://192.168.8.102/wp-mail +http://192.168.8.102/wp-login +http://192.168.8.102/wp-settings +http://192.168.8.102/wp-signup +http://192.168.8.102/wp-login.php?action=register +http://192.168.8.102/wp-trackback +http://192.168.8.102/xmlrpc +http://192.168.8.102/xmlrpc.php diff --git a/myapp/directoty.txt b/myapp/directoty.txt new file mode 100644 index 0000000..4ec296d --- /dev/null +++ b/myapp/directoty.txt @@ -0,0 +1,49 @@ +# Dirsearch started Wed Oct 23 13:43:24 2024 as: C:\Users\User\AppData\Local\Programs\Python\Python310\Scripts\dirsearch -u http://192.168.8.101/ -w common.txt -o directoty.txt + +301 0B http://192.168.8.101/0 -> REDIRECTS TO: http://192.168.8.101/0/ +301 0B http://192.168.8.101/D -> REDIRECTS TO: http://192.168.8.101/ducky/ +301 0B http://192.168.8.101/Image -> REDIRECTS TO: http://192.168.8.101/Image/ +301 235B http://192.168.8.101/admin -> REDIRECTS TO: http://192.168.8.101/admin/ +301 235B http://192.168.8.101/audio -> REDIRECTS TO: http://192.168.8.101/audio/ +301 0B http://192.168.8.101/atom -> REDIRECTS TO: http://192.168.8.101/feed/atom/ +301 234B http://192.168.8.101/blog -> REDIRECTS TO: http://192.168.8.101/blog/ +404 206B http://192.168.8.101/cgi-bin/ +301 233B http://192.168.8.101/css -> REDIRECTS TO: http://192.168.8.101/css/ +301 0B http://192.168.8.101/d -> REDIRECTS TO: http://192.168.8.101/ducky/ +302 0B http://192.168.8.101/dashboard -> REDIRECTS TO: http://192.168.8.101/wp-admin/ +200 0B http://192.168.8.101/favicon.ico +301 0B http://192.168.8.101/feed -> REDIRECTS TO: http://192.168.8.101/feed/ +301 236B http://192.168.8.101/images -> REDIRECTS TO: http://192.168.8.101/images/ +301 0B http://192.168.8.101/image -> REDIRECTS TO: http://192.168.8.101/image/ +301 0B http://192.168.8.101/index.php -> REDIRECTS TO: http://192.168.8.101/ +200 504KB http://192.168.8.101/intro +301 232B http://192.168.8.101/js -> REDIRECTS TO: http://192.168.8.101/js/ +200 7KB http://192.168.8.101/license +302 0B http://192.168.8.101/login -> REDIRECTS TO: http://192.168.8.101/wp-login.php +301 0B http://192.168.8.101/page1 -> REDIRECTS TO: http://192.168.8.101/ +403 94B http://192.168.8.101/phpmyadmin +200 4KB http://192.168.8.101/readme +301 0B http://192.168.8.101/rdf -> REDIRECTS TO: http://192.168.8.101/feed/rdf/ +301 0B http://192.168.8.101/render/https://www.google.com -> REDIRECTS TO: http://192.168.8.101/render/https:/www.google.com +200 41B http://192.168.8.101/robots +200 41B http://192.168.8.101/robots.txt +301 0B http://192.168.8.101/rss -> REDIRECTS TO: http://192.168.8.101/feed/ +301 0B http://192.168.8.101/rss2 -> REDIRECTS TO: http://192.168.8.101/feed/ +200 0B http://192.168.8.101/sitemap +200 0B http://192.168.8.101/sitemap.xml +301 235B http://192.168.8.101/video -> REDIRECTS TO: http://192.168.8.101/video/ +301 238B http://192.168.8.101/wp-admin -> REDIRECTS TO: http://192.168.8.101/wp-admin/ +301 240B http://192.168.8.101/wp-content -> REDIRECTS TO: http://192.168.8.101/wp-content/ +301 241B http://192.168.8.101/wp-includes -> REDIRECTS TO: http://192.168.8.101/wp-includes/ +404 0B http://192.168.8.101/wp-blog-header +200 0B http://192.168.8.101/wp-config +200 0B http://192.168.8.101/wp-cron +200 191B http://192.168.8.101/wp-links-opml +200 0B http://192.168.8.101/wp-load +403 3KB http://192.168.8.101/wp-mail +200 1KB http://192.168.8.101/wp-login +500 0B http://192.168.8.101/wp-settings +302 0B http://192.168.8.101/wp-signup -> REDIRECTS TO: http://192.168.8.101/wp-login.php?action=register +404 135B http://192.168.8.101/wp-trackback +405 42B http://192.168.8.101/xmlrpc +405 42B http://192.168.8.101/xmlrpc.php diff --git a/myapp/direnum.py b/myapp/direnum.py new file mode 100644 index 0000000..f8f1213 --- /dev/null +++ b/myapp/direnum.py @@ -0,0 +1,48 @@ +import requests +from urllib.parse import urljoin +from concurrent.futures import ThreadPoolExecutor, as_completed +import time + +def check_url(full_url): + """Send a GET request to the URL and return the URL if found.""" + try: + response = requests.get(full_url, timeout=5) # Set a timeout for the request + if response.status_code == 200: + print(f"Found: {full_url}") # Print found URL + return full_url + except requests.RequestException as e: + # Optionally log errors + print(f"Request failed for {full_url}: {e}") + return None + +def web_directory_enumeration(url, wordlist, max_workers=10): + """ + Performs fast web directory enumeration using multi-threading. + + Parameters: + url (str): The target URL for enumeration (must include protocol, e.g., http://). + wordlist (str): The path to the wordlist file containing directory names. + max_workers (int): The maximum number of threads to use for requests. + + Returns: + list: A list of found URLs that exist on the server. + """ + found_urls = [] + + # Load the wordlist from the specified file + try: + with open(wordlist, 'r') as file: + paths = [line.strip() for line in file if line.strip()] + except FileNotFoundError: + print(f"Wordlist file '{wordlist}' not found.") + return found_urls + + with ThreadPoolExecutor(max_workers=max_workers) as executor: + future_to_url = {executor.submit(check_url, urljoin(url, path)): path for path in paths} + + for future in as_completed(future_to_url): + result = future.result() + if result: + found_urls.append(result) + + return found_urls \ No newline at end of file diff --git a/myapp/find_links_only.py b/myapp/find_links_only.py new file mode 100644 index 0000000..267ded0 --- /dev/null +++ b/myapp/find_links_only.py @@ -0,0 +1,27 @@ +import re + +# Function to extract links +def find_links_in_file(input_file, output_file): + # Regular expression pattern for matching http and https URLs + url_pattern = r'(https?://[^\s]+)' + + # Read the content of the input file + with open(input_file, 'r') as file: + file_content = file.read() + + # Find all URLs that match the pattern + urls = re.findall(url_pattern, file_content) + + # Write the found URLs to the output file + with open(output_file, 'w') as output: + for url in urls: + output.write(url + '\n') + + print(f"Found {len(urls)} links and saved them to {output_file}") + +# Input and output file paths +output_file = 'directory-enum.txt' + +# Find links in the file and store them in directory-enum.txt +input_file = 'directoty.txt' +find_links_in_file(input_file, output_file) diff --git a/myapp/forms.py b/myapp/forms.py new file mode 100644 index 0000000..4795d86 --- /dev/null +++ b/myapp/forms.py @@ -0,0 +1,59 @@ +from django import forms + +class ScanForm(forms.Form): + domain = forms.CharField(label='Domain', max_length=100, required=True) + + +class GoogleSearchForm(forms.Form): + site_qry = forms.CharField(label='Search Query', max_length=255) + + +class URLScanForm(forms.Form): + urls = forms.CharField(widget=forms.Textarea(attrs={ + 'placeholder': 'Enter multiple URLs, one per line', + 'rows': 10, + 'cols': 50, + }), label='URLs to scan') + +class DomainScanForm(forms.Form): + domain = forms.URLField(label='Domain to Scan', max_length=255) + +class DomainInputForm(forms.Form): + domain = forms.CharField( + max_length=255, + label='Domain', + widget=forms.TextInput(attrs={'placeholder': 'Enter domain to enumerate'}) + ) + +class GitHubScanForm(forms.Form): + repository_url = forms.URLField(label='GitHub Repository URL', required=True) + +class SecretScanForm(forms.Form): + urls = forms.CharField(widget=forms.Textarea(attrs={'rows': 5, 'cols': 60}), label='Enter URLs (one per line)', required=True) + +class LinkScrapingForm(forms.Form): + base_url = forms.URLField(label='Enter the Base URL', required=True) + + +class LinkScrapingFormM(forms.Form): + base_urls = forms.CharField(widget=forms.Textarea, label='Enter URLs (one per line)', required=True) + +class SitemapScanForm(forms.Form): + base_url = forms.URLField(label="Enter the Base URL", required=True) + +class KeywordSearchForm(forms.Form): + keywords = forms.CharField(label="Enter keywords (comma-separated)", required=True, widget=forms.TextInput(attrs={'placeholder': 'e.g., keyword1, keyword2'})) + + +class URLScanForm(forms.Form): + urls = forms.CharField(widget=forms.Textarea, label="Enter URLs (one per line)") + +class GitRepoForm(forms.Form): + repo_url = forms.URLField(label="Git Repository URL") + +class MultiInputSearchForm(forms.Form): + input1 = forms.CharField(label='Input 1', required=True) + input2 = forms.CharField(label='Input 2', required=False) + input3 = forms.CharField(label='Input 3', required=False) + input4 = forms.CharField(label='Input 4', required=False) + input5 = forms.CharField(label='Input 5', required=False) \ No newline at end of file diff --git a/myapp/git_secret.py b/myapp/git_secret.py new file mode 100644 index 0000000..04161ff --- /dev/null +++ b/myapp/git_secret.py @@ -0,0 +1,473 @@ +# git_secret.py +import re +import os +import git +import tempfile + +# Define regex patterns for sensitive information +patterns = { + 'google_api': r'AIza[0-9A-Za-z-_]{35}', + 'google_oauth': r'ya29\.[0-9A-Za-z\-_]+', + 'google_api_key': r"(?i)AIza[0-9A-Za-z\\-_]{35}", + 'google_recaptcha_key': r"(?i)(\"|\')6[0-9a-zA-Z-_]{39}(\"|\')", + 'generic_api_key_inurl': r'https?://[^\s]+[?&](key|api_key|apikey|apiKey|ApiKey|access_token|auth|authentication|token|secret|client_id|client_secret|API_KEY|private_key)=[a-zA-Z0-9_\-]+', + 'generic_api_key_incode': r'\b(key|api_key|apikey|apiKey|ApiKey|access_token|auth|authentication|token|secret|client_id|client_secret|API_KEY|private_key)\s*=\s*["\']([a-zA-Z0-9_\-]+)["\']\s*;?', + 'firebase' : r'AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}', + 'firebase_api_key_pattern' : r'AIza[0-9A-Za-z-_]{35}', + 'firebase_database_url_pattern' : r'https://[a-z0-9-]+\.firebaseio\.com', + 'Firebase API Key': r"(?i)firebase_api_key[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + + 'recaptcha_secret_key_pattern' : r'(?i)(?:=|\'|")?(6L[0-9A-Za-z]{39})(?:=|\'|")?', + + + #'openai_api_key_pattern' : r'(?i)sk-[a-zA-Z0-9]{48}', + 'openai_api_key': r'sk-[a-zA-Z0-9]{48}', + + + 'AWS Access Key ID': r'\bAKIA[0-9A-Z]{16}\b', + 'AWS Access Key ID': r"(?i)aws_access_key_id[:=]\s*['\"]?([A-Z0-9]{20})['\"]?", + 'AWS Secret Access Key': r"(?i)aws_secret_access_key[:=]\s*['\"]?([A-Za-z0-9/+=]{40})['\"]?", + 'aws_access_key_id': r'AWS_ACCESS_KEY_ID=([A-Z0-9]{20})', + 'aws_secret_access_key': r'AWS_SECRET_ACCESS_KEY=([A-Za-z0-9/+=]{40})', + 'aws_access_key_id': r'aws_access_key_id\s*=\s*([A-Za-z0-9]{20})', + 'aws_secret_access_key': r'aws_secret_access_key\s*=\s*([A-Za-z0-9/+=]{40})', + + + 'AWS_Access_Key': r'AKIA[0-9A-Z]{16}', + 'AWS_Secret_Key': r'(?i)aws_secret_access_key[\s:=\'"]*[A-Za-z0-9\/+=]{40}', + 'amazon_aws_access_key_id' : r'A[SK]IA[0-9A-Z]{16}', + 'amazon_mws_auth_toke' : r'amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}', + 'amazon_aws_url' : r's3\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\.s3\.amazonaws.com', + 'azure_appinsights_api_key': r'x-api-key:\s*([a-zA-Z0-9-_]{32})', + 'azure_appinsights_app_id': r'https://api\.applicationinsights\.io/v1/apps/([a-zA-Z0-9-]{36})', + + + 'facebook_access_token' : r'EAACEdEose0cBA[0-9A-Za-z]+', + 'authorization_bearer' : r'bearer [a-zA-Z0-9_\-\.=:_\+\/]{5,100}', + #'authorization_api' : r'api[key|_key|\s+]+[a-zA-Z0-9_\-]{5,100}', + 'mailgun_api_key' : r'key-[0-9a-zA-Z]{32}', + + 'twilio_api_key_pattern' : r'(?:=|["\'])?(SK[0-9a-fA-F]{32})(?:["\']|;)?', + 'twilio_account_sid_pattern' : r'(?:=|["\'])?(AC[0-9a-fA-F]{32})(?:["\']|;)?', + 'twilio_app_sid_pattern' : r'(?:=|["\'])?(AP[0-9a-fA-F]{32})(?:["\']|;)?', + 'Twilio Account SID': r"(?i)twilio_account_sid[:=]\s*['\"]?([A-Za-z0-9]{34})['\"]?", + 'Twilio Auth Token': r"(?i)twilio_auth_token[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + + + 'paypal_braintree_access_token' : r'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}', + 'square_oauth_secret' : r'sq0csp-[ 0-9A-Za-z\-_]{43}|sq0[a-z]{3}-[0-9A-Za-z\-_]{22,43}', + 'square_access_token' : r'sqOatp-[0-9A-Za-z\-_]{22}|EAAA[a-zA-Z0-9]{60}', + 'square_oauth_token_pattern' : r'sandbox-sq0[a-z0-9-]{22,44}', + + 'stripe_standard_api' : r'sk_live_[0-9a-zA-Z]{24}', + 'stripe_restricted_api' : r'rk_live_[0-9a-zA-Z]{24}', + 'picatic_api_key_pattern' : r'(?i)sk_live_[0-9a-z]{32}', + + 'URL API Key': r"https?://[^\s]+[?&](api[-_]?key|key|token|access[-_]?token)=\"[^\"]+\"", + #'General Token': r"(?i)(token|access[-_]?token|auth[-_]?token|client[-_]?secret|secret[-_]?key|private[-_]?key)[:=]\s*['\"]?([a-zA-Z0-9_\-]+)['\"]?", + + # GitHub keys + 'GitHub Token': r"gh[pous]_[A-Za-z0-9_]{36,40}", + 'GitHub Client ID': r"(?i)github_client_id[:=]\s*['\"]?([a-zA-Z0-9]{20})['\"]?", + 'GitHub Client Secret': r"(?i)github_client_secret[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + 'github_access_token' : r'[a-zA-Z0-9_-]*:[a-zA-Z0-9_\-]+@github\.com*', + 'gitlab_access_token_pattern' : r'glpat-[0-9a-zA-Z\-]{20}', + 'github_oauth_token_pattern' : r'ghp_[0-9a-zA-Z]{36}', + 'github_private_ssh_key': r'-----BEGIN OPENSSH PRIVATE KEY-----\s([A-Za-z0-9+/=]+)\s-----END OPENSSH PRIVATE KEY-----', + 'github_client_id': r'client_id=([a-zA-Z0-9]{20})', + 'github_client_secret': r'client_secret=([a-zA-Z0-9]{40})', + + + # General API Key patterns + 'Generic API Key': r"(?i)(api[-_]?key|access[-_]?key|secret[-_]?key|client[-_]?id|client[-_]?secret)[:=]\s*['\"]?([a-zA-Z0-9_\-]{16,64})['\"]?", + + # OAuth & Access Tokens + 'OAuth Access Token': r"(?i)access_token[:=]\s*['\"]?([a-zA-Z0-9\-._~+/]+=*)['\"]?", + 'Bearer Token': r"(?i)bearer\s+[a-zA-Z0-9\-._~+/]+=*", + + # Social Media & Cloud Platform Tokens + 'Facebook Access Token': r"(?i)facebook_access_token[:=]\s*['\"]?([a-zA-Z0-9]{64})['\"]?", + 'Instagram Access Token': r"(?i)instagram_access_token[:=]\s*['\"]?([a-zA-Z0-9]{64})['\"]?", + 'Twitter API Key': r"(?i)twitter_api_key[:=]\s*['\"]?([a-zA-Z0-9]{25,35})['\"]?", + 'Twitter API Secret': r"(?i)twitter_api_secret[:=]\s*['\"]?([a-zA-Z0-9]{35,45})['\"]?", + 'foursquare_api_key_pattern' : r'(?i)FSQ[a-zA-Z0-9]{32}', + + + # Payment Platform Credentials + 'Stripe Secret Key': r"(?i)sk_live_[0-9a-zA-Z]{24}", + #'Stripe Publishable Key': r"(?i)pk_live_[0-9a-zA-Z]{24}", + 'PayPal Client ID': r"(?i)paypal_client_id[:=]\s*['\"]?([a-zA-Z0-9]{16,64})['\"]?", + 'PayPal Secret': r"(?i)paypal_secret[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'shopify_access_token_pattern' : r'shpat_[0-9a-fA-F]{32}', + 'sendgrid_api_key_pattern' : r'SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}', + #'twitch_api_key_pattern' : r'[a-z0-9]{30}', + 'teams_webhook_pattern' : r'https://[a-zA-Z0-9]+\.webhook\.office\.com/webhookb2/[A-Za-z0-9-]+@[A-Za-z0-9-]+/IncomingWebhook/[A-Za-z0-9-]+/[A-Za-z0-9-]+', + 'mailchimp_api_key_pattern' : r'(?i)[a-z0-9]{32}-us[0-9]{1,2}', + + + + # SaaS Service Tokens and Keys + 'SendGrid API Key': r"(?i)sendgrid_api_key[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + 'Slack API Token': r"(?i)xox[baprs]-[0-9a-zA-Z]{10,48}", + 'Slack Webhook URL': r"https?://hooks.slack.com/services/[A-Za-z0-9/_]+", + 'Microsoft Azure SAS': r"(?i)SharedAccessSignature\s*sig=[a-zA-Z0-9%+/]+", + + 'Algolia API Key': r"(?i)algolia_api_key[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'api_key_pattern1' : r"x-algolia-api-key:\s*([a-zA-Z0-9]+)", + 'api_key_pattern2' : r"x-algolia-api-key:\s*([a-zA-Z0-9]{32})", + 'api_key_pattern3' : r"x-algolia-api-key:\s*([a-zA-Z0-9]{32})", + 'app_id_pattern' : r"x-algolia-application-id:\s*([a-zA-Z0-9]+)", + 'app_id_pattern' : r"x-algolia-application-id:\s*([a-zA-Z0-9]{8})", + + 'abtasty_api_key': r'x-api-key:\s*[a-zA-Z0-9]{32}', + 'custom_token': r'"token":"([a-zA-Z0-9_-]{43})"', + 'api_key': r'\?key=([a-zA-Z0-9]{39})', + 'API key': r'[A-Za-z0-9]{32}:[A-Za-z0-9]{32}', + 'API_key': r'API_Key:\s*([a-zA-Z0-9-_]{32})', + 'x_api_key': r'x-api-key:\s*([a-zA-Z0-9]{32})', + 'private_key_id': r'"private_key_id":\s*"([a-zA-Z0-9_-]+)"', + 'private_key': r'"private_key":\s*"([^"]+)"', + 'access_token': r'accounts\?access_token=([a-zA-Z0-9_-]+)', + 'secret_key': r'Secret_Key:\s*([a-zA-Z0-9-_]{32})', + 'access_token': r'access_token=([a-zA-Z0-9]{32,})', + 'api_key': r'api_key=([a-zA-Z0-9]{32})', + 'application_key': r'application_key=([a-zA-Z0-9]{32})', + 'api_token': r'auth_token=([a-zA-Z0-9]{32})', + 'private_token': r'private_token=([a-zA-Z0-9_-]+)', + 'access_key': r'access_key=([a-zA-Z0-9_-]+)', + 'key': r'\?Key=([a-zA-Z0-9_-]+)', + 'client_secret': r'"client_secret":\s?"([a-zA-Z0-9_-]+)"', + 'secret1': r'"secret\s*:\s*"([^"]+)"', + 'consumer_key': r'CONSUMER_KEY\s*:\s*([a-zA-Z0-9_-]+)', + 'consumer_secret': r'CONSUMER_SECRET\s*:\s*([a-zA-Z0-9_-]+)', + 'api_key': r'api_key\s*:\s*\'([a-zA-Z0-9_-]+)\'', + 'key': r'"key"\s*:\s*"([a-zA-Z0-9_-]+)"', + #'base64_encoded': r'\b([A-Za-z0-9+/=]{4})*([A-Za-z0-9+/=]{2,3})\b', + 'mongo_password': r'mongoPassword\s*:\s*"([^"]+)"', + 'authorization_token': r'payload\["Authorization"\]\s*=\s*"token\s([a-f0-9]{40})"', + 'x_api_key': r'\("x-api-key",\s*"([A-Za-z0-9]+)"\)', + 'client_id': r'client_id\s*=\s*([A-Za-z0-9-_]+)', + + + 'twitter_consumer_key': r'TWITTER_CONSUMER_KEY\s*=\s*([a-zA-Z0-9]{35})', + 'twitter_consumer_secret': r'TWITTER_CONSUMER_SECRET\s*=\s*([a-zA-Z0-9]{50})', + 'twitter_access_key': r'TWITTER_ACCESS_KEY\s*=\s*([0-9]{8}-[a-zA-Z0-9]{30})', + 'twitter_access_secret': r'TWITTER_ACCESS_SECRET\s*=\s*([a-zA-Z0-9]{50})', + 'mixpanel_token': r'MIXPANEL_TOKEN\s*=\s*([a-f0-9]{32})', + 'twitter_consumer_key': r'twitter_consumer_key\s*=\s*([a-z0-9]{35})', + 'twitter_consumer_secret': r'twitter_consumer_secret\s*=\s*([a-z0-9]{50})', + 'twitter_access_key': r'twitter_access_key\s*=\s*([0-9]{8}-[a-z0-9]{30})', + 'twitter_access_secret': r'twitter_access_secret\s*=\s*([a-z0-9]{50})', + 'mixpanel_token': r'mixpanel_token\s*=\s*([a-f0-9]{32})', + 'twitter_consumer_key': r'\btwitter_consumer_key\b|\bTWITTER_CONSUMER_KEY\b', + 'twitter_consumer_secret': r'\btwitter_consumer_secret\b|\bTWITTER_CONSUMER_SECRET\b', + 'twitter_access_key': r'\btwitter_access_key\b|\bTWITTER_ACCESS_KEY\b', + 'twitter_access_secret': r'\btwitter_access_secret\b|\bTWITTER_ACCESS_SECRET\b', + 'mixpanel_token': r'\bmixpanel_token\b|\bMIXPANEL_TOKEN\b', + + 'api_secret': r'\b(api_secret|API_SECRET)\b', + 'apidocs': r'\b(apidocs|APIDOCS)\b', + 'apiSecret': r'\b(apiSecret|APISECRET)\b', + 'app_key': r'\b(app_key|APP_KEY)\b', + 'app_secret': r'\b(app_secret|APP_SECRET)\b', + 'appkey': r'\b(appkey|APPKEY)\b', + 'appkeysecret': r'\b(appkeysecret|APPKEYSECRET)\b', + 'application_key': r'\b(application_key|APPLICATION_KEY)\b', + 'appsecret': r'\b(appsecret|APPSECRET)\b', + 'authorizationToken': r'\b(authorizationToken|AUTHORIZATIONTOKEN)\b', + 'bashrc_password': r'\b(bashrc_password|BASHRC_PASSWORD)\b', + 'bucket_password': r'\b(bucket_password|BUCKET_PASSWORD)\b', + 'codecov_token': r'\b(codecov_token|CODECOV_TOKEN)\b', + 'gmail_password': r'\b(gmail_password|GMAIL_PASSWORD)\b', + 'gmail_username': r'\b(gmail_username|GMAIL_USERNAME)\b', + 'herokuapp': r'\b(herokuapp|HEROKUAPP)\b', + 'jekyll_github_token': r'\b(JEKYLL_GITHUB_TOKEN|jekyll_github_token)\b', + 'ldap_password': r'\b(ldap_password|LDAP_PASSWORD)\b', + 'ldap_username': r'\b(ldap_username|LDAP_USERNAME)\b', + 'npmrc_auth': r'\b(npmrc _auth|NPMRC _AUTH)\b', + 'oauth_token': r'\b(oauth_token|OAUTH_TOKEN)\b', + 'slack_api': r'\b(slack_api|SLACK_API)\b', + 'slack_token': r'\b(slack_token|SLACK_TOKEN)\b', + 'sql_password': r'\b(sql_password|SQL_PASSWORD)\b', + 'ssh': r'\b(ssh|SSH)\b', + 'ssh2_auth_password': r'\b(ssh2_auth_password|SSH2_AUTH_PASSWORD)\b', + 'xoxb': r'\b(xoxb|XOXB)\b', + 'xoxp': r'\b(xoxp|XOXP)\b', + 'aws_secret_key': r'\b(aws_secret_key|AWS_SECRET_KEY)\b', + 'bucket_name': r'\b(bucket_name|BUCKET_NAME)\b', + 's3_access_key_id': r'\b(S3_ACCESS_KEY_ID|s3_access_key_id)\b', + 's3_bucket': r'\b(S3_BUCKET|s3_bucket)\b', + 's3_endpoint': r'\b(S3_ENDPOINT|s3_endpoint)\b', + 's3_secret_access_key': r'\b(S3_SECRET_ACCESS_KEY|s3_secret_access_key)\b', + 'wordpress_db_password': r'\b(WORDPRESS_DB_PASSWORD|wordpress_db_password)\b', + 'redis_password': r'\b(redis_password|REDIS_PASSWORD)\b', + 'root_password': r'\b(root_password|ROOT_PASSWORD)\b', + 'homebrew_github_api_token': r'\b(HOMEBREW_GITHUB_API_TOKEN|homebrew_github_api_token)\b', + 'huggingface_token': r'login\("your_huggingface_token_here"\)', + 'api_access_token': r'api\.set_access_token\("your_api_key_here"\)', + 'hf_api_token_env': r'os\.environ\["HF_API_TOKEN"\]\s*=\s*"your_api_key_here"', + 'hf_api_token_assignment': r'HF_API_TOKEN\s*=\s*"your_api_key_here"', + 'hf_api_token_assignment_no_quotes': r'HF_API_TOKEN\s*=\s*your_api_key_here', + 'hf_api_token_getenv': r'token\s*=\s*os\.getenv\("HF_API_TOKEN"\)', + 'use_auth_token': r'use_auth_token\s*=\s*"your_api_key_here"', + + + 'ipstack_api_key': r'\/[a-zA-Z0-9._%+-]+?\?access_key=([a-zA-Z0-9]{32})', + 'appcenter_api_token': r'X-Api-Token:\s*([a-zA-Z0-9-_]{40})', + 'facebook_access_token': r'access_token=([a-zA-Z0-9%_]{100,})', + 'hubspot_api_key': r'hapikey=([a-zA-Z0-9]{32})', + 'infura_api_key': r'infura\.io/v[0-9]+/([a-fA-F0-9]{32})', + 'npm_token': r'NPM_TOKEN="([a-f0-9-]{36})"', + 'youtube_api_key': r'https:\/\/www\.googleapis\.com\/youtube\/v3\/[^\s?&]+(?:\?[^&]+)?&key=AIza[A-Za-z0-9_-]{33}', + 'linkedin_oauth_url': r'https:\/\/www\.linkedin\.com\/oauth\/v2\/accessToken\?code=([a-zA-Z0-9_-]+)&redirect_uri=([^&]+)&client_id=([^&]+)&client_secret=([^&]+)', + 'shodan_api_key': r'https:\/\/api\.shodan\.io\/shodan\/host\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\?key=([a-zA-Z0-9]{32})', + 'bazaarvoice_passkey': r'\?conversationspasskey=([a-zA-Z0-9]{32})', + 'weblate_secret_key': r'"WEBLATE_SECRET_KEY",\s?"([a-zA-Z0-9!#%&=+_-]{50,})"', + 'access_key_secret': r'access-key-secret\s*=\s*<([a-zA-Z0-9_-]+)>', + 'access_key_id': r'access-key-id\s*=\s*<([a-zA-Z0-9_-]+)>', + 'password': r'password\s*[:=]?\s*([A-Za-z0-9!@#$%^&*(),.?":{}|<>_\-+=~;`/\\[\]<>]*?)', + 'token': r'"token"\s*:\s*"([A-Za-z0-9-_]+)"', + 'password': r'"password"\s*:\s*["\']?([^\s]+)["\']?', + 'pwd': r'"pwd"\s*:\s*["\']?([^\s]+)["\']?', + 'pword': r'"pword"\s*:\s*["\']?([^\s]+)["\']?', + 'mail_host': r'MAIL_HOST\s*=\s*["\']?([^\s]+)["\']?', + 'mail_username': r'MAIL_USERNAME\s*=\s*["\']?([^\s]+)["\']?', + 'mail_password': r'MAIL_PASSWORD\s*=\s*["\']?([^\s]+)["\']?', + + 'pusher_app_id': r'PUSHER_APP_ID\s*=\s*["\']?([^\s]+)["\']?', + 'pusher_app_key': r'PUSHER_APP_KEY\s*=\s*["\']?([^\s]+)["\']?', + 'pusher_app_secret': r'PUSHER_APP_SECRET\s*=\s*["\']?([^\s]+)["\']?', + + 'mix_pusher_app_key': r'MIX_PUSHER_APP_KEY\s*=\s*["\']?([^\s]+)["\']?', + + + 'database_host': r'"DATABASE_HOST"\s*:\s*"([A-Za-z0-9.-]+)"', + 'database_user': r'"DATABASE_USER"\s*:\s*"([A-Za-z0-9_]+)"', + 'database_password': r'"DATABASE_PASSWORD"\s*:\s*"([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)"', + 'database_name': r'"DATABASE_NAME"\s*:\s*"([A-Za-z0-9_]+)"', + 'database_host': r'"DB_HOST"\s*:\s*"([A-Za-z0-9.-]+)"', + 'database_user': r'"DB_USER"\s*:\s*"([A-Za-z0-9_]+)"', + 'database_password': r'"DB_PASSWORD"\s*:\s*"([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)"', + 'database_name': r'"DB_NAME"\s*:\s*"([A-Za-z0-9_]+)"', + 'mysql_db_port': r'DATABASE_PORT\s*=\s*(\d{4,5})', + 'mysql_db_port': r'DB_PORT\s*=\s*(\d{4,5})', + 'mysql_connection_string': r'mysql://([a-zA-Z0-9_-]+):([a-zA-Z0-9!@#$%^&*()_+={}:;,.?<>~-]+)@([a-zA-Z0-9.-]+):(\d{4,5})/([a-zA-Z0-9_-]+)', + 'mysql_access_key': r'mysql_access_key\s*=\s*["\']?([a-zA-Z0-9_-]+)["\']?', + 'mysql_secret_key': r'mysql_secret_key\s*=\s*["\']?([a-zA-Z0-9!@#$%^&*()_+={}:;,.?<>~-]+)["\']?', + + + 'oauth_token': r'"OAUTH_TOKEN"\s*:\s*"([A-Za-z0-9-_]{30,100})"', + 'username': r'"username"\s*:\s*"([A-Za-z0-9_]+)"', + 'api_secret': r"api_secret\s*=\s*'([A-Za-z0-9_!@#$%^&*()\-+=<>]+)'", + 'owner_id': r'"owner_id"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'repo_access_token': r'"repo_access_token"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'project_access_token': r'"project_access_token"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'workspace_access_token': r'"workspace_access_token"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'bitbucket_repo_access': r'bitbucket\.com/credential/[a-zA-Z0-9_\.\-]*', + 'bitbucket_project': r'bitbucket\.com/project/\{[a-f0-9\-]{36}\}', + 'bitbucket_workspace': r'bitbucket\.com/workspace/\{[a-f0-9\-]{36}\}', + + + 'email': r'\s*([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,})\s*', + 'password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'api_key': r'\s*([A-Za-z0-9-_]{32,64})\s*', + 'access_token': r'\s*([A-Za-z0-9-_]{40})\s*', + 'secret_key': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'ssh_key': r'\s*([A-Za-z0-9+/=]{100,})\s*', + 'api_secret': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'oauth_token': r'\s*([A-Za-z0-9-_]{30,100})\s*', + 'db_password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'jwt_token': r'\s*([A-Za-z0-9-_]{30,500})\s*', + 'private_key': r'\s*([A-Za-z0-9+/=]{200,})\s*', + 'public_key': r'\s*([A-Za-z0-9+/=]{200,})\s*', + 'credit_card': r'\s*(\d{16})\s*', + 'ssn': r'\s*(\d{3}-\d{2}-\d{4})\s*', + 'phone_number': r'\s*(\+?\d{1,2}[-.\s]?\(?\d{1,4}\)?[-.\s]?\d{1,4}[-.\s]?\d{1,4})\s*', + 'bank_account_number': r'\s*(\d{9,18})\s*', + 'card_number': r'\s*(\d{13,19})\s*', + 'license_key': r'\s*([A-Za-z0-9-]+)\s*', + 'user_token': r'\s*([A-Za-z0-9-_]{20,50})\s*', + 'session_id': r'\s*([A-Za-z0-9]{16,64})\s*', + 'api_url': r'\s*(https?://[A-Za-z0-9.-]+(?:\.[A-Za-z]{2,6})?[^"\s]*)\s*', + 'email_address': r'\s*([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,})\s*', + 'security_code': r'\s*(\d{3,4})\s*', + 'auth_token': r'\s*([A-Za-z0-9-_]{40,})\s*', + 'customer_id': r'\s*([A-Za-z0-9]{8,32})\s*', + 'credit_card_expiry': r'\s*(\d{2}/\d{2})\s*', + 'auth_code': r'\s*([A-Za-z0-9]{6,10})\s*', + 'otp_code': r'\s*(\d{6})\s*', + 'email_password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'user_secret': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'private_key_data': r'\s*([A-Za-z0-9+/=]{100,})\s*', + 'public_key_data': r'\s*([A-Za-z0-9+/=]{100,})\s*', + 'server_password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'login_token': r'\s*([A-Za-z0-9-_]{30,100})\s*', + 'api_auth_key': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'database_url': r'\s*(https?://[A-Za-z0-9.-]+(?:\.[A-Za-z]{2,6})?[^"\s]*)\s*', + 'firebase_key': r'\s*([A-Za-z0-9-_]{40,})\s*', + 'paypal_client_secret': r'\s*([A-Za-z0-9-_]{40,})\s*', + 'google_client_id': r'\s*([A-Za-z0-9-.]{25,})\s*', + 'google_client_secret': r'\s*([A-Za-z0-9-_]{30,})\s*', + 'stripe_api_key': r'\s*([A-Za-z0-9]{24,45})\s*', + 'aws_access_key': r'\s*([A-Za-z0-9]{20})\s*', + 'aws_secret_key': r'\s*([A-Za-z0-9+/=]{40})\s*', + 'discord_token': r'\s*([A-Za-z0-9-_]{24,36})\s*', + 'linkedin_api_key': r'\s*([A-Za-z0-9-_]{30,50})\s*', + 'zoom_api_key': r'\s*([A-Za-z0-9]{32})\s*', + 'paypal_api_key': r'\s*([A-Za-z0-9]{24,45})\s*', + 'azure_subscription_key': r'\s*([A-Za-z0-9]{32})\s*', + 'gitlab_token': r'\s*([A-Za-z0-9]{20,40})\s*', + 'salesforce_api_key': r'\s*([A-Za-z0-9]{32})\s*', + 'telegram_bot_token': r'\s*([A-Za-z0-9]{45})\s*', + 'bitcoin_private_key': r'\s*([A-Za-z0-9]{51})\s*', + 'bitbucket_api_key': r'\s*([A-Za-z0-9-_]{36})\s*', + 'webhook_secret': r'\s*([A-Za-z0-9]{32})\s*', + 'vpn_key': r'\s*([A-Za-z0-9-_]{64})\s*', + 'github_personal_access_token': r'\s*([A-Za-z0-9]{40})\s*', + + + 'asana_access_token': r'Authorization:\s*Bearer\s+([a-zA-Z0-9-_]{32,64})', + 'applicationinsights_api_key': r'x-api-key:\s*([a-zA-Z0-9-_]{32})', + 'bazaarvoice_passkey': r'conversationspasskey=([a-zA-Z0-9]{32})', + 'bitly_access_token': r'access_token=([a-zA-Z0-9]{32})', + 'branch_io_key': r'v1/app/([a-zA-Z0-9]{16})\?branch_secret=', + 'branch_io_secret': r'branch_secret=([a-zA-Z0-9]{32})', + 'buildkite_access_token': r'https://api\.buildkite\.com/v2/access-token', + 'contentful_space_id': r'https://cdn\.contentful\.com/spaces/([a-zA-Z0-9]{36})/entries', + 'contentful_access_token': r'access_token=([a-zA-Z0-9]{32,64})', + 'circleci_api_token': r'circle-token=([a-zA-Z0-9]{32})', + 'cypress_record_key': r'"recordKey":"([a-zA-Z0-9]{32})"', + 'cypress_project_id': r'"projectId":"([a-zA-Z0-9]{32})"', + 'flowdock_api_token': r'"flowdock_api_token"\s*:\s*"([a-f0-9]{32})"', + 'ethereum_private_key': r'ETHEREUM_PRIVATE_KEY\s*[:=]?\s*([a-f0-9]{64})', + + + 'MailChimp API Key': r"(?i)[0-9a-f]{32}-us[0-9]{1,2}", + 'DataDog API Key': r"(?i)datadog_api_key[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'Heroku API Key': r"(?i)heroku_api_key[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'Dropbox API Key': r"(?i)dropbox_api_key[:=]\s*['\"]?([a-zA-Z0-9]{15})['\"]?", + 'discord_bot_token_pattern' : r'[A-Za-z]{24}\.[A-Za-z]{6}\.[A-Za-z0-9_-]{27}', + 'dropbox_access_token_pattern' : r'sl\.[a-zA-Z0-9_-]{15,}', + + + 'CircleCI Token': r"(?i)circleci_token[:=]\s*['\"]?([a-zA-Z0-9]{20,40})['\"]?", + 'Travis CI Token': r"(?i)travis_token[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + 'GitLab Personal Access Token': r"(?i)glpat-[a-zA-Z0-9-_]{20,40}", + + + 'rsa_private_key' : r'-----BEGIN RSA PRIVATE KEY-----', + 'ssh_dsa_private_key' : r'-----BEGIN DSA PRIVATE KEY-----', + 'ssh_dc_private_key' : r'-----BEGIN EC PRIVATE KEY-----', + 'pgp_private_block' : r'-----BEGIN PGP PRIVATE KEY BLOCK-----', + 'Diffie-Hellman Parameters': r'-----BEGIN DH PARAMETERS-----', + 'PEM Certificate': r'-----BEGIN CERTIFICATE-----', + + #'json_web_token' : r'ey[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$', + 'slack_token' : r"\"api_token\":\"(xox[a-zA-Z]-[a-zA-Z0-9-]+)\"", + 'slack_webhook_pattern' : r'https://hooks.slack.com/services/[A-Za-z0-9]+/[A-Za-z0-9]+/[A-Za-z0-9]+', + 'slack_webhook_url': r'https:\/\/hooks\.slack\.com\/services\/([A-Z0-9]+\/[A-Z0-9]+\/[A-Z0-9]+)', + 'SSH_privKey' : r"([-]+BEGIN [^\s]+ PRIVATE KEY[-]+[\s]*[^-]*[-]+END [^\s]+ PRIVATE KEY[-]+)", + + #'Heroku API KEY' : r'\b(?:(?:heroku_)?[0-9a-fA-F]{32}|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\b', + #'Heroku API KEY' : r'(?i)^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$', + #'heroku_api_key_pattern' : r'(?i)heroku_[0-9a-fA-F]{32}', + + #'possible_Creds' : r"(?i)(" \ + # r"password\s*[`=:\"]+\s*[^\s]+|" \ + # r"password is\s*[`=:\"]*\s*[^\s]+|" \ + # r"pwd\s*[`=:\"]*\s*[^\s]+|" \ + # r"passwd\s*[`=:\"]+\s*[^\s]+)", + #'password_pattern' : r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$', + + # encryption + #'Base64': r'^[A-Za-z0-9+/]+={0,2}$', + + # Variations of "key" in the context of secret keys or tokens + 'URL API Key': r"https?://[^\s]+[?&](api[-_]?key|key|token|access[-_]?token)=\"[^\"]+\"", + # Passwords or other sensitive information in environment variables + 'Env_Var_Creds': r"(?i)(env\.(password|passwd|pwd|key|secret)\s*[:=]\s*[^\s]+)", + # Email + Password combinations (often seen in user data dumps) + # 'Email': r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}(?=\s|$)', + 'Email_Password': r"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}:[^\s]+", + + # Custom patterns: e.g., secret keys + #'Custom_Secret': r"(?i)(secret[-_]?(key)?|access[-_]?(key)?|secret\s*[:=]\s*[^\s]+)", + # Common password patterns + + #'API_Key': r'(?i)(api_key|apikey|key|token|auth_token|access_token)[\s:=\'"]+\w{16,64}', + 'Bearer_Token': r'\bBearer\s+[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\b', + + # Common password hints or formats + 'Username_Password': r'\b(username|user|uname|login)[\s:=\'"]+[^\s]+[\s,;]+(pass|password|pwd|passwd)[\s:=\'"]+[^\s]+\b', + + # JWT Pattern (Common in CTFs for encoded data or tokens) + 'JWT': r'eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+', + + # cradit card + 'Credit Card': r'^(?:4[0-9]{12}(?:[0-9]{3})?)$', + + + 'phone_number' : r'^\+\d{1,3}\s?\d{4,14}$', # Matches international and US formats + #'ipv4_address' : r'\b(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\b', # Matches IPv4 addresses + 'http_true_client_ip' : r'http_true_client_ip:\s*(\b(?:\d{1,3}\.){3}\d{1,3}\b)', # Custom header pattern for True-Client-IP + 'http_x_arr_log_id' : r'http_x_arr_log_id:\s*[a-zA-Z0-9-]+', # Custom header pattern for X-ARR-LOG-ID + + + 'sha512_pattern' : r'\b[a-fA-F0-9]{128}\b', + 'sha512_base64_pattern' : r'\b[A-Za-z0-9+/]{86}==\b', + 'sha512_hex_pattern' : r'\b[a-fA-F0-9]{128}\b', + 'sha512_combined_pattern' : r'\b([a-fA-F0-9]{128}|[A-Za-z0-9+/]{86}==)\b', + + + #'Hex_16': r'\b[0-9a-fA-F]{16}\b', + #'Hex_24': r'\b[0-9a-fA-F]{24}\b', + #'Hex_32': r'\b[0-9a-fA-F]{32}\b', + #'Hex_40': r'\b[0-9a-fA-F]{40}\b', + #'Hex_Encoded': r'\b[0-9a-fA-F]{32,}\b', + #'Simple_Passphrase': r'\b(pass|password|pwd|passwd)[\s:=\'"]*\w+\b', + #'sensitive_terms_pattern' : r"(?i)\b(api|access|auth|client|secret|key)[-_ ]?(token|id|key|secret|code)?\b", + #'Hex_Encoded': r'\b[0-9a-fA-F]{32,}\b', + #'API_Key': r"(?i)(api[-_]?key\s*[:=]\s*[^\s]+)", + + #'MD5': r'\b[a-fA-F0-9]{32}\b', + #'Bcrypt': r'\$2[aby]?\$\d{2}\$[./A-Za-z0-9]{53}', + #'SHA-1': r'\b[a-fA-F0-9]{40}\b', + #'Bcrypt': r'\$2[aby]?\$\d{2}\$[./A-Za-z0-9]{53}', +} + +def clone_and_scan_repo(repo_url): + findings = [] # List to hold findings + # Create a temporary directory to clone the repository + with tempfile.TemporaryDirectory() as temp_dir: + try: + # Clone the repository + git.Repo.clone_from(repo_url, temp_dir) + print(f"Repository cloned to {temp_dir}") + + # Walk through the files in the cloned repository + for root, dirs, files in os.walk(temp_dir): + for file in files: + file_path = os.path.join(root, file) + + # Only scan text-based files (skip binary files) + try: + with open(file_path, 'r', encoding='utf-8') as f: + lines = f.readlines() + + # Scan each line with regex patterns + for line_num, line in enumerate(lines, start=1): + for pattern_name, pattern in patterns.items(): + if re.search(pattern, line): + findings.append({ + 'pattern_name': pattern_name, + 'file_path': file_path, + 'line_num': line_num, + 'content': line.strip(), + }) + except (UnicodeDecodeError, IOError): + # Skip files that can't be read as text + continue + except git.exc.GitError as e: + print(f"Failed to clone repository: {e}") + + return findings diff --git a/myapp/glsearch.py b/myapp/glsearch.py new file mode 100644 index 0000000..0ab779c --- /dev/null +++ b/myapp/glsearch.py @@ -0,0 +1,10 @@ +from googlesearch import search + +def find_google_link(site_qry): + site = str(site_qry) + google_link=[] + query = f"{site}" + for j in search(query, tld="co.in", num=10, stop=10, pause=2): + google_link.append(j) + + return google_link \ No newline at end of file diff --git a/myapp/linkscraping.py b/myapp/linkscraping.py new file mode 100644 index 0000000..a71e63b --- /dev/null +++ b/myapp/linkscraping.py @@ -0,0 +1,68 @@ +# linkscraping.py +import requests +from bs4 import BeautifulSoup +import re +from urllib.parse import urljoin +from concurrent.futures import ThreadPoolExecutor + +# Define file extensions to look for +file_extensions = [ + '.js', '.php', '.bak', '.config', '.html', '.json', '.xml', '.txt', '.env', '.config', '.yml', + '.yaml', '.ini', '.log', '.backup', '.sql', '.inc', '.key', '.crt', '.pem', '.cert', '.csr', + '.pfx', '.p12', '.ovpn', '.db', '.sqlite', '.sqlite3', '.md', '.pwd', '.passwd', '.htpasswd', + '.htaccess', '.bash_history', '.ssh', '.ssh_config', '.pub', '.ppk', '.rdp', '.cfg', '.dat', + '.old', '.properties', '.xls', '.xlsx', '.doc', '.docx', '.ppt', '.pptx', '.pdf', '.rdlc', + '.pswd', '.jsp', '.aspx', '.asp', '.cfm', '.pl', '.cgi' , '.css' +] + +# Regex pattern to detect URLs with specified extensions +file_pattern = re.compile(r'(\.(js|php|html|sql|xml|json|txt|config|yml|yaml|ini|bak|backup|log|sql|inc|key|crt|pem|csr|pfx|db|sqlite|sqlite3|md|pwd|passwd|cfg|dat|xls|xlsx|doc|ppt|pdf|jsp|aspx|asp|cfm|pl|cgi)(\?.*)?)$') + +def get_links(url): + """Fetch all internal and resource links from the URL.""" + try: + response = requests.get(url, timeout=5) + if response.status_code != 200: + return [], [] + + soup = BeautifulSoup(response.text, 'html.parser') + links, resources = [], [] + + for tag in soup.find_all(['a', 'link', 'script', 'img']): + href = tag.get('href') or tag.get('src') + if href: + full_url = urljoin(url, href) + if full_url.startswith(('http', 'https')): + if re.search(file_pattern, full_url): + resources.append(full_url) + else: + links.append(full_url) + + return list(set(links)), list(set(resources)) + + except Exception as e: + print(f"Error fetching {url}: {e}") + return [], [] + +def recursive_crawl(url, visited, resources_found): + """Recursively crawl and collect resources.""" + if url in visited: + return + visited.add(url) + + links, resources = get_links(url) + resources_found.extend(resources) + + with ThreadPoolExecutor(max_workers=5) as executor: + futures = [executor.submit(recursive_crawl, link, visited, resources_found) for link in links] + for future in futures: + future.result() + +def scan_multiple_urls(urls): + """Scan multiple URLs and return all found resources.""" + all_resources = {} + for url in urls: + resources_found = [] + recursive_crawl(url, set(), resources_found) + all_resources[url] = resources_found if resources_found else ["No resources found."] + return all_resources diff --git a/myapp/linkscrapping.py b/myapp/linkscrapping.py new file mode 100644 index 0000000..40b4cd6 --- /dev/null +++ b/myapp/linkscrapping.py @@ -0,0 +1,47 @@ +import requests +from bs4 import BeautifulSoup +from urllib.parse import urljoin +from .models import Linkscrap # Import the modified Django model + +headers = { + 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36' +} + +file_extensions = ['.js', '.php', '.bak', '.config', '.html', '.json', '.xml', '.txt', '.env', '.config', '.yml', + '.yaml', '.ini', '.log', '.backup', '.sql', '.inc', '.key', '.crt', '.pem', '.cert', '.csr', + '.pfx', '.p12', '.ovpn', '.db', '.sqlite', '.sqlite3', '.md', '.pwd', '.passwd', '.htpasswd', + '.htaccess', '.bash_history', '.ssh', '.ssh_config', '.pub', '.ppk', '.rdp', '.cfg', '.dat', + '.old', '.properties', '.xls', '.xlsx', '.doc', '.docx', '.ppt', '.pptx', '.pdf', '.rdlc', + '.pswd', '.jsp', '.aspx', '.asp', '.cfm', '.pl', '.cgi'] + +def is_valid(url): + return url.startswith('http') or url.startswith('https') + +def find_all_links(base_url, visited, depth): + urls = [] # Array to store unique URLs + + if depth == 0: + return [] + + try: + response = requests.get(base_url, headers=headers, timeout=5) + if response.status_code == 200: + soup = BeautifulSoup(response.content, 'html.parser') + + for tag in soup.find_all(['a', 'link', 'script', 'img']): + link = tag.get('href') or tag.get('src') + + if link: + full_link = urljoin(base_url, link) + if is_valid(full_link) and full_link not in visited: + visited.add(full_link) + if any(full_link.endswith(ext) for ext in file_extensions): + urls.append(full_link) + Linkscrap.objects.get_or_create(link=full_link) + + urls.extend(find_all_links(full_link, visited, depth - 1)) + + except requests.RequestException: + pass + + return urls diff --git a/myapp/migrations/0001_initial.py b/myapp/migrations/0001_initial.py new file mode 100644 index 0000000..7b8592e --- /dev/null +++ b/myapp/migrations/0001_initial.py @@ -0,0 +1,78 @@ +# Generated by Django 4.2.16 on 2024-10-23 06:08 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + initial = True + + dependencies = [ + ] + + operations = [ + migrations.CreateModel( + name='Dirlist', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('main_url', models.URLField()), + ('directory', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='Findbase64', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('base64_url', models.URLField()), + ('encoded_base64', models.CharField(max_length=255)), + ('decoded_base64', models.CharField(max_length=255)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='Gitleak', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('git_url', models.URLField()), + ('leak_result', models.CharField(max_length=500)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='GoogleLink', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('query', models.CharField(max_length=255)), + ('link', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='Secretfinder', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('secret_url', models.URLField()), + ('secret_result', models.CharField(max_length=500)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='Subdomain', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain_name', models.CharField(max_length=255)), + ('subdomains', models.CharField(max_length=255)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='Webscrap', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('parent_urls', models.URLField()), + ('scrap_link', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0002_domainresult_decodedresult.py b/myapp/migrations/0002_domainresult_decodedresult.py new file mode 100644 index 0000000..c8500d4 --- /dev/null +++ b/myapp/migrations/0002_domainresult_decodedresult.py @@ -0,0 +1,31 @@ +# Generated by Django 4.2.16 on 2024-10-23 10:27 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0001_initial'), + ] + + operations = [ + migrations.CreateModel( + name='DomainResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain', models.CharField(max_length=255)), + ('timestamp', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='DecodedResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('encoded_str', models.TextField()), + ('decoded_str', models.TextField()), + ('domain_result', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='myapp.domainresult')), + ], + ), + ] diff --git a/myapp/migrations/0003_alter_decodedresult_domain_result.py b/myapp/migrations/0003_alter_decodedresult_domain_result.py new file mode 100644 index 0000000..eddff26 --- /dev/null +++ b/myapp/migrations/0003_alter_decodedresult_domain_result.py @@ -0,0 +1,19 @@ +# Generated by Django 4.2.16 on 2024-10-23 12:34 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0002_domainresult_decodedresult'), + ] + + operations = [ + migrations.AlterField( + model_name='decodedresult', + name='domain_result', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='decoded_results', to='myapp.domainresult'), + ), + ] diff --git a/myapp/migrations/0004_domainresult1_alter_decodedresult_domain_result_and_more.py b/myapp/migrations/0004_domainresult1_alter_decodedresult_domain_result_and_more.py new file mode 100644 index 0000000..fad977d --- /dev/null +++ b/myapp/migrations/0004_domainresult1_alter_decodedresult_domain_result_and_more.py @@ -0,0 +1,36 @@ +# Generated by Django 4.2.16 on 2024-10-23 12:35 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0003_alter_decodedresult_domain_result'), + ] + + operations = [ + migrations.CreateModel( + name='DomainResult1', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain', models.CharField(max_length=255)), + ('timestamp', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.AlterField( + model_name='decodedresult', + name='domain_result', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='myapp.domainresult'), + ), + migrations.CreateModel( + name='DecodedResult1', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('encoded_str', models.TextField()), + ('decoded_str', models.TextField()), + ('domain_result', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='decoded_results', to='myapp.domainresult')), + ], + ), + ] diff --git a/myapp/migrations/0005_scanresult.py b/myapp/migrations/0005_scanresult.py new file mode 100644 index 0000000..3451071 --- /dev/null +++ b/myapp/migrations/0005_scanresult.py @@ -0,0 +1,23 @@ +# Generated by Django 4.2.16 on 2024-10-23 15:20 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0004_domainresult1_alter_decodedresult_domain_result_and_more'), + ] + + operations = [ + migrations.CreateModel( + name='ScanResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField()), + ('encoded_value', models.TextField()), + ('decoded_value', models.TextField()), + ('timestamp', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0006_delete_scanresult.py b/myapp/migrations/0006_delete_scanresult.py new file mode 100644 index 0000000..98f3c1a --- /dev/null +++ b/myapp/migrations/0006_delete_scanresult.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-23 16:26 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0005_scanresult'), + ] + + operations = [ + migrations.DeleteModel( + name='ScanResult', + ), + ] diff --git a/myapp/migrations/0007_remove_decodedresult_domain_result_and_more.py b/myapp/migrations/0007_remove_decodedresult_domain_result_and_more.py new file mode 100644 index 0000000..0c87bea --- /dev/null +++ b/myapp/migrations/0007_remove_decodedresult_domain_result_and_more.py @@ -0,0 +1,48 @@ +# Generated by Django 4.2.16 on 2024-10-23 16:28 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0006_delete_scanresult'), + ] + + operations = [ + migrations.RemoveField( + model_name='decodedresult', + name='domain_result', + ), + migrations.RemoveField( + model_name='decodedresult1', + name='domain_result', + ), + migrations.DeleteModel( + name='Dirlist', + ), + migrations.DeleteModel( + name='DomainResult1', + ), + migrations.DeleteModel( + name='Findbase64', + ), + migrations.DeleteModel( + name='Gitleak', + ), + migrations.DeleteModel( + name='Secretfinder', + ), + migrations.DeleteModel( + name='Webscrap', + ), + migrations.DeleteModel( + name='DecodedResult', + ), + migrations.DeleteModel( + name='DecodedResult1', + ), + migrations.DeleteModel( + name='DomainResult', + ), + ] diff --git a/myapp/migrations/0008_scrapedlink.py b/myapp/migrations/0008_scrapedlink.py new file mode 100644 index 0000000..7406b13 --- /dev/null +++ b/myapp/migrations/0008_scrapedlink.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-24 06:39 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0007_remove_decodedresult_domain_result_and_more'), + ] + + operations = [ + migrations.CreateModel( + name='ScrapedLink', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain', models.CharField(max_length=255)), + ('link', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0009_scrapedlink11.py b/myapp/migrations/0009_scrapedlink11.py new file mode 100644 index 0000000..fe82b2d --- /dev/null +++ b/myapp/migrations/0009_scrapedlink11.py @@ -0,0 +1,21 @@ +# Generated by Django 4.2.16 on 2024-10-24 06:58 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0008_scrapedlink'), + ] + + operations = [ + migrations.CreateModel( + name='ScrapedLink11', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('link', models.URLField(unique=True)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0010_delete_scrapedlink.py b/myapp/migrations/0010_delete_scrapedlink.py new file mode 100644 index 0000000..a3c5b9b --- /dev/null +++ b/myapp/migrations/0010_delete_scrapedlink.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-24 07:11 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0009_scrapedlink11'), + ] + + operations = [ + migrations.DeleteModel( + name='ScrapedLink', + ), + ] diff --git a/myapp/migrations/0011_directoryenumresult.py b/myapp/migrations/0011_directoryenumresult.py new file mode 100644 index 0000000..9960754 --- /dev/null +++ b/myapp/migrations/0011_directoryenumresult.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-24 13:13 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0010_delete_scrapedlink'), + ] + + operations = [ + migrations.CreateModel( + name='DirectoryEnumResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain', models.CharField(max_length=255)), + ('link', models.CharField(max_length=500)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0012_directoryenumeration.py b/myapp/migrations/0012_directoryenumeration.py new file mode 100644 index 0000000..03dfcdd --- /dev/null +++ b/myapp/migrations/0012_directoryenumeration.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-24 13:52 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0011_directoryenumresult'), + ] + + operations = [ + migrations.CreateModel( + name='DirectoryEnumeration', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain', models.CharField(max_length=255)), + ('directory', models.URLField(max_length=500)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0013_gitleak.py b/myapp/migrations/0013_gitleak.py new file mode 100644 index 0000000..e260829 --- /dev/null +++ b/myapp/migrations/0013_gitleak.py @@ -0,0 +1,23 @@ +# Generated by Django 4.2.16 on 2024-10-24 15:57 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0012_directoryenumeration'), + ] + + operations = [ + migrations.CreateModel( + name='GitLeak', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('repo_url', models.URLField()), + ('leak_type', models.CharField(max_length=255)), + ('leak_value', models.TextField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0014_delete_gitleak.py b/myapp/migrations/0014_delete_gitleak.py new file mode 100644 index 0000000..b3e038e --- /dev/null +++ b/myapp/migrations/0014_delete_gitleak.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-24 16:17 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0013_gitleak'), + ] + + operations = [ + migrations.DeleteModel( + name='GitLeak', + ), + ] diff --git a/myapp/migrations/0015_githubscan_secretscan.py b/myapp/migrations/0015_githubscan_secretscan.py new file mode 100644 index 0000000..dfbbd88 --- /dev/null +++ b/myapp/migrations/0015_githubscan_secretscan.py @@ -0,0 +1,32 @@ +# Generated by Django 4.2.16 on 2024-10-25 05:45 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0014_delete_gitleak'), + ] + + operations = [ + migrations.CreateModel( + name='GitHubScan', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('repository_url', models.URLField(max_length=255)), + ('scan_results', models.JSONField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.CreateModel( + name='SecretScan', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField(max_length=500)), + ('secret_type', models.CharField(max_length=100)), + ('secret_value', models.TextField()), + ('scanned_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0016_scrapedlink_delete_directoryenumresult_and_more.py b/myapp/migrations/0016_scrapedlink_delete_directoryenumresult_and_more.py new file mode 100644 index 0000000..cc39172 --- /dev/null +++ b/myapp/migrations/0016_scrapedlink_delete_directoryenumresult_and_more.py @@ -0,0 +1,28 @@ +# Generated by Django 4.2.16 on 2024-10-25 11:18 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0015_githubscan_secretscan'), + ] + + operations = [ + migrations.CreateModel( + name='ScrapedLink', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('base_url', models.URLField()), + ('directory', models.URLField(unique=True)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.DeleteModel( + name='DirectoryEnumResult', + ), + migrations.DeleteModel( + name='ScrapedLink11', + ), + ] diff --git a/myapp/migrations/0017_rename_base_url_scrapedlink_link_and_more.py b/myapp/migrations/0017_rename_base_url_scrapedlink_link_and_more.py new file mode 100644 index 0000000..a0f7b22 --- /dev/null +++ b/myapp/migrations/0017_rename_base_url_scrapedlink_link_and_more.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-25 18:07 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0016_scrapedlink_delete_directoryenumresult_and_more'), + ] + + operations = [ + migrations.RenameField( + model_name='scrapedlink', + old_name='base_url', + new_name='link', + ), + migrations.RemoveField( + model_name='scrapedlink', + name='directory', + ), + ] diff --git a/myapp/migrations/0018_delete_scrapedlink.py b/myapp/migrations/0018_delete_scrapedlink.py new file mode 100644 index 0000000..6df7b37 --- /dev/null +++ b/myapp/migrations/0018_delete_scrapedlink.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-25 18:26 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0017_rename_base_url_scrapedlink_link_and_more'), + ] + + operations = [ + migrations.DeleteModel( + name='ScrapedLink', + ), + ] diff --git a/myapp/migrations/0019_scraplink.py b/myapp/migrations/0019_scraplink.py new file mode 100644 index 0000000..621bdfb --- /dev/null +++ b/myapp/migrations/0019_scraplink.py @@ -0,0 +1,21 @@ +# Generated by Django 4.2.16 on 2024-10-25 18:30 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0018_delete_scrapedlink'), + ] + + operations = [ + migrations.CreateModel( + name='Scraplink', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('link', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0020_rename_scraplink_linkscrap.py b/myapp/migrations/0020_rename_scraplink_linkscrap.py new file mode 100644 index 0000000..35b73c6 --- /dev/null +++ b/myapp/migrations/0020_rename_scraplink_linkscrap.py @@ -0,0 +1,17 @@ +# Generated by Django 4.2.16 on 2024-10-26 03:43 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0019_scraplink'), + ] + + operations = [ + migrations.RenameModel( + old_name='Scraplink', + new_name='Linkscrap', + ), + ] diff --git a/myapp/migrations/0021_hashresult.py b/myapp/migrations/0021_hashresult.py new file mode 100644 index 0000000..5eb7bb9 --- /dev/null +++ b/myapp/migrations/0021_hashresult.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-26 05:24 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0020_rename_scraplink_linkscrap'), + ] + + operations = [ + migrations.CreateModel( + name='HashResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField()), + ('encrypted_value', models.TextField()), + ('encryption_type', models.CharField(max_length=50)), + ], + ), + ] diff --git a/myapp/migrations/0022_sitemapurl.py b/myapp/migrations/0022_sitemapurl.py new file mode 100644 index 0000000..ba245c1 --- /dev/null +++ b/myapp/migrations/0022_sitemapurl.py @@ -0,0 +1,21 @@ +# Generated by Django 4.2.16 on 2024-10-27 15:19 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0021_hashresult'), + ] + + operations = [ + migrations.CreateModel( + name='SitemapURL', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField(unique=True)), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0023_linkcheckresult.py b/myapp/migrations/0023_linkcheckresult.py new file mode 100644 index 0000000..cd30ae9 --- /dev/null +++ b/myapp/migrations/0023_linkcheckresult.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-29 10:36 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0022_sitemapurl'), + ] + + operations = [ + migrations.CreateModel( + name='LinkCheckResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField()), + ('found_link', models.URLField()), + ('checked_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0024_linkresult.py b/myapp/migrations/0024_linkresult.py new file mode 100644 index 0000000..5c83a94 --- /dev/null +++ b/myapp/migrations/0024_linkresult.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-29 13:46 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0023_linkcheckresult'), + ] + + operations = [ + migrations.CreateModel( + name='LinkResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField()), + ('found_link', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0025_scrapedlink_delete_linkcheckresult_delete_linkresult.py b/myapp/migrations/0025_scrapedlink_delete_linkcheckresult_delete_linkresult.py new file mode 100644 index 0000000..41ff771 --- /dev/null +++ b/myapp/migrations/0025_scrapedlink_delete_linkcheckresult_delete_linkresult.py @@ -0,0 +1,28 @@ +# Generated by Django 4.2.16 on 2024-10-29 14:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0024_linkresult'), + ] + + operations = [ + migrations.CreateModel( + name='ScrapedLink', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('domain_name', models.CharField(max_length=255)), + ('link', models.URLField()), + ('created_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.DeleteModel( + name='LinkCheckResult', + ), + migrations.DeleteModel( + name='LinkResult', + ), + ] diff --git a/myapp/migrations/0026_alllinkscrap_delete_scrapedlink.py b/myapp/migrations/0026_alllinkscrap_delete_scrapedlink.py new file mode 100644 index 0000000..6963f46 --- /dev/null +++ b/myapp/migrations/0026_alllinkscrap_delete_scrapedlink.py @@ -0,0 +1,24 @@ +# Generated by Django 4.2.16 on 2024-10-29 14:30 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0025_scrapedlink_delete_linkcheckresult_delete_linkresult'), + ] + + operations = [ + migrations.CreateModel( + name='AllLinkScrap', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('link', models.URLField(unique=True)), + ('scraped_at', models.DateTimeField(auto_now_add=True)), + ], + ), + migrations.DeleteModel( + name='ScrapedLink', + ), + ] diff --git a/myapp/migrations/0027_crawledlink_delete_alllinkscrap.py b/myapp/migrations/0027_crawledlink_delete_alllinkscrap.py new file mode 100644 index 0000000..7ac80c7 --- /dev/null +++ b/myapp/migrations/0027_crawledlink_delete_alllinkscrap.py @@ -0,0 +1,24 @@ +# Generated by Django 4.2.16 on 2024-10-29 15:31 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0026_alllinkscrap_delete_scrapedlink'), + ] + + operations = [ + migrations.CreateModel( + name='CrawledLink', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('base_url', models.URLField()), + ('link', models.URLField()), + ], + ), + migrations.DeleteModel( + name='AllLinkScrap', + ), + ] diff --git a/myapp/migrations/0028_delete_crawledlink.py b/myapp/migrations/0028_delete_crawledlink.py new file mode 100644 index 0000000..b913ca3 --- /dev/null +++ b/myapp/migrations/0028_delete_crawledlink.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-29 15:53 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0027_crawledlink_delete_alllinkscrap'), + ] + + operations = [ + migrations.DeleteModel( + name='CrawledLink', + ), + ] diff --git a/myapp/migrations/0029_delete_hashresult.py b/myapp/migrations/0029_delete_hashresult.py new file mode 100644 index 0000000..be96bd6 --- /dev/null +++ b/myapp/migrations/0029_delete_hashresult.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-30 17:33 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0028_delete_crawledlink'), + ] + + operations = [ + migrations.DeleteModel( + name='HashResult', + ), + ] diff --git a/myapp/migrations/0030_gitscanresult.py b/myapp/migrations/0030_gitscanresult.py new file mode 100644 index 0000000..8f10b16 --- /dev/null +++ b/myapp/migrations/0030_gitscanresult.py @@ -0,0 +1,22 @@ +# Generated by Django 4.2.16 on 2024-10-30 18:01 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0029_delete_hashresult'), + ] + + operations = [ + migrations.CreateModel( + name='GitScanResult', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('repo_url', models.URLField()), + ('result_data', models.JSONField()), + ('scanned_at', models.DateTimeField(auto_now_add=True)), + ], + ), + ] diff --git a/myapp/migrations/0031_sensitivedatafinding_delete_gitscanresult.py b/myapp/migrations/0031_sensitivedatafinding_delete_gitscanresult.py new file mode 100644 index 0000000..68b887d --- /dev/null +++ b/myapp/migrations/0031_sensitivedatafinding_delete_gitscanresult.py @@ -0,0 +1,29 @@ +# Generated by Django 4.2.16 on 2024-10-31 04:58 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0030_gitscanresult'), + ] + + operations = [ + migrations.CreateModel( + name='SensitiveDataFinding', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('repo_url', models.URLField()), + ('file_path', models.CharField(max_length=255)), + ('strings_found', models.JSONField()), + ('commit_id', models.CharField(max_length=100)), + ('commit_author', models.CharField(max_length=255)), + ('commit_date', models.DateTimeField()), + ('commit_message', models.TextField()), + ], + ), + migrations.DeleteModel( + name='GitScanResult', + ), + ] diff --git a/myapp/migrations/0032_delete_sensitivedatafinding.py b/myapp/migrations/0032_delete_sensitivedatafinding.py new file mode 100644 index 0000000..f971bc0 --- /dev/null +++ b/myapp/migrations/0032_delete_sensitivedatafinding.py @@ -0,0 +1,16 @@ +# Generated by Django 4.2.16 on 2024-10-31 05:05 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0031_sensitivedatafinding_delete_gitscanresult'), + ] + + operations = [ + migrations.DeleteModel( + name='SensitiveDataFinding', + ), + ] diff --git a/myapp/migrations/0033_scrapedresource.py b/myapp/migrations/0033_scrapedresource.py new file mode 100644 index 0000000..23521e1 --- /dev/null +++ b/myapp/migrations/0033_scrapedresource.py @@ -0,0 +1,21 @@ +# Generated by Django 4.2.16 on 2024-11-02 13:42 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0032_delete_sensitivedatafinding'), + ] + + operations = [ + migrations.CreateModel( + name='ScrapedResource', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('source_url', models.URLField()), + ('resource_url', models.URLField()), + ], + ), + ] diff --git a/myapp/migrations/0034_rename_scrapedresource_linkresource_and_more.py b/myapp/migrations/0034_rename_scrapedresource_linkresource_and_more.py new file mode 100644 index 0000000..3a8c12a --- /dev/null +++ b/myapp/migrations/0034_rename_scrapedresource_linkresource_and_more.py @@ -0,0 +1,27 @@ +# Generated by Django 4.2.16 on 2024-11-02 14:17 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0033_scrapedresource'), + ] + + operations = [ + migrations.RenameModel( + old_name='ScrapedResource', + new_name='LinkResource', + ), + migrations.RenameField( + model_name='linkresource', + old_name='resource_url', + new_name='resource', + ), + migrations.RenameField( + model_name='linkresource', + old_name='source_url', + new_name='url', + ), + ] diff --git a/myapp/migrations/0035_link_resource_delete_linkresource.py b/myapp/migrations/0035_link_resource_delete_linkresource.py new file mode 100644 index 0000000..9bdf4d5 --- /dev/null +++ b/myapp/migrations/0035_link_resource_delete_linkresource.py @@ -0,0 +1,24 @@ +# Generated by Django 4.2.16 on 2024-11-02 14:28 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0034_rename_scrapedresource_linkresource_and_more'), + ] + + operations = [ + migrations.CreateModel( + name='Link_Resource', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('url', models.URLField()), + ('resource', models.CharField(max_length=500)), + ], + ), + migrations.DeleteModel( + name='LinkResource', + ), + ] diff --git a/myapp/migrations/0036_gitdataleak.py b/myapp/migrations/0036_gitdataleak.py new file mode 100644 index 0000000..29061e2 --- /dev/null +++ b/myapp/migrations/0036_gitdataleak.py @@ -0,0 +1,23 @@ +# Generated by Django 4.2.16 on 2024-11-05 05:36 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('myapp', '0035_link_resource_delete_linkresource'), + ] + + operations = [ + migrations.CreateModel( + name='GitDataLeak', + fields=[ + ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('pattern_name', models.CharField(max_length=100)), + ('file_path', models.CharField(max_length=255)), + ('line_num', models.IntegerField()), + ('content', models.TextField()), + ], + ), + ] diff --git a/myapp/migrations/__init__.py b/myapp/migrations/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/myapp/migrations/__pycache__/0001_initial.cpython-310.pyc b/myapp/migrations/__pycache__/0001_initial.cpython-310.pyc new file mode 100644 index 0000000..6bde9b5 Binary files /dev/null and b/myapp/migrations/__pycache__/0001_initial.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0002_domainresult_decodedresult.cpython-310.pyc b/myapp/migrations/__pycache__/0002_domainresult_decodedresult.cpython-310.pyc new file mode 100644 index 0000000..e580710 Binary files /dev/null and b/myapp/migrations/__pycache__/0002_domainresult_decodedresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0003_alter_decodedresult_domain_result.cpython-310.pyc b/myapp/migrations/__pycache__/0003_alter_decodedresult_domain_result.cpython-310.pyc new file mode 100644 index 0000000..6c4ebbc Binary files /dev/null and b/myapp/migrations/__pycache__/0003_alter_decodedresult_domain_result.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0004_domainresult1_alter_decodedresult_domain_result_and_more.cpython-310.pyc b/myapp/migrations/__pycache__/0004_domainresult1_alter_decodedresult_domain_result_and_more.cpython-310.pyc new file mode 100644 index 0000000..9ac49d6 Binary files /dev/null and b/myapp/migrations/__pycache__/0004_domainresult1_alter_decodedresult_domain_result_and_more.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0005_scanresult.cpython-310.pyc b/myapp/migrations/__pycache__/0005_scanresult.cpython-310.pyc new file mode 100644 index 0000000..ece29b8 Binary files /dev/null and b/myapp/migrations/__pycache__/0005_scanresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0006_delete_scanresult.cpython-310.pyc b/myapp/migrations/__pycache__/0006_delete_scanresult.cpython-310.pyc new file mode 100644 index 0000000..3625f05 Binary files /dev/null and b/myapp/migrations/__pycache__/0006_delete_scanresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0007_remove_decodedresult_domain_result_and_more.cpython-310.pyc b/myapp/migrations/__pycache__/0007_remove_decodedresult_domain_result_and_more.cpython-310.pyc new file mode 100644 index 0000000..a443cfa Binary files /dev/null and b/myapp/migrations/__pycache__/0007_remove_decodedresult_domain_result_and_more.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0008_scrapedlink.cpython-310.pyc b/myapp/migrations/__pycache__/0008_scrapedlink.cpython-310.pyc new file mode 100644 index 0000000..1b1a581 Binary files /dev/null and b/myapp/migrations/__pycache__/0008_scrapedlink.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0009_scrapedlink11.cpython-310.pyc b/myapp/migrations/__pycache__/0009_scrapedlink11.cpython-310.pyc new file mode 100644 index 0000000..e58f4ec Binary files /dev/null and b/myapp/migrations/__pycache__/0009_scrapedlink11.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0010_delete_scrapedlink.cpython-310.pyc b/myapp/migrations/__pycache__/0010_delete_scrapedlink.cpython-310.pyc new file mode 100644 index 0000000..82c6425 Binary files /dev/null and b/myapp/migrations/__pycache__/0010_delete_scrapedlink.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0011_directoryenumresult.cpython-310.pyc b/myapp/migrations/__pycache__/0011_directoryenumresult.cpython-310.pyc new file mode 100644 index 0000000..a29e492 Binary files /dev/null and b/myapp/migrations/__pycache__/0011_directoryenumresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0012_directoryenumeration.cpython-310.pyc b/myapp/migrations/__pycache__/0012_directoryenumeration.cpython-310.pyc new file mode 100644 index 0000000..e42f334 Binary files /dev/null and b/myapp/migrations/__pycache__/0012_directoryenumeration.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0013_gitleak.cpython-310.pyc b/myapp/migrations/__pycache__/0013_gitleak.cpython-310.pyc new file mode 100644 index 0000000..c9d0a41 Binary files /dev/null and b/myapp/migrations/__pycache__/0013_gitleak.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0014_delete_gitleak.cpython-310.pyc b/myapp/migrations/__pycache__/0014_delete_gitleak.cpython-310.pyc new file mode 100644 index 0000000..4a664eb Binary files /dev/null and b/myapp/migrations/__pycache__/0014_delete_gitleak.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0015_githubscan_secretscan.cpython-310.pyc b/myapp/migrations/__pycache__/0015_githubscan_secretscan.cpython-310.pyc new file mode 100644 index 0000000..443a009 Binary files /dev/null and b/myapp/migrations/__pycache__/0015_githubscan_secretscan.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0016_scrapedlink_delete_directoryenumresult_and_more.cpython-310.pyc b/myapp/migrations/__pycache__/0016_scrapedlink_delete_directoryenumresult_and_more.cpython-310.pyc new file mode 100644 index 0000000..90191f4 Binary files /dev/null and b/myapp/migrations/__pycache__/0016_scrapedlink_delete_directoryenumresult_and_more.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0017_rename_base_url_scrapedlink_link_and_more.cpython-310.pyc b/myapp/migrations/__pycache__/0017_rename_base_url_scrapedlink_link_and_more.cpython-310.pyc new file mode 100644 index 0000000..bc33ada Binary files /dev/null and b/myapp/migrations/__pycache__/0017_rename_base_url_scrapedlink_link_and_more.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0018_delete_scrapedlink.cpython-310.pyc b/myapp/migrations/__pycache__/0018_delete_scrapedlink.cpython-310.pyc new file mode 100644 index 0000000..8531f70 Binary files /dev/null and b/myapp/migrations/__pycache__/0018_delete_scrapedlink.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0019_scraplink.cpython-310.pyc b/myapp/migrations/__pycache__/0019_scraplink.cpython-310.pyc new file mode 100644 index 0000000..9ae4dfb Binary files /dev/null and b/myapp/migrations/__pycache__/0019_scraplink.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0020_rename_scraplink_linkscrap.cpython-310.pyc b/myapp/migrations/__pycache__/0020_rename_scraplink_linkscrap.cpython-310.pyc new file mode 100644 index 0000000..f51e6c9 Binary files /dev/null and b/myapp/migrations/__pycache__/0020_rename_scraplink_linkscrap.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0021_hashresult.cpython-310.pyc b/myapp/migrations/__pycache__/0021_hashresult.cpython-310.pyc new file mode 100644 index 0000000..5cf5d0a Binary files /dev/null and b/myapp/migrations/__pycache__/0021_hashresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0022_sitemapurl.cpython-310.pyc b/myapp/migrations/__pycache__/0022_sitemapurl.cpython-310.pyc new file mode 100644 index 0000000..b81bf64 Binary files /dev/null and b/myapp/migrations/__pycache__/0022_sitemapurl.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0023_linkcheckresult.cpython-310.pyc b/myapp/migrations/__pycache__/0023_linkcheckresult.cpython-310.pyc new file mode 100644 index 0000000..d4c67a5 Binary files /dev/null and b/myapp/migrations/__pycache__/0023_linkcheckresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0024_linkresult.cpython-310.pyc b/myapp/migrations/__pycache__/0024_linkresult.cpython-310.pyc new file mode 100644 index 0000000..6d3984b Binary files /dev/null and b/myapp/migrations/__pycache__/0024_linkresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0025_scrapedlink_delete_linkcheckresult_delete_linkresult.cpython-310.pyc b/myapp/migrations/__pycache__/0025_scrapedlink_delete_linkcheckresult_delete_linkresult.cpython-310.pyc new file mode 100644 index 0000000..3502c85 Binary files /dev/null and b/myapp/migrations/__pycache__/0025_scrapedlink_delete_linkcheckresult_delete_linkresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0026_alllinkscrap_delete_scrapedlink.cpython-310.pyc b/myapp/migrations/__pycache__/0026_alllinkscrap_delete_scrapedlink.cpython-310.pyc new file mode 100644 index 0000000..f6d77fc Binary files /dev/null and b/myapp/migrations/__pycache__/0026_alllinkscrap_delete_scrapedlink.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0027_crawledlink_delete_alllinkscrap.cpython-310.pyc b/myapp/migrations/__pycache__/0027_crawledlink_delete_alllinkscrap.cpython-310.pyc new file mode 100644 index 0000000..64ca9f1 Binary files /dev/null and b/myapp/migrations/__pycache__/0027_crawledlink_delete_alllinkscrap.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0028_delete_crawledlink.cpython-310.pyc b/myapp/migrations/__pycache__/0028_delete_crawledlink.cpython-310.pyc new file mode 100644 index 0000000..cd605e4 Binary files /dev/null and b/myapp/migrations/__pycache__/0028_delete_crawledlink.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0029_delete_hashresult.cpython-310.pyc b/myapp/migrations/__pycache__/0029_delete_hashresult.cpython-310.pyc new file mode 100644 index 0000000..5c2f555 Binary files /dev/null and b/myapp/migrations/__pycache__/0029_delete_hashresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0030_gitscanresult.cpython-310.pyc b/myapp/migrations/__pycache__/0030_gitscanresult.cpython-310.pyc new file mode 100644 index 0000000..5d5995b Binary files /dev/null and b/myapp/migrations/__pycache__/0030_gitscanresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0031_sensitivedatafinding_delete_gitscanresult.cpython-310.pyc b/myapp/migrations/__pycache__/0031_sensitivedatafinding_delete_gitscanresult.cpython-310.pyc new file mode 100644 index 0000000..c69f0a4 Binary files /dev/null and b/myapp/migrations/__pycache__/0031_sensitivedatafinding_delete_gitscanresult.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0032_delete_sensitivedatafinding.cpython-310.pyc b/myapp/migrations/__pycache__/0032_delete_sensitivedatafinding.cpython-310.pyc new file mode 100644 index 0000000..e42ae7c Binary files /dev/null and b/myapp/migrations/__pycache__/0032_delete_sensitivedatafinding.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0033_scrapedresource.cpython-310.pyc b/myapp/migrations/__pycache__/0033_scrapedresource.cpython-310.pyc new file mode 100644 index 0000000..d14252b Binary files /dev/null and b/myapp/migrations/__pycache__/0033_scrapedresource.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0034_rename_scrapedresource_linkresource_and_more.cpython-310.pyc b/myapp/migrations/__pycache__/0034_rename_scrapedresource_linkresource_and_more.cpython-310.pyc new file mode 100644 index 0000000..3de2a38 Binary files /dev/null and b/myapp/migrations/__pycache__/0034_rename_scrapedresource_linkresource_and_more.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0035_link_resource_delete_linkresource.cpython-310.pyc b/myapp/migrations/__pycache__/0035_link_resource_delete_linkresource.cpython-310.pyc new file mode 100644 index 0000000..857a66d Binary files /dev/null and b/myapp/migrations/__pycache__/0035_link_resource_delete_linkresource.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/0036_gitdataleak.cpython-310.pyc b/myapp/migrations/__pycache__/0036_gitdataleak.cpython-310.pyc new file mode 100644 index 0000000..7bc2f75 Binary files /dev/null and b/myapp/migrations/__pycache__/0036_gitdataleak.cpython-310.pyc differ diff --git a/myapp/migrations/__pycache__/__init__.cpython-310.pyc b/myapp/migrations/__pycache__/__init__.cpython-310.pyc new file mode 100644 index 0000000..448a1b8 Binary files /dev/null and b/myapp/migrations/__pycache__/__init__.cpython-310.pyc differ diff --git a/myapp/models.py b/myapp/models.py new file mode 100644 index 0000000..76c143c --- /dev/null +++ b/myapp/models.py @@ -0,0 +1,77 @@ +from django.db import models + +class GoogleLink(models.Model): + query = models.CharField(max_length=255) + link = models.URLField() # URLField is used for links + created_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return self.link + + +class Subdomain(models.Model): + domain_name = models.CharField(max_length=255) + subdomains = models.CharField(max_length=255) + created_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return self.subdomains + + +class DirectoryEnumeration(models.Model): + domain = models.CharField(max_length=255) + directory = models.URLField(max_length=500) + created_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return self.directory + +class GitHubScan(models.Model): + repository_url = models.URLField(max_length=255) + scan_results = models.JSONField() # Store results as JSON + created_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return self.repository_url + +class SecretScan(models.Model): + url = models.URLField(max_length=500) + secret_type = models.CharField(max_length=100) + secret_value = models.TextField() + scanned_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return f'{self.secret_type} found in {self.url}' + +class Linkscrap(models.Model): + link = models.URLField() + created_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return self.link + + + +class SitemapURL(models.Model): + url = models.URLField(unique=True) # Ensure URLs are unique + created_at = models.DateTimeField(auto_now_add=True) + + def __str__(self): + return self.url + +class Link_Resource(models.Model): + url = models.URLField() + resource = models.CharField(max_length=500) + + def __str__(self): + return f"{self.url} - {self.resource}" + + +class GitDataLeak(models.Model): + pattern_name = models.CharField(max_length=100) + file_path = models.CharField(max_length=255) + line_num = models.IntegerField() + content = models.TextField() + + def __str__(self): + return f"{self.pattern_name} found in {self.file_path} at line {self.line_num}" \ No newline at end of file diff --git a/myapp/payloads/common.txt b/myapp/payloads/common.txt new file mode 100644 index 0000000..98334fa --- /dev/null +++ b/myapp/payloads/common.txt @@ -0,0 +1,4734 @@ +.bash_history +.bashrc +.cache +.config +.cvs +.cvsignore +.env +.forward +.git +.git-rewrite +.git/HEAD +.git/config +.git/index +.git/logs/ +.git_release +.gitattributes +.gitconfig +.gitignore +.gitk +.gitkeep +.gitmodules +.gitreview +.history +.hta +.htaccess +.htpasswd +.listing +.listings +.mysql_history +.passwd +.perf +.profile +.rhosts +.sh_history +.ssh +.subversion +.svn +.svn/entries +.svnignore +.swf +.web +.well-known/acme-challenge +.well-known/apple-app-site-association +.well-known/apple-developer-merchantid-domain-association +.well-known/ashrae +.well-known/assetlinks.json +.well-known/autoconfig/mail +.well-known/browserid +.well-known/caldav +.well-known/carddav +.well-known/change-password +.well-known/coap +.well-known/core +.well-known/csvm +.well-known/dnt +.well-known/dnt-policy.txt +.well-known/dots +.well-known/ecips +.well-known/enterprise-transport-security +.well-known/est +.well-known/genid +.well-known/hoba +.well-known/host-meta +.well-known/host-meta.json +.well-known/http-opportunistic +.well-known/idp-proxy +.well-known/jmap +.well-known/jwks.json +.well-known/keybase.txt +.well-known/looking-glass +.well-known/matrix +.well-known/mercure +.well-known/mta-sts.txt +.well-known/mud +.well-known/nfv-oauth-server-configuration +.well-known/ni +.well-known/nodeinfo +.well-known/oauth-authorization-server +.well-known/openid-configuration +.well-known/openid-federation +.well-known/openorg +.well-known/openpgpkey +.well-known/pki-validation +.well-known/posh +.well-known/pvd +.well-known/reload-config +.well-known/repute-template +.well-known/resourcesync +.well-known/security.txt +.well-known/humans.txt +.well-known/stun-key +.well-known/thread +.well-known/time +.well-known/timezone +.well-known/uma2-configuration +.well-known/void +.well-known/webfinger +0 +00 +01 +02 +03 +04 +05 +06 +07 +08 +09 +1 +10 +100 +1000 +1001 +101 +102 +103 +11 +12 +123 +13 +14 +15 +1990 +1991 +1992 +1993 +1994 +1995 +1996 +1997 +1998 +1999 +1x1 +2 +20 +200 +2000 +2001 +2002 +2003 +2004 +2005 +2006 +2007 +2008 +2009 +2010 +2011 +2012 +2013 +2014 +2015 +2016 +2017 +2018 +2019 +2020 +2021 +2022 +21 +22 +2257 +23 +24 +25 +2g +3 +30 +300 +32 +3g +3rdparty +4 +400 +401 +403 +404 +42 +4DWEBTEST +4DSTATS +4DHTMLSTATS +5 +50 +500 +51 +6 +64 +7 +7z +8 +9 +96 +@ +A +ADM +ADMIN +ADMON +AT-admin.cgi +About +AboutUs +Admin +AdminService +AdminTools +Administration +AggreSpy +AppsLocalLogin +AppsLogin +Archive +Articles +B +BUILD +BackOffice +Base +Blog +Books +Browser +Business +C +CMS +CPAN +CVS +CVS/Entries +CVS/Repository +CVS/Root +CYBERDOCS +CYBERDOCS25 +CYBERDOCS31 +ChangeLog +Computers +Contact +ContactUs +Content +Creatives +D +DB +DMSDump +Database_Administration +Default +Documents and Settings +Download +Downloads +E +Education +English +Entertainment +Entries +Events +Extranet +F +FAQ +FCKeditor +G +Games +Global +Graphics +H +HTML +Health +Help +Home +I +INSTALL_admin +Image +Images +Index +Indy_admin +Internet +J +JMXSoapAdapter +Java +L +LICENSE +Legal +Links +Linux +Log +LogFiles +Login +Logs +Lotus_Domino_Admin +M +MANIFEST.MF +META-INF +Main +Main_Page +Makefile +Media +Members +Menus +Misc +Music +N +News +O +OA +OAErrorDetailPage +OA_HTML +OasDefault +Office +P +PDF +PHP +PMA +Pages +People +Press +Privacy +Products +Program Files +Projects +Publications +R +RCS +README +RSS +Rakefile +Readme +RealMedia +Recycled +Research +Resources +Root +S +SERVER-INF +SOAPMonitor +SQL +SUNWmc +Scripts +Search +Security +Server +ServerAdministrator +Services +Servlet +Servlets +Shibboleth.sso/Metadata +SiteMap +SiteScope +SiteServer +Sites +Software +Sources +Sports +Spy +Statistics +Stats +Super-Admin +Support +SysAdmin +SysAdmin2 +T +TEMP +TMP +TODO +Technology +Themes +Thumbs.db +Travel +U +US +UserFiles +Utilities +V +Video +W +W3SVC +W3SVC1 +W3SVC2 +W3SVC3 +WEB-INF +WS_FTP +WS_FTP.LOG +WebAdmin +Windows +X +XML +XXX +_ +_adm +_admin +_ajax +_archive +_assets +_backup +_baks +_borders +_cache +_catalogs +_common +_conf +_config +_css +_data +_database +_db_backups +_derived +_dev +_dummy +_files +_flash +_fpclass +_framework/blazor.boot.json +_framework/blazor.webassembly.js +_framework/wasm/dotnet.wasm +_framework/_bin/WebAssembly.Bindings.dll +_images +_img +_inc +_include +_includes +_install +_js +_layouts +_lib +_media +_mem_bin +_mm +_mmserverscripts +_mygallery +_notes +_old +_overlay +_pages +_private +_reports +_res +_resources +_scriptlibrary +_scripts +_source +_src +_stats +_styles +_swf +_temp +_tempalbums +_template +_templates +_test +_themes +_tmp +_tmpfileop +_vti_aut +_vti_bin +_vti_bin/_vti_adm/admin.dll +_vti_bin/_vti_aut/author.dll +_vti_bin/shtml.dll +_vti_cnf +_vti_inf +_vti_log +_vti_map +_vti_pvt +_vti_rpc +_vti_script +_vti_txt +_www +a +aa +aaa +abc +abc123 +abcd +abcd1234 +about +about-us +about_us +aboutus +abstract +abuse +ac +academic +academics +acatalog +acc +access +access-log +access-log.1 +access.1 +access_db +access_log +access_log.1 +accessgranted +accessibility +accessories +accommodation +account +account_edit +account_history +accountants +accounting +accounts +accountsettings +acct_login +achitecture +acp +act +action +actions +activate +activation +active +activeCollab +activex +activities +activity +ad +ad_js +adaptive +adclick +add +add_cart +addfav +addnews +addons +addpost +addreply +address +address_book +addressbook +addresses +addtocart +adlog +adlogger +adm +admin +admin-admin +admin-console +admin-interface +administrator-panel +admin.cgi +admin.php +admin.pl +admin1 +admin2 +admin3 +admin4_account +admin4_colon +admin_ +admin_area +admin_banner +admin_c +admin_index +admin_interface +admin_login +admin_logon +admincontrol +admincp +adminhelp +administer +administr8 +administracion +administrador +administrat +administratie +administration +administrator +administratoraccounts +administrators +administrivia +adminlogin +adminlogon +adminpanel +adminpro +admins +adminsessions +adminsql +admintools +admissions +admon +adobe +adodb +ads +adserver +adsl +adv +adv_counter +advanced +advanced_search +advancedsearch +advert +advertise +advertisement +advertisers +advertising +adverts +advice +adview +advisories +af +aff +affiche +affiliate +affiliate_info +affiliate_terms +affiliates +affiliatewiz +africa +agb +agency +agenda +agent +agents +aggregator +ajax +ajax_cron +akamai +akeeba.backend.log +alarm +alarms +album +albums +alcatel +alert +alerts +alias +aliases +alive +all +all-wcprops +alltime +alpha +alt +alumni +alumni_add +alumni_details +alumni_info +alumni_reunions +alumni_update +am +amanda +amazon +amember +analog +analog.html +analyse +analysis +analytics +and +android +android/config +announce +announcement +announcements +annuaire +annual +anon +anon_ftp +anonymous +ansi +answer +answers +antibot_image +antispam +antivirus +anuncios +any +aol +ap +apac +apache +apanel +apc +apexec +api +api/experiments +api/experiments/configurations +apis +apl +apm +app +app_browser +app_browsers +app_code +app_data +app_themes +appeal +appeals +append +appl +apple +apple-app-site-association +applet +applets +appliance +appliation +application +application.wadl +applications +apply +apps +apr +ar +arbeit +arcade +arch +architect +architecture +archiv +archive +archives +archivos +arquivos +array +arrow +ars +art +article +articles +artikel +artists +arts +artwork +as +ascii +asdf +ashley +asia +ask +ask_a_question +askapache +asmx +asp +aspadmin +aspdnsfcommon +aspdnsfencrypt +aspdnsfgateways +aspdnsfpatterns +aspnet_client +asps +aspx +asset +assetmanage +assetmanagement +assets +at +atom +attach +attach_mod +attachment +attachments +attachs +attic +au +auction +auctions +audio +audit +audits +auth +authentication +author +authoring +authorization +authorize +authorized_keys +authors +authuser +authusers +auto +autobackup +autocheck +autodeploy +autodiscover +autologin +automatic +automation +automotive +aux +av +avatar +avatars +aw +award +awardingbodies +awards +awl +awmdata +awstats +awstats.conf +axis +axis-admin +axis2 +axis2-admin +axs +az +b +b1 +b2b +b2c +back +back-up +backdoor +backend +background +backgrounds +backoffice +backup +backup-db +backup2 +backup_migrate +backups +bad_link +bak +bak-up +bakup +balance +balances +ban +bandwidth +bank +banking +banks +banned +banner +banner2 +banner_element +banneradmin +bannerads +banners +bar +base +baseball +bash +basic +basket +basketball +baskets +bass +bat +batch +baz +bb +bb-hist +bb-histlog +bbadmin +bbclone +bboard +bbs +bc +bd +bdata +be +bea +bean +beans +beehive +beheer +benefits +benutzer +best +beta +bfc +bg +big +bigadmin +bigip +bilder +bill +billing +bin +binaries +binary +bins +bio +bios +bitrix +biz +bk +bkup +bl +black +blah +blank +blb +block +blocked +blocks +blog +blog_ajax +blog_inlinemod +blog_report +blog_search +blog_usercp +blogger +bloggers +blogindex +blogs +blogspot +blow +blue +bm +bmz_cache +bnnr +bo +board +boards +bob +body +bofh +boiler +boilerplate +bonus +bonuses +book +booker +booking +bookmark +bookmarks +books +bookstore +boost_stats +boot +bot +bot-trap +bots +bottom +boutique +box +boxes +br +brand +brands +broadband +brochure +brochures +broken +broken_link +broker +browse +browser +bs +bsd +bt +bug +bugs +build +builder +buildr +bulk +bulksms +bullet +busca +buscador +buscar +business +button +buttons +buy +buynow +buyproduct +bypass +bz2 +c +cPanel +ca +cabinet +cache +cachemgr +cachemgr.cgi +caching +cad +cadmins +cal +calc +calendar +calendar_events +calendar_sports +calendarevents +calendars +call +callback +callee +caller +callin +calling +callout +cam +camel +campaign +campaigns +can +canada +captcha +car +carbuyaction +card +cardinal +cardinalauth +cardinalform +cards +career +careers +carp +carpet +cars +cart +carthandler +carts +cas +cases +casestudies +cash +cat +catalog +catalog.wci +catalogs +catalogsearch +catalogue +catalyst +catch +categoria +categories +category +catinfo +cats +cb +cc +ccbill +ccount +ccp14admin +ccs +cd +cdrom +centres +cert +certenroll +certificate +certificates +certification +certified +certs +certserver +certsrv +cf +cfc +cfcache +cfdocs +cfg +cfide +cfm +cfusion +cgi +cgi-bin +cgi-bin/ +cgi-bin2 +cgi-data +cgi-exe +cgi-home +cgi-image +cgi-local +cgi-perl +cgi-pub +cgi-script +cgi-shl +cgi-sys +cgi-web +cgi-win +cgi_bin +cgibin +cgis +cgiwrap +cgm-web +ch +chan +change +change_password +change-password +changed +changelog +changepw +changes +channel +charge +charges +chart +charts +chat +chats +check +checking +checkout +checkout_iclear +checkoutanon +checkoutreview +checkpoint +checks +check-email +child +children +china +chk +choosing +chris +chrome +cinema +cisco +cisweb +cities +citrix +city +ck +ckeditor +ckfinder +cl +claim +claims +class +classes +classic +classified +classifieds +classroompages +cleanup +clear +clearcookies +clearpixel +click +clickheat +clickout +clicks +client +client_configs +clientaccesspolicy +clientapi +clientes +clients +clientscript +clipart +clips +clk +clock +close +closed +closing +club +cluster +clusters +cm +cmd +cmpi_popup +cms +cmsadmin +cn +cnf +cnstats +cnt +co +cocoon +code +codec +codecs +codepages +codes +coffee +cognos +coke +coldfusion +collapse +collection +college +columnists +columns +com +com1 +com2 +com3 +com4 +com_sun_web_ui +comics +comm +command +comment +comment-page +comment-page-1 +commentary +commented +comments +commerce +commercial +common +commoncontrols +commun +communication +communications +communicator +communities +community +comp +compact +companies +company +compare +compare_product +comparison +comparison_list +compat +compiled +complaint +complaints +compliance +component +components +compose +composer +compress +compressed +computer +computers +computing +comunicator +con +concrete +conditions +conf +conference +conferences +config +config.local +config.properties +configs +configuration +configure +confirm +confirmed +conlib +conn +connect +connections +connector +connectors +console +constant +constants +consulting +consumer +cont +contact +contact-form +contact-us +contact_bean +contact_us +contactinfo +contacto +contacts +contacts.txt +contactus +contao +contato +contenido +content +contents +contest +contests +contract +contracts +contrib +contribute +contribute.json +contributor +control +controller +controllers +controlpanel +controls +converge_local +converse +cookie +cookie_usage +cookies +cool +copies +copy +copyright +copyright-policy +corba +core +coreg +corp +corpo +corporate +corporation +corrections +cosign.key +cosign.pub +count +counter +counters +country +counts +coupon +coupons +coupons1 +course +courses +cover +covers +cp +cpadmin +cpanel +cpanel_file +cpath +cpp +cps +cpstyles +cr +crack +crash +crashes +create +create_account +createaccount +createbutton +creation +creator +credentials +credentials.txt +credit +creditcards +credits +crime +crm +crms +cron +cronjobs +crons +crontab +crontabs +crossdomain +crossdomain.xml +crs +crtr +crypt +crypto +cs +cse +csproj +css +csv +ct +ctl +culture +currency +current +custom +custom-log +custom_log +customavatars +customcode +customer +customer_login +customers +customgroupicons +customize +cute +cutesoft_client +cv +cvs +cxf +cy +cyberworld +cycle_image +cz +czcmdcvt +d +da +daemon +daily +dan +dana-na +dark +dashboard +dat +data +database +database_administration +databases +datafiles +datas +date +daten +datenschutz +dating +dav +day +db +db_connect +dba +dbadmin +dbase +dbboon +dbg +dbi +dblclk +dbm +dbman +dbmodules +dbms +dbutil +dc +dcforum +dclk +de +de_DE +deal +dealer +dealers +deals +debian +debug +dec +decl +declaration +declarations +decode +decoder +decrypt +decrypted +decryption +def +default +default_icon +default_image +default_logo +default_page +default_pages +defaults +definition +definitions +del +delete +deleted +deleteme +deletion +delicious +demo +demo2 +demos +denied +deny +departments +deploy +deployment +descargas +design +designs +desktop +desktopmodules +desktops +destinations +detail +details +deutsch +dev +dev2 +dev60cgi +devel +develop +developement +developer +developers +development +development.log +device +devices +devs +devtools +df +dh_ +dh_phpmyadmin +di +diag +diagnostics +dial +dialog +dialogs +diary +dictionary +diff +diffs +dig +digest +digg +digital +dir +dir-login +dir-prop-base +dirbmark +direct +directadmin +directions +directories +directorio +directory +dirs +disabled +disallow +disclaimer +disclosure +discootra +discount +discovery +discus +discuss +discussion +disdls +disk +dispatch +dispatcher +display +display_vvcodes +dist +divider +django +dk +dl +dll +dm +dm-config +dmdocuments +dms +dms0 +dns +do +doc +docebo +docedit +dock +docroot +docs +docs41 +docs51 +document +document_library +documentation +documents +doinfo +dokuwiki +domain +domains +donate +donations +done +dot +doubleclick +down +download +download_private +downloader +downloads +downsys +draft +drafts +dragon +draver +driver +drivers +drop +dropped +drupal +ds +dummy +dump +dumpenv +dumps +dumpuser +dvd +dwr +dyn +dynamic +dyop_addtocart +dyop_delete +dyop_quan +e +e-mail +e-store +e107_admin +e107_files +e107_handlers +e2fs +ear +easy +ebay +eblast +ebook +ebooks +ebriefs +ec +ecard +ecards +echannel +ecommerce +ecrire +edge +edgy +edit +edit_link +edit_profile +editaddress +editor +editorial +editorials +editors +editpost +edits +edp +edu +education +ee +effort +efforts +egress +ehdaa +ejb +el +electronics +element +elements +elmar +em +email +email-a-friend +email-addresses +emailafriend +emailer +emailhandler +emailing +emailproduct +emails +emailsignup +emailtemplates +embed +embedd +embedded +emea +emergency +emoticons +employee +employees +employers +employment +empty +emu +emulator +en +en_US +en_us +enable-cookies +enc +encode +encoder +encrypt +encrypted +encryption +encyption +end +enduser +endusers +energy +enews +eng +engine +engines +english +enterprise +entertainment +entries +entropybanner +entry +env +environ +environment +ep +eproducts +equipment +eric +err +erraddsave +errata +error +error-espanol +error-log +error404 +error_docs +error_log +error_message +error_pages +errordocs +errorpage +errorpages +errors +erros +es +es_ES +esale +esales +eshop +esp +espanol +established +estilos +estore +esupport +et +etc +ethics +eu +europe +evb +event +events +evil +evt +ewebeditor +ews +ex +example +examples +excalibur +excel +exception_log +exch +exchange +exchweb +exclude +exe +exec +executable +executables +exiar +exit +expert +experts +exploits +explore +explorer +export +exports +ext +ext2 +extension +extensions +extern +external +externalid +externalisation +externalization +extra +extranet +extras +ezshopper +ezsqliteadmin +f +fa +fabric +face +facebook +faces +facts +faculty +fail +failed +failure +fake +family +fancybox +faq +faqs +fashion +favicon.ico +favorite +favorites +fb +fbook +fc +fcategory +fcgi +fcgi-bin +fck +fckeditor +fdcp +feature +featured +features +federation/clients +fedora +feed +feedback +feedback_js +feeds +felix +fetch +fi +field +fields +file +fileadmin +filelist +filemanager +files +fileupload +fileuploads +filez +film +films +filter +finance +financial +find +finger +finishorder +firefox +firewall +firewalls +firmconnect +firms +firmware +first +fixed +fk +fla +flag +flags +flash +flash-intro +flex +flights +flow +flowplayer +flows +flv +flvideo +flyspray +fm +fn +focus +foia +folder +folder_new +folders +font +fonts +foo +food +football +footer +footers +for +forcedownload +forget +forgot +forgot-password +forgot_password +forgotpassword +forgotten +form +format +formatting +formhandler +formmail +forms +forms1 +formsend +formslogin +formupdate +foro +foros +forrest +fortune +forum +forum1 +forum2 +forum_old +forumcp +forumdata +forumdisplay +forums +forward +foto +fotos +foundation +fpdb +fpdf +fr +fr_FR +frame +frames +frameset +framework +francais +france +free +freebsd +freeware +french +friend +friends +frm_attach +frob +from +front +frontend +frontpage +fs +fsck +ftp +fuck +fuckoff +fuckyou +full +fun +func +funcs +function +function.require +functionlude +functions +fund +funding +funds +furl +fusion +future +fw +fwlink +fx +g +ga +gadget +gadgets +gaestebuch +galeria +galerie +galleries +gallery +gallery2 +game +gamercard +games +gaming +ganglia +garbage +gate +gateway +gb +gbook +gccallback +gdform +geeklog +gen +general +generateditems +generator +generic +gentoo +geo +geoip +german +geronimo +gest +gestion +gestione +get +get-file +getFile.cfm +get_file +getaccess +getconfig +getfile +getjobid +getout +gettxt +gfen +gfx +gg +gid +gif +gifs +gift +giftcert +giftoptions +giftreg_manage +giftregs +gifts +git +gitweb +gl +glance_config +glimpse +global +global.asa +global.asax +globalnav +globals +globes_admin +glossary +go +goaway +gold +golf +gone +goods +goods_script +google +google_sitemap +googlebot +goto +government +gp +gpapp +gpl +gprs +gps +gr +gracias +grafik +grant +granted +grants +graph +graphics +green +greybox +grid +group +group_inlinemod +groupcp +groups +groupware +gs +gsm +guess +guest +guest-tracking +guestbook +guests +gui +guide +guidelines +guides +gump +gv_faq +gv_redeem +gv_send +gwt +gz +h2-console +h +hack +hacker +hacking +hackme +hadoop +handle +handler +handlers +handles +hangfire +happen +happening +hard +hardcore +hardware +harm +harming +harmony +head +header +header_logo +headers +headlines +health +healthz +healthcare +hello +helloworld +help +help_answer +helpdesk +helper +helpers +hi +hidden +hide +high +highslide +hilfe +hipaa +hire +history +hit +hitcount +hits +hold +hole +holiday +holidays +home +homepage +homes +homework +honda +hooks +hop +horde +host +host-manager +hosted +hosting +hosts +hotel +hotels +hour +hourly +house +how +howto +hp +hpwebjetadmin +hr +ht +hta +htbin +htdig +htdoc +htdocs +htm +html +htmlarea +htmls +htpasswd +http +httpd +httpdocs +httpmodules +https +httpuser +hu +human +humans +humans.txt +humor +hyper +i +ia +ibm +icat +ico +icon +icons +icq +id +id_rsa +id_rsa.pub +idbc +idea +ideas +identity +idp +ids +ie +if +iframe +iframes +ig +ignore +ignoring +iis +iisadmin +iisadmpwd +iissamples +im +image +imagefolio +imagegallery +imagenes +imagens +images +images01 +images1 +images2 +images3 +imanager +img +img2 +imgs +immagini +imp +import +important +imports +impressum +in +inbound +inbox +inc +incl +include +includes +incoming +incs +incubator +index +index.htm +index.html +index.php +index1 +index2 +index2.php +index3 +index3.php +index_01 +index_1 +index_2 +index_adm +index_admin +index_files +index_var_de +indexes +industries +industry +indy_admin +inetpub +inetsrv +inf +info +info.php +information +informer +infos +infos.php +infraction +ingres +ingress +ini +init +injection +inline +inlinemod +input +inquire +inquiries +inquiry +insert +install +install-xaff +install-xaom +install-xbench +install-xfcomp +install-xoffers +install-xpconf +install-xrma +install-xsurvey +install.mysql +install.pgsql +installation +installer +installwordpress +instance +instructions +insurance +int +intel +intelligence +inter +interactive +interface +interim +intermediate +intern +internal +international +internet +interview +interviews +intl +intra +intracorp +intranet +intro +introduction +inventory +investors +invitation +invite +invoice +invoices +ioncube +ios/config +ip +ipc +ipdata +iphone +ipn +ipod +ipp +ips +ips_kernel +ir +iraq +irc +irc-macadmin +is +is-bin +isapi +iso +isp +issue +issues +it +it_IT +ita +item +items +iw +j +j2ee +j2me +ja +ja_JP +jacob +jakarta +japan +jar +java +java-plugin +java-sys +javac +javadoc +javascript +javascripts +javax +jboss +jbossas +jbossws +jdbc +jdk +jennifer +jessica +jexr +jhtml +jigsaw +jira +jj +jmx-console +job +jobs +joe +john +join +joinrequests +joomla +journal +journals +jp +jpa +jpegimage +jpg +jquery +jre +jrun +js +js-lib +jsFiles +jscript +jscripts +jsession +jsf +json +json-api +jsp +jsp-examples +jsp2 +jsps +jsr +jsso +jsx +jump +juniper +junk +jvm +jwks.json +k +katalog +kb +kb_results +kboard +kcaptcha +keep +kept +kernel +key +keygen +keys +keyword +keywords +kids +kill +kiosk +known_hosts +ko +ko_KR +kontakt +konto-eroeffnen +kr +kunden +l +la +lab +labels +labs +landing +landingpages +landwind +lang +lang-en +lang-fr +langs +language +languages +laptops +large +lastnews +lastpost +lat_account +lat_driver +lat_getlinking +lat_signin +lat_signout +lat_signup +latest +launch +launcher +launchpage +law +layout +layouts +ldap +leader +leaders +leads +learn +learners +learning +left +legacy +legal +legal-notice +legislation +lenya +lessons +letters +level +lg +lgpl +lib +librairies +libraries +library +libs +lic +licence +license +license_afl +licenses +licensing +life +lifestyle +lightbox +limit +line +link +link-to-us +linkex +linkmachine +links +links_submit +linktous +linux +lisence +lisense +list +list-create +list-edit +list-search +list-users +list-view +list_users +listadmin +listinfo +listing +listings +lists +listusers +listview +live +livechat +livehelp +liveness +livesupport +livezilla +lo +load +loader +loading +loc +local +locale +localstart +location +locations +locator +lock +locked +lockout +lofiversion +log +log4j +log4net +logfile +logfiles +logfileview +logger +logging +login +login-redirect +login-us +login1 +login_db +login_sendpass +login_check +loginadmin +loginflat +logins +logo +logo_sysadmin +logoff +logon +logos +logout +logs +logview +loja +lost +lost+found +lostpassword +love +low +lp +lpt1 +lpt2 +ls +lst +lt +lucene +lunch_menu +lv +m +m1 +m6 +m6_edit_item +m6_invoice +m6_pay +m7 +m_images +ma +mac +macadmin +macromedia +maestro +magazin +magazine +magazines +magento +magic +magnifier_xml +magpierss +mail +mail_link +mail_password +mailbox +mailer +mailing +mailinglist +mailings +maillist +mailman +mails +mailtemplates +mailto +main +main.mdb +mainfile +maint +maintainers +mainten +maintenance +makefile +mal +mall +mambo +mambots +man +mana +manage +managed +management +manager +manifest +manifest.mf +mantis +manual +manuallogin +manuals +manufacturer +manufacturers +map +maps +mark +market +marketing +marketplace +markets +master +master.passwd +masterpages +masters +masthead +match +matches +math +matrix +matt +maven +mb +mbo +mbox +mc +mchat +mcp +mdb +mdb-database +me +media +media_center +mediakit +mediaplayer +medias +mediawiki +medium +meetings +mein-konto +mein-merkzettel +mem +member +member2 +memberlist +members +membership +membre +membres +memcached +memcp +memlogin +memo +memory +menu +menus +merchant +merchant2 +message +messageboard +messages +messaging +meta +meta-inf +meta_login +meta_tags +metabase +metadata +metaframe +metatags +mfa/challenge +mgr +michael +microsoft +midi +migrate +migrated +migration +military +min +mina +mine +mini +mini_cal +minicart +minimum +mint +minute +mirror +mirrors +misc +miscellaneous +missing +mission +mix +mk +mkstats +ml +mlist +mm +mm5 +mms +mmwip +mo +mobi +mobil +mobile +mock +mod +modcp +mode +model +models +modelsearch +modem +moderation +moderator +modify +modlogan +mods +module +modules +modulos +mojo +money +monitor +monitoring +monitors +month +monthly +moodle +more +motd +moto-news +moto1 +mount +move +moved +movie +movies +moving.page +mozilla +mp +mp3 +mp3s +mqseries +mrtg +ms +ms-sql +msadc +msadm +msft +msg +msie +msn +msoffice +mspace +msql +mssql +mstpre +mt +mt-bin +mt-search +mt-static +mta +multi +multimedia +music +mx +my +my-account +my-components +my-gift-registry +my-sql +my-wishlist +myaccount +myadmin +myblog +mycalendar +mycgi +myfaces +myhomework +myicons +mypage +myphpnuke +myspace +mysql +mysqld +mysqldumper +mysqlmanager +mytag_js +mytp +n +nachrichten +nagios +name +names +national +nav +navSiteAdmin +navigation +navsiteadmin +nc +ne +net +netbsd +netcat +nethome +nets +netscape +netstat +netstorage +network +networking +new +newadmin +newattachment +newposts +newreply +news +news_insert +newsadmin +newsite +newsletter +newsletters +newsline +newsroom +newssys +newstarter +newthread +newticket +next +nextcloud +nfs +nice +nieuws +ningbar +nk9 +nl +no +no-index +nobody +node +noindex +nokia +none +note +notes +notfound +noticias +notification +notifications +notified +notifier +notify +novell +nr +ns +nsf +ntopic +nude +nuke +nul +null +number +nxfeed +nz +o +oa_servlets +oauth +oauth/authorize +oauth/device/code +oauth/revoke +oauth/token +oauth/token/info +obdc +obj +object +objects +obsolete +obsoleted +odbc +ode +oem +of +ofbiz +off +offer +offerdetail +offers +office +offices +offline +ogl +oidc/register +old +old-site +old_site +oldie +oldsite +omited +on +onbound +online +onsite +op +open +open-account +openads +openapp +openbsd +opencart +opendir +openejb +openfile +openjpa +opensearch +opensource +openvpnadmin +openx +opera +operations +operator +opinion +opinions +opml +oprocmgr-status +opros +opt +option +options +ora +oracle +oradata +order +order-detail +order-follow +order-history +order-opc +order-return +order-slip +order_history +order_status +orderdownloads +ordered +orderfinished +orders +orderstatus +ordertotal +org +organisation +organisations +organizations +orig +original +os +osc +oscommerce +other +others +otrs +out +outcome +outgoing +outils +outline +output +outreach +oversikt +overview +owa +owl +owncloud +owners +ows +ows-bin +p +p2p +p7pm +pa +pack +package +package.json +packaged +packages +packaging +packed +pad +page +page-not-found +page1 +page2 +page_1 +page_2 +page_sample1 +pageid +pagenotfound +pager +pages +pagination +paid +paiement +pam +panel +panelc +paper +papers +parse +par +part +partenaires +partner +partners +parts +party +pass +passes +passive +passport +passw +passwd +passwor +password +passwords +past +patch +patches +patents +path +pay +payment +payment_gateway +payments +paypal +paypal_notify +paypalcancel +paypalok +pbc_download +pbcs +pbcsad +pbcsi +pbo +pc +pci +pconf +pd +pda +pdf +pdf-invoice +pdf-order-slip +pdfs +pear +peek +peel +pem +pending +people +perf +performance +perl +perl5 +person +personal +personals +pfx +pg +pgadmin +pgp +pgsql +phf +phishing +phone +phones +phorum +photo +photodetails +photogallery +photography +photos +php +php-bin +php-cgi +php.ini +php168 +php3 +phpBB +phpBB2 +phpBB3 +phpEventCalendar +phpMyAdmin +phpMyAdmin2 +phpSQLiteAdmin +php_uploads +phpadmin +phpads +phpadsnew +phpbb +phpbb2 +phpbb3 +phpinfo +phpinfo.php +phpinfos.php +phpldapadmin +phplist +phplive +phpmailer +phpmanual +phpmv2 +phpmyadmin +phpmyadmin2 +phpnuke +phppgadmin +phps +phpsitemapng +phpthumb +phtml +pic +pics +picts +picture +picture_library +picturecomment +pictures +pii +ping +pingback +pipe +pipermail +piranha +pivot +piwik +pix +pixel +pixelpost +pkg +pkginfo +pkgs +pl +placeorder +places +plain +plate +platz_login +play +player +player.swf +players +playing +playlist +please +plenty +plesk-stat +pls +plugin +plugins +plus +plx +pm +pma +pmwiki +pnadodb +png +pntables +pntemp +poc +podcast +podcasting +podcasts +poi +poker +pol +policies +policy +politics +poll +pollbooth +polls +pollvote +pool +pop +pop3 +popular +populate +popup +popup_content +popup_cvv +popup_image +popup_info +popup_magnifier +popup_poptions +popups +porn +port +portal +portals +portfolio +portfoliofiles +portlet +portlets +ports +pos +post +post_thanks +postcard +postcards +posted +postgres +postgresql +posthistory +postinfo +posting +postings +postnuke +postpaid +postreview +posts +posttocar +power +power_user +pp +ppc +ppcredir +ppt +pr +pr0n +pre +preferences +preload +premiere +premium +prepaid +prepare +presentation +presentations +preserve +press +press_releases +presse +pressreleases +pressroom +prev +preview +previews +previous +price +pricelist +prices +pricing +print +print_order +printable +printarticle +printenv +printer +printers +printmail +printpdf +printthread +printview +priv +privacy +privacy-policy +privacy_policy +privacypolicy +privat +private +private2 +privateassets +privatemsg +prive +privmsg +privs +prn +pro +probe +problems +proc +procedures +process +process_order +processform +procure +procurement +prod +prodconf +prodimages +producers +product +product-sort +product_compare +product_image +product_images +product_info +product_reviews +product_thumb +productdetails +productimage +production +production.log +productquestion +products +products_new +productspecs +productupdates +produkte +professor +profil +profile +profiles +profiling +proftpd +prog +program +programming +programs +progress +project +project-admins +projects +promo +promos +promoted +promotion +promotions +proof +proofs +prop +prop-base +properties +property +props +prot +protect +protected +protection +proto +provider +providers +proxies +proxy +prueba +pruebas +prv +prv_download +ps +psd +psp +psql +pt +pt_BR +ptopic +pub +public +public_ftp +public_html +publication +publications +publicidad +publish +published +publisher +pubs +pull +purchase +purchases +purchasing +pureadmin +push +put +putty +putty.reg +pw +pw_ajax +pw_api +pw_app +pwd +py +python +q +q1 +q2 +q3 +q4 +qa +qinetiq +qotd +qpid +qsc +quarterly +queries +query +question +questions +queue +queues +quick +quickstart +quiz +quote +quotes +r +r57 +radcontrols +radio +radmind +radmind-1 +rail +rails +ramon +random +rank +ranks +rar +rarticles +rate +ratecomment +rateit +ratepic +rates +ratethread +rating +rating0 +ratings +rb +rcLogin +rcp +rcs +rct +rd +rdf +read +reader +readfile +readfolder +readiness +readme +real +realaudio +realestate +receipt +receipts +receive +received +recent +recharge +recherche +recipes +recommend +recommends +record +recorded +recorder +records +recoverpassword +recovery +recycle +recycled +red +reddit +redesign +redir +redirect +redirector +redirects +redis +ref +refer +reference +references +referer +referral +referrers +refuse +refused +reg +reginternal +region +regional +register +registered +registration +registrations +registro +reklama +related +release +releases +religion +remind +remind_password +reminder +remote +remotetracer +removal +removals +remove +removed +render +render?url=https://www.google.com +render/https://www.google.com +rendered +reorder +rep +repl +replica +replicas +replicate +replicated +replication +replicator +reply +repo +report +reporting +reports +reports list +repository +repost +reprints +reputation +req +reqs +request +requested +requests +require +requisite +requisition +requisitions +res +research +reseller +resellers +reservation +reservations +resin +resin-admin +resize +resolution +resolve +resolved +resource +resources +respond +responder +rest +restaurants +restore +restored +restricted +result +results +resume +resumes +retail +returns +reusablecontent +reverse +reversed +revert +reverted +review +reviews +rfid +rhtml +right +ro +roadmap +roam +roaming +robot +robotics +robots +robots.txt +role +roles +roller +room +root +rorentity +rorindex +rortopics +route +router +routes +rpc +rs +rsa +rss +rss10 +rss2 +rss20 +rssarticle +rssfeed +rsync +rte +rtf +ru +rub +ruby +rule +rules +run +rus +rwservlet +s +s1 +sa +safe +safety +sale +sales +salesforce +sam +samba +saml +sample +samples +san +sandbox +sav +save +saved +saves +sb +sbin +sc +scan +scanned +scans +scgi-bin +sched +schedule +scheduled +scheduling +schema +schemas +schemes +school +schools +science +scope +scr +scratc +screen +screens +screenshot +screenshots +script +scripte +scriptlet +scriptlets +scriptlibrary +scriptresource +scripts +sd +sdk +se +search +search-results +search_result +search_results +searchnx +searchresults +searchurl +sec +seccode +second +secondary +secret +secrets +section +sections +secure +secure_login +secureauth +secured +secureform +secureprocess +securimage +security +security.txt +seed +select +selectaddress +selected +selection +self +sell +sem +seminar +seminars +send +send-password +send-email +send_order +send_pwd +send_to_friend +sendform +sendfriend +sendmail +sendmessage +sendpm +sendthread +sendto +sendtofriend +sensepost +sensor +sent +seo +serial +serv +serve +server +server-info +server-status +server_admin_small +server_stats +servers +service +services +servicios +servlet +servlets +servlets-examples +servlet/GetProductVersion +sess +session +sessionid +sessions +set +setcurrency +setlocale +setting +settings +setup +setvatsetting +sex +sf +sg +sh +shadow +shaken +share +shared +shares +shell +shim +ship +shipped +shipping +shipping_help +shippinginfo +shipquote +shit +shockwave +shop +shop_closed +shop_content +shopadmin +shopper +shopping +shopping-lists +shopping_cart +shoppingcart +shops +shops_buyaction +shopstat +shopsys +shoutbox +show +show_post +show_thread +showallsites +showcase +showcat +showcode +showcode.asp +showenv +showgroups +showjobs +showkey +showlogin +showmap +showmsg +showpost +showroom +shows +showthread +shtml +si +sid +sign +sign-up +sign_up +signature +signaturepics +signed +signer +signin +signing +signoff +signon +signout +signup +simple +simpleLogin +simplelogin +single +single_pages +sink +site +site-map +site_map +siteadmin +sitebuilder +sitecore +sitefiles +siteimages +sitemap +sitemap.gz +sitemap.xml +sitemaps +sitemgr +sites +sitesearch +sk +skel +skin +skin1 +skin1_original +skins +skip +sl +slabel +slashdot +slide_show +slides +slideshow +slimstat +sling +sm +small +smarty +smb +smblogin +smf +smile +smiles +smileys +smilies +sms +smtp +snippets +snoop +snp +so +soap +soapdocs +soaprouter +social +soft +software +sohoadmin +solaris +sold +solution +solutions +solve +solved +somebody +songs +sony +soporte +sort +sound +sounds +source +sources +sox +sp +space +spacer +spain +spam +spamlog.log +spanish +spaw +speakers +spec +special +special_offers +specials +specified +specs +speedtest +spellchecker +sphider +spider +spiders +splash +sponsor +sponsors +spool +sport +sports +spotlight +spryassets +spyware +sq +sql +sql-admin +sqladmin +sqlmanager +sqlnet +sqlweb +squelettes +squelettes-dist +squirrel +squirrelmail +sr +src +srchad +srv +ss +ss_vms_admin_sm +ssfm +ssh +sshadmin +ssi +ssl +ssl_check +sslvpn +ssn +sso +ssp_director +st +stackdump +staff +staff_directory +stage +staging +stale +standalone +standard +standards +star +staradmin +start +starter +startpage +stat +state +statement +statements +states +static +staticpages +statistic +statistics +statistik +stats +statshistory +status +statusicon +stock +stoneedge +stop +storage +store +store_closed +stored +stores +stories +story +stow +strategy +stream +string +strut +struts +student +students +studio +stuff +style +style_avatars +style_captcha +style_css +style_emoticons +style_images +styles +stylesheet +stylesheets +sub +sub-login +subdomains +subject +submenus +submissions +submit +submitter +subs +subscribe +subscribed +subscriber +subscribers +subscription +subscriptions +success +suche +sucontact +suffix +suggest +suggest-listing +suite +suites +summary +sun +sunos +super +supplier +support +support_login +supported +surf +survey +surveys +suspended.page +suupgrade +sv +svc +svn +svn-base +svr +sw +swajax1 +swf +swfobject.js +swfs +switch +sws +synapse +sync +synced +syndication +sys +sys-admin +sysadmin +sysadmin2 +sysadmins +sysmanager +system +system-admin +system-administration +system_admin +system_administration +system_web +systems +sysuser +szukaj +t +t1 +t3lib +table +tabs +tag +tagline +tags +tail +talk +talks +tape +tapes +tapestry +tar +tar.bz2 +tar.gz +target +tartarus +task +tasks +taxonomy +tb +tcl +te +team +tech +technical +technology +tel +tele +television +tell_a_friend +tell_friend +tellafriend +temaoversikt +temp +templ +template +templates +templates_c +templets +temporal +temporary +temps +term +terminal +terms +terms-of-use +terms_privacy +termsofuse +terrorism +test +test-cgi +test-env +test1 +test123 +test1234 +test2 +test3 +test_db +teste +testimonial +testimonials +testing +tests +testsite +texis +text +text-base +textobject +textpattern +texts +tgp +tgz +th +thank-you +thanks +thankyou +the +theme +themes +thickbox +third-party +this +thread +threadrate +threads +threadtag +thumb +thumbnail +thumbnails +thumbs +thumbs.db +ticket +ticket_list +ticket_new +tickets +tienda +tiki +tiles +time +timeline +tiny_mce +tinymce +tip +tips +title +titles +tl +tls +tmp +tmpl +tmps +tn +tncms +to +toc +today +todel +todo +toggle +token +token/introspect +token/revoke +tomcat +tomcat-docs +tool +toolbar +toolkit +tools +top +top1 +topic +topicadmin +topics +toplist +toplists +topnav +topsites +torrent +torrents +tos +tour +tours +toys +tp +tpl +tpv +tr +trac +trace +traceroute +traces +track +trackback +trackclick +tracker +trackers +tracking +trackpackage +tracks +trade +trademarks +traffic +trailer +trailers +training +trans +transaction +transactions +transfer +transformations +translate +translations +transparent +transport +trap +trash +travel +treasury +tree +trees +trends +trial +true +trunk +tslib +tsweb +tt +tuning +turbine +tuscany +tutorial +tutorials +tv +tw +twatch +tweak +twiki +twitter +tx +txt +type +typo3 +typo3_src +typo3conf +typo3temp +typolight +u +ua +ubb +uc +uc_client +uc_server +ucenter +ucp +uddi +uds +ui +ui_config.properties +uk +umbraco +umbraco_client +umts +uncategorized +under_update +uninstall +union +unix +unlock +unpaid +unreg +unregister +unsafe +unsubscribe +unused +up +upcoming +upd +update +updated +updateinstaller +updater +updates +updates-topic +upgrade +upgrade.readme +upload +upload_file +upload_files +uploaded +uploadedfiles +uploadedimages +uploader +uploadfile +uploadfiles +uploads +ur-admin +urchin +url +urlrewriter +urls +us +usa +usage +user +user_upload +useradmin +userapp +usercontrols +usercp +usercp2 +userdir +userfiles +userimages +userinfo +userlist +userlog +userlogin +usermanager +username +usernames +usernote +users +usr +usrmgr +usrs +ustats +usuario +usuarios +util +utilities +utility +utility_login +utils +v +v1 +v1/client_configs +v2 +v2/client_configs +v3 +v4 +vadmind +validation +validatior +vap +var +vault +vb +vbmodcp +vbs +vbscript +vbscripts +vbseo +vbseocp +vcss +vdsbackup +vector +vehicle +vehiclemakeoffer +vehiclequote +vehicletestdrive +velocity +venda +vendor +vendors +ver +ver1 +ver2 +version +version.json +verwaltung +vfs +vi +viagra +vid +video +videos +view +view-source +view_cart +viewcart +viewcvs +viewer +viewfile +viewforum +viewlogin +viewonline +views +viewsource +viewsvn +viewthread +viewtopic +viewvc +vip +virtual +virus +visit +visitor +visitormessage +vista +vm +vmailadmin +void +voip +vol +volunteer +vote +voted +voter +votes +vp +vpg +vpn +vs +vsadmin +vuln +vvc_display +w +w3 +w3c +w3svc +wa +wallpaper +wallpapers +wap +war +warenkorb +warez +warn +way-board +wbboard +wbsadmin +wc +wcs +wdav +weather +web +web-beans +web-console +web-inf +web.config +web.xml +web1 +web2 +web3 +web_users +webaccess +webadm +webadmin +webagent +webalizer +webapp +webapps +webb +webbbs +webboard +webcalendar +webcam +webcart +webcast +webcasts +webcgi +webcharts +webchat +webctrl_client +webdata +webdav +webdb +webdist +webedit +webfm_send +webhits +webim +webinar +weblog +weblogic +weblogs +webmail +webmaster +webmasters +webpack.manifest.json +webpages +webplus +webresource +websearch +webservice +webservices +webshop +website +websites +websphere +websql +webstat +webstats +websvn +webtrends +webusers +webvpn +webwork +wedding +week +weekly +welcome +wellcome +werbung +wget +what +whatever +whatnot +whatsnew +white +whitepaper +whitepapers +who +whois +wholesale +whosonline +why +wicket +wide_search +widget +widgets +wifi +wii +wiki +will +win +win32 +windows +wink +winnt +wireless +wishlist +with +wizmysqladmin +wml +wolthuis +word +wordpress +work +workarea +workflowtasks +working +workplace +works +workshop +workshops +world +worldpayreturn +worldwide +wow +wp +wp-admin +wp-app +wp-atom +wp-blog-header +wp-comments +wp-commentsrss2 +wp-config +wp-content +wp-cron +wp-dbmanager +wp-feed +wp-icludes +wp-images +wp-includes +wp-links-opml +wp-load +wp-login +wp-mail +wp-pass +wp-rdf +wp-register +wp-rss +wp-rss2 +wp-settings +wp-signup +wp-syntax +wp-trackback +wpau-backup +wpcallback +wpcontent +wps +wrap +writing +ws +ws-client +ws_ftp +wsdl +wss +wstat +wstats +wt +wtai +wusage +wwhelp +www +www-sql +www1 +www2 +www3 +wwwboard +wwwjoin +wwwlog +wwwroot +wwwstat +wwwstats +wwwthreads +wwwuser +wysiwyg +wysiwygpro +x +xajax +xajax_js +xalan +xbox +xcache +xcart +xd_receiver +xdb +xerces +xfer +xhtml +xlogin +xls +xmas +xml +xml-rpc +xmlfiles +xmlimporter +xmlrpc +xmlrpc.php +xn +xsl +xslt +xsql +xx +xxx +xyz +xyzzy +y +yahoo +year +yearly +yesterday +yml +yonetici +yonetim +youtube +yshop +yt +yui +z +zap +zboard +zencart +zend +zero +zeus +zh +zh-cn +zh-tw +zh_CN +zh_TW +zimbra +zip +zipfiles +zips +zoeken +zoom +zope +zorum +zt +~adm +~admin +~administrator +~amanda +~apache +~bin +~ftp +~guest +~http +~httpd +~log +~logs +~lp +~mail +~nobody +~operator +~root +~sys +~sysadm +~sysadmin +~test +~tmp +~user +~webmaster +~www +dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB +dns-query?name=google.com&type=A \ No newline at end of file diff --git a/myapp/secret.py b/myapp/secret.py new file mode 100644 index 0000000..d88b5ec --- /dev/null +++ b/myapp/secret.py @@ -0,0 +1,444 @@ +import re + +# Define your regex patterns for secrets + +_regex = { + 'google_api': r'AIza[0-9A-Za-z-_]{35}', + 'google_oauth': r'ya29\.[0-9A-Za-z\-_]+', + 'google_api_key': r"(?i)AIza[0-9A-Za-z\\-_]{35}", + 'google_recaptcha_key': r"(?i)(\"|\')6[0-9a-zA-Z-_]{39}(\"|\')", + 'generic_api_key_inurl': r'https?://[^\s]+[?&](key|api_key|apikey|apiKey|ApiKey|access_token|auth|authentication|token|secret|client_id|client_secret|API_KEY|private_key)=[a-zA-Z0-9_\-]+', + 'generic_api_key_incode': r'\b(key|api_key|apikey|apiKey|ApiKey|access_token|auth|authentication|token|secret|client_id|client_secret|API_KEY|private_key)\s*=\s*["\']([a-zA-Z0-9_\-]+)["\']\s*;?', + 'firebase' : r'AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}', + 'firebase_api_key_pattern' : r'AIza[0-9A-Za-z-_]{35}', + 'firebase_database_url_pattern' : r'https://[a-z0-9-]+\.firebaseio\.com', + 'Firebase API Key': r"(?i)firebase_api_key[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + + 'recaptcha_secret_key_pattern' : r'(?i)(?:=|\'|")?(6L[0-9A-Za-z]{39})(?:=|\'|")?', + + + #'openai_api_key_pattern' : r'(?i)sk-[a-zA-Z0-9]{48}', + 'openai_api_key': r'sk-[a-zA-Z0-9]{48}', + + + 'AWS Access Key ID': r'\bAKIA[0-9A-Z]{16}\b', + 'AWS Access Key ID': r"(?i)aws_access_key_id[:=]\s*['\"]?([A-Z0-9]{20})['\"]?", + 'AWS Secret Access Key': r"(?i)aws_secret_access_key[:=]\s*['\"]?([A-Za-z0-9/+=]{40})['\"]?", + 'aws_access_key_id': r'AWS_ACCESS_KEY_ID=([A-Z0-9]{20})', + 'aws_secret_access_key': r'AWS_SECRET_ACCESS_KEY=([A-Za-z0-9/+=]{40})', + 'aws_access_key_id': r'aws_access_key_id\s*=\s*([A-Za-z0-9]{20})', + 'aws_secret_access_key': r'aws_secret_access_key\s*=\s*([A-Za-z0-9/+=]{40})', + + + 'AWS_Access_Key': r'AKIA[0-9A-Z]{16}', + 'AWS_Secret_Key': r'(?i)aws_secret_access_key[\s:=\'"]*[A-Za-z0-9\/+=]{40}', + 'amazon_aws_access_key_id' : r'A[SK]IA[0-9A-Z]{16}', + 'amazon_mws_auth_toke' : r'amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}', + 'amazon_aws_url' : r's3\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\.s3\.amazonaws.com', + 'azure_appinsights_api_key': r'x-api-key:\s*([a-zA-Z0-9-_]{32})', + 'azure_appinsights_app_id': r'https://api\.applicationinsights\.io/v1/apps/([a-zA-Z0-9-]{36})', + + + 'facebook_access_token' : r'EAACEdEose0cBA[0-9A-Za-z]+', + 'authorization_bearer' : r'bearer [a-zA-Z0-9_\-\.=:_\+\/]{5,100}', + #'authorization_api' : r'api[key|_key|\s+]+[a-zA-Z0-9_\-]{5,100}', + 'mailgun_api_key' : r'key-[0-9a-zA-Z]{32}', + + 'twilio_api_key_pattern' : r'(?:=|["\'])?(SK[0-9a-fA-F]{32})(?:["\']|;)?', + 'twilio_account_sid_pattern' : r'(?:=|["\'])?(AC[0-9a-fA-F]{32})(?:["\']|;)?', + 'twilio_app_sid_pattern' : r'(?:=|["\'])?(AP[0-9a-fA-F]{32})(?:["\']|;)?', + 'Twilio Account SID': r"(?i)twilio_account_sid[:=]\s*['\"]?([A-Za-z0-9]{34})['\"]?", + 'Twilio Auth Token': r"(?i)twilio_auth_token[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + + + 'paypal_braintree_access_token' : r'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}', + 'square_oauth_secret' : r'sq0csp-[ 0-9A-Za-z\-_]{43}|sq0[a-z]{3}-[0-9A-Za-z\-_]{22,43}', + 'square_access_token' : r'sqOatp-[0-9A-Za-z\-_]{22}|EAAA[a-zA-Z0-9]{60}', + 'square_oauth_token_pattern' : r'sandbox-sq0[a-z0-9-]{22,44}', + + 'stripe_standard_api' : r'sk_live_[0-9a-zA-Z]{24}', + 'stripe_restricted_api' : r'rk_live_[0-9a-zA-Z]{24}', + 'picatic_api_key_pattern' : r'(?i)sk_live_[0-9a-z]{32}', + + 'URL API Key': r"https?://[^\s]+[?&](api[-_]?key|key|token|access[-_]?token)=\"[^\"]+\"", + #'General Token': r"(?i)(token|access[-_]?token|auth[-_]?token|client[-_]?secret|secret[-_]?key|private[-_]?key)[:=]\s*['\"]?([a-zA-Z0-9_\-]+)['\"]?", + + # GitHub keys + 'GitHub Token': r"gh[pous]_[A-Za-z0-9_]{36,40}", + 'GitHub Client ID': r"(?i)github_client_id[:=]\s*['\"]?([a-zA-Z0-9]{20})['\"]?", + 'GitHub Client Secret': r"(?i)github_client_secret[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + 'github_access_token' : r'[a-zA-Z0-9_-]*:[a-zA-Z0-9_\-]+@github\.com*', + 'gitlab_access_token_pattern' : r'glpat-[0-9a-zA-Z\-]{20}', + 'github_oauth_token_pattern' : r'ghp_[0-9a-zA-Z]{36}', + 'github_private_ssh_key': r'-----BEGIN OPENSSH PRIVATE KEY-----\s([A-Za-z0-9+/=]+)\s-----END OPENSSH PRIVATE KEY-----', + 'github_client_id': r'client_id=([a-zA-Z0-9]{20})', + 'github_client_secret': r'client_secret=([a-zA-Z0-9]{40})', + + + # General API Key patterns + 'Generic API Key': r"(?i)(api[-_]?key|access[-_]?key|secret[-_]?key|client[-_]?id|client[-_]?secret)[:=]\s*['\"]?([a-zA-Z0-9_\-]{16,64})['\"]?", + + # OAuth & Access Tokens + 'OAuth Access Token': r"(?i)access_token[:=]\s*['\"]?([a-zA-Z0-9\-._~+/]+=*)['\"]?", + 'Bearer Token': r"(?i)bearer\s+[a-zA-Z0-9\-._~+/]+=*", + + # Social Media & Cloud Platform Tokens + 'Facebook Access Token': r"(?i)facebook_access_token[:=]\s*['\"]?([a-zA-Z0-9]{64})['\"]?", + 'Instagram Access Token': r"(?i)instagram_access_token[:=]\s*['\"]?([a-zA-Z0-9]{64})['\"]?", + 'Twitter API Key': r"(?i)twitter_api_key[:=]\s*['\"]?([a-zA-Z0-9]{25,35})['\"]?", + 'Twitter API Secret': r"(?i)twitter_api_secret[:=]\s*['\"]?([a-zA-Z0-9]{35,45})['\"]?", + 'foursquare_api_key_pattern' : r'(?i)FSQ[a-zA-Z0-9]{32}', + + + # Payment Platform Credentials + 'Stripe Secret Key': r"(?i)sk_live_[0-9a-zA-Z]{24}", + #'Stripe Publishable Key': r"(?i)pk_live_[0-9a-zA-Z]{24}", + 'PayPal Client ID': r"(?i)paypal_client_id[:=]\s*['\"]?([a-zA-Z0-9]{16,64})['\"]?", + 'PayPal Secret': r"(?i)paypal_secret[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'shopify_access_token_pattern' : r'shpat_[0-9a-fA-F]{32}', + 'sendgrid_api_key_pattern' : r'SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}', + #'twitch_api_key_pattern' : r'[a-z0-9]{30}', + 'teams_webhook_pattern' : r'https://[a-zA-Z0-9]+\.webhook\.office\.com/webhookb2/[A-Za-z0-9-]+@[A-Za-z0-9-]+/IncomingWebhook/[A-Za-z0-9-]+/[A-Za-z0-9-]+', + 'mailchimp_api_key_pattern' : r'(?i)[a-z0-9]{32}-us[0-9]{1,2}', + + + + # SaaS Service Tokens and Keys + 'SendGrid API Key': r"(?i)sendgrid_api_key[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + 'Slack API Token': r"(?i)xox[baprs]-[0-9a-zA-Z]{10,48}", + 'Slack Webhook URL': r"https?://hooks.slack.com/services/[A-Za-z0-9/_]+", + 'Microsoft Azure SAS': r"(?i)SharedAccessSignature\s*sig=[a-zA-Z0-9%+/]+", + + 'Algolia API Key': r"(?i)algolia_api_key[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'api_key_pattern1' : r"x-algolia-api-key:\s*([a-zA-Z0-9]+)", + 'api_key_pattern2' : r"x-algolia-api-key:\s*([a-zA-Z0-9]{32})", + 'api_key_pattern3' : r"x-algolia-api-key:\s*([a-zA-Z0-9]{32})", + 'app_id_pattern' : r"x-algolia-application-id:\s*([a-zA-Z0-9]+)", + 'app_id_pattern' : r"x-algolia-application-id:\s*([a-zA-Z0-9]{8})", + + 'abtasty_api_key': r'x-api-key:\s*[a-zA-Z0-9]{32}', + 'custom_token': r'"token":"([a-zA-Z0-9_-]{43})"', + 'api_key': r'\?key=([a-zA-Z0-9]{39})', + 'API key': r'[A-Za-z0-9]{32}:[A-Za-z0-9]{32}', + 'API_key': r'API_Key:\s*([a-zA-Z0-9-_]{32})', + 'x_api_key': r'x-api-key:\s*([a-zA-Z0-9]{32})', + 'private_key_id': r'"private_key_id":\s*"([a-zA-Z0-9_-]+)"', + 'private_key': r'"private_key":\s*"([^"]+)"', + 'access_token': r'accounts\?access_token=([a-zA-Z0-9_-]+)', + 'secret_key': r'Secret_Key:\s*([a-zA-Z0-9-_]{32})', + 'access_token': r'access_token=([a-zA-Z0-9]{32,})', + 'api_key': r'api_key=([a-zA-Z0-9]{32})', + 'application_key': r'application_key=([a-zA-Z0-9]{32})', + 'api_token': r'auth_token=([a-zA-Z0-9]{32})', + 'private_token': r'private_token=([a-zA-Z0-9_-]+)', + 'access_key': r'access_key=([a-zA-Z0-9_-]+)', + 'key': r'\?Key=([a-zA-Z0-9_-]+)', + 'client_secret': r'"client_secret":\s?"([a-zA-Z0-9_-]+)"', + 'secret1': r'"secret\s*:\s*"([^"]+)"', + 'consumer_key': r'CONSUMER_KEY\s*:\s*([a-zA-Z0-9_-]+)', + 'consumer_secret': r'CONSUMER_SECRET\s*:\s*([a-zA-Z0-9_-]+)', + 'api_key': r'api_key\s*:\s*\'([a-zA-Z0-9_-]+)\'', + 'key': r'"key"\s*:\s*"([a-zA-Z0-9_-]+)"', + #'base64_encoded': r'\b([A-Za-z0-9+/=]{4})*([A-Za-z0-9+/=]{2,3})\b', + 'mongo_password': r'mongoPassword\s*:\s*"([^"]+)"', + 'authorization_token': r'payload\["Authorization"\]\s*=\s*"token\s([a-f0-9]{40})"', + 'x_api_key': r'\("x-api-key",\s*"([A-Za-z0-9]+)"\)', + 'client_id': r'client_id\s*=\s*([A-Za-z0-9-_]+)', + + + 'twitter_consumer_key': r'TWITTER_CONSUMER_KEY\s*=\s*([a-zA-Z0-9]{35})', + 'twitter_consumer_secret': r'TWITTER_CONSUMER_SECRET\s*=\s*([a-zA-Z0-9]{50})', + 'twitter_access_key': r'TWITTER_ACCESS_KEY\s*=\s*([0-9]{8}-[a-zA-Z0-9]{30})', + 'twitter_access_secret': r'TWITTER_ACCESS_SECRET\s*=\s*([a-zA-Z0-9]{50})', + 'mixpanel_token': r'MIXPANEL_TOKEN\s*=\s*([a-f0-9]{32})', + 'twitter_consumer_key': r'twitter_consumer_key\s*=\s*([a-z0-9]{35})', + 'twitter_consumer_secret': r'twitter_consumer_secret\s*=\s*([a-z0-9]{50})', + 'twitter_access_key': r'twitter_access_key\s*=\s*([0-9]{8}-[a-z0-9]{30})', + 'twitter_access_secret': r'twitter_access_secret\s*=\s*([a-z0-9]{50})', + 'mixpanel_token': r'mixpanel_token\s*=\s*([a-f0-9]{32})', + 'twitter_consumer_key': r'\btwitter_consumer_key\b|\bTWITTER_CONSUMER_KEY\b', + 'twitter_consumer_secret': r'\btwitter_consumer_secret\b|\bTWITTER_CONSUMER_SECRET\b', + 'twitter_access_key': r'\btwitter_access_key\b|\bTWITTER_ACCESS_KEY\b', + 'twitter_access_secret': r'\btwitter_access_secret\b|\bTWITTER_ACCESS_SECRET\b', + 'mixpanel_token': r'\bmixpanel_token\b|\bMIXPANEL_TOKEN\b', + + 'api_secret': r'\b(api_secret|API_SECRET)\b', + 'apidocs': r'\b(apidocs|APIDOCS)\b', + 'apiSecret': r'\b(apiSecret|APISECRET)\b', + 'app_key': r'\b(app_key|APP_KEY)\b', + 'app_secret': r'\b(app_secret|APP_SECRET)\b', + 'appkey': r'\b(appkey|APPKEY)\b', + 'appkeysecret': r'\b(appkeysecret|APPKEYSECRET)\b', + 'application_key': r'\b(application_key|APPLICATION_KEY)\b', + 'appsecret': r'\b(appsecret|APPSECRET)\b', + 'authorizationToken': r'\b(authorizationToken|AUTHORIZATIONTOKEN)\b', + 'bashrc_password': r'\b(bashrc_password|BASHRC_PASSWORD)\b', + 'bucket_password': r'\b(bucket_password|BUCKET_PASSWORD)\b', + 'codecov_token': r'\b(codecov_token|CODECOV_TOKEN)\b', + 'gmail_password': r'\b(gmail_password|GMAIL_PASSWORD)\b', + 'gmail_username': r'\b(gmail_username|GMAIL_USERNAME)\b', + 'herokuapp': r'\b(herokuapp|HEROKUAPP)\b', + 'jekyll_github_token': r'\b(JEKYLL_GITHUB_TOKEN|jekyll_github_token)\b', + 'ldap_password': r'\b(ldap_password|LDAP_PASSWORD)\b', + 'ldap_username': r'\b(ldap_username|LDAP_USERNAME)\b', + 'npmrc_auth': r'\b(npmrc _auth|NPMRC _AUTH)\b', + 'oauth_token': r'\b(oauth_token|OAUTH_TOKEN)\b', + 'slack_api': r'\b(slack_api|SLACK_API)\b', + 'slack_token': r'\b(slack_token|SLACK_TOKEN)\b', + 'sql_password': r'\b(sql_password|SQL_PASSWORD)\b', + 'ssh': r'\b(ssh|SSH)\b', + 'ssh2_auth_password': r'\b(ssh2_auth_password|SSH2_AUTH_PASSWORD)\b', + 'xoxb': r'\b(xoxb|XOXB)\b', + 'xoxp': r'\b(xoxp|XOXP)\b', + 'aws_secret_key': r'\b(aws_secret_key|AWS_SECRET_KEY)\b', + 'bucket_name': r'\b(bucket_name|BUCKET_NAME)\b', + 's3_access_key_id': r'\b(S3_ACCESS_KEY_ID|s3_access_key_id)\b', + 's3_bucket': r'\b(S3_BUCKET|s3_bucket)\b', + 's3_endpoint': r'\b(S3_ENDPOINT|s3_endpoint)\b', + 's3_secret_access_key': r'\b(S3_SECRET_ACCESS_KEY|s3_secret_access_key)\b', + 'wordpress_db_password': r'\b(WORDPRESS_DB_PASSWORD|wordpress_db_password)\b', + 'redis_password': r'\b(redis_password|REDIS_PASSWORD)\b', + 'root_password': r'\b(root_password|ROOT_PASSWORD)\b', + 'homebrew_github_api_token': r'\b(HOMEBREW_GITHUB_API_TOKEN|homebrew_github_api_token)\b', + 'huggingface_token': r'login\("your_huggingface_token_here"\)', + 'api_access_token': r'api\.set_access_token\("your_api_key_here"\)', + 'hf_api_token_env': r'os\.environ\["HF_API_TOKEN"\]\s*=\s*"your_api_key_here"', + 'hf_api_token_assignment': r'HF_API_TOKEN\s*=\s*"your_api_key_here"', + 'hf_api_token_assignment_no_quotes': r'HF_API_TOKEN\s*=\s*your_api_key_here', + 'hf_api_token_getenv': r'token\s*=\s*os\.getenv\("HF_API_TOKEN"\)', + 'use_auth_token': r'use_auth_token\s*=\s*"your_api_key_here"', + + + 'ipstack_api_key': r'\/[a-zA-Z0-9._%+-]+?\?access_key=([a-zA-Z0-9]{32})', + 'appcenter_api_token': r'X-Api-Token:\s*([a-zA-Z0-9-_]{40})', + 'facebook_access_token': r'access_token=([a-zA-Z0-9%_]{100,})', + 'hubspot_api_key': r'hapikey=([a-zA-Z0-9]{32})', + 'infura_api_key': r'infura\.io/v[0-9]+/([a-fA-F0-9]{32})', + 'npm_token': r'NPM_TOKEN="([a-f0-9-]{36})"', + 'youtube_api_key': r'https:\/\/www\.googleapis\.com\/youtube\/v3\/[^\s?&]+(?:\?[^&]+)?&key=AIza[A-Za-z0-9_-]{33}', + 'linkedin_oauth_url': r'https:\/\/www\.linkedin\.com\/oauth\/v2\/accessToken\?code=([a-zA-Z0-9_-]+)&redirect_uri=([^&]+)&client_id=([^&]+)&client_secret=([^&]+)', + 'shodan_api_key': r'https:\/\/api\.shodan\.io\/shodan\/host\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\?key=([a-zA-Z0-9]{32})', + 'bazaarvoice_passkey': r'\?conversationspasskey=([a-zA-Z0-9]{32})', + 'weblate_secret_key': r'"WEBLATE_SECRET_KEY",\s?"([a-zA-Z0-9!#%&=+_-]{50,})"', + 'access_key_secret': r'access-key-secret\s*=\s*<([a-zA-Z0-9_-]+)>', + 'access_key_id': r'access-key-id\s*=\s*<([a-zA-Z0-9_-]+)>', + 'password': r'password\s*[:=]?\s*([A-Za-z0-9!@#$%^&*(),.?":{}|<>_\-+=~;`/\\[\]<>]*?)', + 'token': r'"token"\s*:\s*"([A-Za-z0-9-_]+)"', + 'password': r'"password"\s*:\s*["\']?([^\s]+)["\']?', + 'pwd': r'"pwd"\s*:\s*["\']?([^\s]+)["\']?', + 'pword': r'"pword"\s*:\s*["\']?([^\s]+)["\']?', + 'mail_host': r'MAIL_HOST\s*=\s*["\']?([^\s]+)["\']?', + 'mail_username': r'MAIL_USERNAME\s*=\s*["\']?([^\s]+)["\']?', + 'mail_password': r'MAIL_PASSWORD\s*=\s*["\']?([^\s]+)["\']?', + + 'pusher_app_id': r'PUSHER_APP_ID\s*=\s*["\']?([^\s]+)["\']?', + 'pusher_app_key': r'PUSHER_APP_KEY\s*=\s*["\']?([^\s]+)["\']?', + 'pusher_app_secret': r'PUSHER_APP_SECRET\s*=\s*["\']?([^\s]+)["\']?', + + 'mix_pusher_app_key': r'MIX_PUSHER_APP_KEY\s*=\s*["\']?([^\s]+)["\']?', + + + 'database_host': r'"DATABASE_HOST"\s*:\s*"([A-Za-z0-9.-]+)"', + 'database_user': r'"DATABASE_USER"\s*:\s*"([A-Za-z0-9_]+)"', + 'database_password': r'"DATABASE_PASSWORD"\s*:\s*"([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)"', + 'database_name': r'"DATABASE_NAME"\s*:\s*"([A-Za-z0-9_]+)"', + 'database_host': r'"DB_HOST"\s*:\s*"([A-Za-z0-9.-]+)"', + 'database_user': r'"DB_USER"\s*:\s*"([A-Za-z0-9_]+)"', + 'database_password': r'"DB_PASSWORD"\s*:\s*"([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)"', + 'database_name': r'"DB_NAME"\s*:\s*"([A-Za-z0-9_]+)"', + 'mysql_db_port': r'DATABASE_PORT\s*=\s*(\d{4,5})', + 'mysql_db_port': r'DB_PORT\s*=\s*(\d{4,5})', + 'mysql_connection_string': r'mysql://([a-zA-Z0-9_-]+):([a-zA-Z0-9!@#$%^&*()_+={}:;,.?<>~-]+)@([a-zA-Z0-9.-]+):(\d{4,5})/([a-zA-Z0-9_-]+)', + 'mysql_access_key': r'mysql_access_key\s*=\s*["\']?([a-zA-Z0-9_-]+)["\']?', + 'mysql_secret_key': r'mysql_secret_key\s*=\s*["\']?([a-zA-Z0-9!@#$%^&*()_+={}:;,.?<>~-]+)["\']?', + + + 'oauth_token': r'"OAUTH_TOKEN"\s*:\s*"([A-Za-z0-9-_]{30,100})"', + 'username': r'"username"\s*:\s*"([A-Za-z0-9_]+)"', + 'api_secret': r"api_secret\s*=\s*'([A-Za-z0-9_!@#$%^&*()\-+=<>]+)'", + 'owner_id': r'"owner_id"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'repo_access_token': r'"repo_access_token"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'project_access_token': r'"project_access_token"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'workspace_access_token': r'"workspace_access_token"\s*:\s*"[a-zA-Z0-9_\.\-]*"', + 'bitbucket_repo_access': r'bitbucket\.com/credential/[a-zA-Z0-9_\.\-]*', + 'bitbucket_project': r'bitbucket\.com/project/\{[a-f0-9\-]{36}\}', + 'bitbucket_workspace': r'bitbucket\.com/workspace/\{[a-f0-9\-]{36}\}', + + + 'email': r'\s*([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,})\s*', + 'password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'api_key': r'\s*([A-Za-z0-9-_]{32,64})\s*', + 'access_token': r'\s*([A-Za-z0-9-_]{40})\s*', + 'secret_key': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'ssh_key': r'\s*([A-Za-z0-9+/=]{100,})\s*', + 'api_secret': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'oauth_token': r'\s*([A-Za-z0-9-_]{30,100})\s*', + 'db_password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'jwt_token': r'\s*([A-Za-z0-9-_]{30,500})\s*', + 'private_key': r'\s*([A-Za-z0-9+/=]{200,})\s*', + 'public_key': r'\s*([A-Za-z0-9+/=]{200,})\s*', + 'credit_card': r'\s*(\d{16})\s*', + 'ssn': r'\s*(\d{3}-\d{2}-\d{4})\s*', + 'phone_number': r'\s*(\+?\d{1,2}[-.\s]?\(?\d{1,4}\)?[-.\s]?\d{1,4}[-.\s]?\d{1,4})\s*', + 'bank_account_number': r'\s*(\d{9,18})\s*', + 'card_number': r'\s*(\d{13,19})\s*', + 'license_key': r'\s*([A-Za-z0-9-]+)\s*', + 'user_token': r'\s*([A-Za-z0-9-_]{20,50})\s*', + 'session_id': r'\s*([A-Za-z0-9]{16,64})\s*', + 'api_url': r'\s*(https?://[A-Za-z0-9.-]+(?:\.[A-Za-z]{2,6})?[^"\s]*)\s*', + 'email_address': r'\s*([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,})\s*', + 'security_code': r'\s*(\d{3,4})\s*', + 'auth_token': r'\s*([A-Za-z0-9-_]{40,})\s*', + 'customer_id': r'\s*([A-Za-z0-9]{8,32})\s*', + 'credit_card_expiry': r'\s*(\d{2}/\d{2})\s*', + 'auth_code': r'\s*([A-Za-z0-9]{6,10})\s*', + 'otp_code': r'\s*(\d{6})\s*', + 'email_password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'user_secret': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'private_key_data': r'\s*([A-Za-z0-9+/=]{100,})\s*', + 'public_key_data': r'\s*([A-Za-z0-9+/=]{100,})\s*', + 'server_password': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'login_token': r'\s*([A-Za-z0-9-_]{30,100})\s*', + 'api_auth_key': r'\s*([A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?/~`|\\-]+)\s*', + 'database_url': r'\s*(https?://[A-Za-z0-9.-]+(?:\.[A-Za-z]{2,6})?[^"\s]*)\s*', + 'firebase_key': r'\s*([A-Za-z0-9-_]{40,})\s*', + 'paypal_client_secret': r'\s*([A-Za-z0-9-_]{40,})\s*', + 'google_client_id': r'\s*([A-Za-z0-9-.]{25,})\s*', + 'google_client_secret': r'\s*([A-Za-z0-9-_]{30,})\s*', + 'stripe_api_key': r'\s*([A-Za-z0-9]{24,45})\s*', + 'aws_access_key': r'\s*([A-Za-z0-9]{20})\s*', + 'aws_secret_key': r'\s*([A-Za-z0-9+/=]{40})\s*', + 'discord_token': r'\s*([A-Za-z0-9-_]{24,36})\s*', + 'linkedin_api_key': r'\s*([A-Za-z0-9-_]{30,50})\s*', + 'zoom_api_key': r'\s*([A-Za-z0-9]{32})\s*', + 'paypal_api_key': r'\s*([A-Za-z0-9]{24,45})\s*', + 'azure_subscription_key': r'\s*([A-Za-z0-9]{32})\s*', + 'gitlab_token': r'\s*([A-Za-z0-9]{20,40})\s*', + 'salesforce_api_key': r'\s*([A-Za-z0-9]{32})\s*', + 'telegram_bot_token': r'\s*([A-Za-z0-9]{45})\s*', + 'bitcoin_private_key': r'\s*([A-Za-z0-9]{51})\s*', + 'bitbucket_api_key': r'\s*([A-Za-z0-9-_]{36})\s*', + 'webhook_secret': r'\s*([A-Za-z0-9]{32})\s*', + 'vpn_key': r'\s*([A-Za-z0-9-_]{64})\s*', + 'github_personal_access_token': r'\s*([A-Za-z0-9]{40})\s*', + + + 'asana_access_token': r'Authorization:\s*Bearer\s+([a-zA-Z0-9-_]{32,64})', + 'applicationinsights_api_key': r'x-api-key:\s*([a-zA-Z0-9-_]{32})', + 'bazaarvoice_passkey': r'conversationspasskey=([a-zA-Z0-9]{32})', + 'bitly_access_token': r'access_token=([a-zA-Z0-9]{32})', + 'branch_io_key': r'v1/app/([a-zA-Z0-9]{16})\?branch_secret=', + 'branch_io_secret': r'branch_secret=([a-zA-Z0-9]{32})', + 'buildkite_access_token': r'https://api\.buildkite\.com/v2/access-token', + 'contentful_space_id': r'https://cdn\.contentful\.com/spaces/([a-zA-Z0-9]{36})/entries', + 'contentful_access_token': r'access_token=([a-zA-Z0-9]{32,64})', + 'circleci_api_token': r'circle-token=([a-zA-Z0-9]{32})', + 'cypress_record_key': r'"recordKey":"([a-zA-Z0-9]{32})"', + 'cypress_project_id': r'"projectId":"([a-zA-Z0-9]{32})"', + 'flowdock_api_token': r'"flowdock_api_token"\s*:\s*"([a-f0-9]{32})"', + 'ethereum_private_key': r'ETHEREUM_PRIVATE_KEY\s*[:=]?\s*([a-f0-9]{64})', + + + 'MailChimp API Key': r"(?i)[0-9a-f]{32}-us[0-9]{1,2}", + 'DataDog API Key': r"(?i)datadog_api_key[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'Heroku API Key': r"(?i)heroku_api_key[:=]\s*['\"]?([a-zA-Z0-9]{32})['\"]?", + 'Dropbox API Key': r"(?i)dropbox_api_key[:=]\s*['\"]?([a-zA-Z0-9]{15})['\"]?", + 'discord_bot_token_pattern' : r'[A-Za-z]{24}\.[A-Za-z]{6}\.[A-Za-z0-9_-]{27}', + 'dropbox_access_token_pattern' : r'sl\.[a-zA-Z0-9_-]{15,}', + + + 'CircleCI Token': r"(?i)circleci_token[:=]\s*['\"]?([a-zA-Z0-9]{20,40})['\"]?", + 'Travis CI Token': r"(?i)travis_token[:=]\s*['\"]?([a-zA-Z0-9]{40})['\"]?", + 'GitLab Personal Access Token': r"(?i)glpat-[a-zA-Z0-9-_]{20,40}", + + + 'rsa_private_key' : r'-----BEGIN RSA PRIVATE KEY-----', + 'ssh_dsa_private_key' : r'-----BEGIN DSA PRIVATE KEY-----', + 'ssh_dc_private_key' : r'-----BEGIN EC PRIVATE KEY-----', + 'pgp_private_block' : r'-----BEGIN PGP PRIVATE KEY BLOCK-----', + 'Diffie-Hellman Parameters': r'-----BEGIN DH PARAMETERS-----', + 'PEM Certificate': r'-----BEGIN CERTIFICATE-----', + + #'json_web_token' : r'ey[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$', + 'slack_token' : r"\"api_token\":\"(xox[a-zA-Z]-[a-zA-Z0-9-]+)\"", + 'slack_webhook_pattern' : r'https://hooks.slack.com/services/[A-Za-z0-9]+/[A-Za-z0-9]+/[A-Za-z0-9]+', + 'slack_webhook_url': r'https:\/\/hooks\.slack\.com\/services\/([A-Z0-9]+\/[A-Z0-9]+\/[A-Z0-9]+)', + 'SSH_privKey' : r"([-]+BEGIN [^\s]+ PRIVATE KEY[-]+[\s]*[^-]*[-]+END [^\s]+ PRIVATE KEY[-]+)", + + #'Heroku API KEY' : r'\b(?:(?:heroku_)?[0-9a-fA-F]{32}|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\b', + #'Heroku API KEY' : r'(?i)^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$', + #'heroku_api_key_pattern' : r'(?i)heroku_[0-9a-fA-F]{32}', + + #'possible_Creds' : r"(?i)(" \ + # r"password\s*[`=:\"]+\s*[^\s]+|" \ + # r"password is\s*[`=:\"]*\s*[^\s]+|" \ + # r"pwd\s*[`=:\"]*\s*[^\s]+|" \ + # r"passwd\s*[`=:\"]+\s*[^\s]+)", + #'password_pattern' : r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$', + + # encryption + #'Base64': r'^[A-Za-z0-9+/]+={0,2}$', + + # Variations of "key" in the context of secret keys or tokens + 'URL API Key': r"https?://[^\s]+[?&](api[-_]?key|key|token|access[-_]?token)=\"[^\"]+\"", + # Passwords or other sensitive information in environment variables + 'Env_Var_Creds': r"(?i)(env\.(password|passwd|pwd|key|secret)\s*[:=]\s*[^\s]+)", + # Email + Password combinations (often seen in user data dumps) + # 'Email': r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}(?=\s|$)', + 'Email_Password': r"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}:[^\s]+", + + # Custom patterns: e.g., secret keys + #'Custom_Secret': r"(?i)(secret[-_]?(key)?|access[-_]?(key)?|secret\s*[:=]\s*[^\s]+)", + # Common password patterns + + #'API_Key': r'(?i)(api_key|apikey|key|token|auth_token|access_token)[\s:=\'"]+\w{16,64}', + 'Bearer_Token': r'\bBearer\s+[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\b', + + # Common password hints or formats + 'Username_Password': r'\b(username|user|uname|login)[\s:=\'"]+[^\s]+[\s,;]+(pass|password|pwd|passwd)[\s:=\'"]+[^\s]+\b', + + # JWT Pattern (Common in CTFs for encoded data or tokens) + 'JWT': r'eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+', + + # cradit card + 'Credit Card': r'^(?:4[0-9]{12}(?:[0-9]{3})?)$', + + + 'phone_number' : r'^\+\d{1,3}\s?\d{4,14}$', # Matches international and US formats + #'ipv4_address' : r'\b(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\b', # Matches IPv4 addresses + 'http_true_client_ip' : r'http_true_client_ip:\s*(\b(?:\d{1,3}\.){3}\d{1,3}\b)', # Custom header pattern for True-Client-IP + 'http_x_arr_log_id' : r'http_x_arr_log_id:\s*[a-zA-Z0-9-]+', # Custom header pattern for X-ARR-LOG-ID + + + 'sha512_pattern' : r'\b[a-fA-F0-9]{128}\b', + 'sha512_base64_pattern' : r'\b[A-Za-z0-9+/]{86}==\b', + 'sha512_hex_pattern' : r'\b[a-fA-F0-9]{128}\b', + 'sha512_combined_pattern' : r'\b([a-fA-F0-9]{128}|[A-Za-z0-9+/]{86}==)\b', + + + #'Hex_16': r'\b[0-9a-fA-F]{16}\b', + #'Hex_24': r'\b[0-9a-fA-F]{24}\b', + #'Hex_32': r'\b[0-9a-fA-F]{32}\b', + #'Hex_40': r'\b[0-9a-fA-F]{40}\b', + #'Hex_Encoded': r'\b[0-9a-fA-F]{32,}\b', + #'Simple_Passphrase': r'\b(pass|password|pwd|passwd)[\s:=\'"]*\w+\b', + #'sensitive_terms_pattern' : r"(?i)\b(api|access|auth|client|secret|key)[-_ ]?(token|id|key|secret|code)?\b", + #'Hex_Encoded': r'\b[0-9a-fA-F]{32,}\b', + #'API_Key': r"(?i)(api[-_]?key\s*[:=]\s*[^\s]+)", + + #'MD5': r'\b[a-fA-F0-9]{32}\b', + #'Bcrypt': r'\$2[aby]?\$\d{2}\$[./A-Za-z0-9]{53}', + #'SHA-1': r'\b[a-fA-F0-9]{40}\b', + #'Bcrypt': r'\$2[aby]?\$\d{2}\$[./A-Za-z0-9]{53}', +} + + +def find_secrets(text): + """Scans a given text for secret patterns and returns a dictionary of findings.""" + findings = {} + for name, regex in _regex.items(): + matches = re.findall(regex, text) + if matches: + findings[name] = matches + return findings + diff --git a/myapp/sitemap_scan.py b/myapp/sitemap_scan.py new file mode 100644 index 0000000..beb8a39 --- /dev/null +++ b/myapp/sitemap_scan.py @@ -0,0 +1,19 @@ +# sitemap_scan.py +from usp.tree import sitemap_tree_for_homepage + +def fetch_sitemap_urls(base_url): + """ + Fetches all URLs from the sitemap of the given base URL. + """ + sitemap_urls = [] + + try: + # Fetch the sitemap tree from the base URL + tree = sitemap_tree_for_homepage(base_url) + for page in tree.all_pages(): + url = page.url + sitemap_urls.append(url) + except Exception as e: + print(f"Error fetching sitemap for {base_url}: {e}") + + return sitemap_urls diff --git a/myapp/subdom.py b/myapp/subdom.py new file mode 100644 index 0000000..d9eb529 --- /dev/null +++ b/myapp/subdom.py @@ -0,0 +1,33 @@ +import requests +import sublist3r + +def gather_subdomains(domain): + # Gather subdomains using Sublist3r + subdomains = sublist3r.main(domain, 40, None, ports=None, silent=True, verbose=False, enable_bruteforce=False, engines=None) + + available_subdomains = [] + + # Check each subdomain for availability + for subdomain in subdomains: + url_http = f"http://{subdomain}" + url_https = f"https://{subdomain}" + + try: + # Try HTTPS first + response = requests.get(url_https, timeout=5) + protocol = 'https' + status_code = response.status_code + except requests.RequestException: + try: + # Fallback to HTTP if HTTPS fails + response = requests.get(url_http, timeout=5) + protocol = 'http' + status_code = response.status_code + except requests.RequestException: + # If both HTTP and HTTPS fail, skip the subdomain + continue + + # Append as a tuple (subdomain, protocol, status_code) + available_subdomains.append((subdomain, protocol, status_code)) + + return available_subdomains diff --git a/myapp/templates/clear_data.html b/myapp/templates/clear_data.html new file mode 100644 index 0000000..c64075d --- /dev/null +++ b/myapp/templates/clear_data.html @@ -0,0 +1,31 @@ + +{% extends "index.html" %} + +{% block content %} +
+
+ {% csrf_token %} + +
+
+ + {% if data_cleared %} + + + + + {% endif %} +{% endblock %} diff --git a/myapp/templates/directory_enumeration.html b/myapp/templates/directory_enumeration.html new file mode 100644 index 0000000..b5cbef0 --- /dev/null +++ b/myapp/templates/directory_enumeration.html @@ -0,0 +1,19 @@ +{% extends 'index.html' %} + +{% block content %} +

Directory Enumeration

+
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if enumerated_directories %} +

Enumerated Directories

+ + {% endif %} +{% endblock %} diff --git a/myapp/templates/findbase64_mul.html b/myapp/templates/findbase64_mul.html new file mode 100644 index 0000000..68d146e --- /dev/null +++ b/myapp/templates/findbase64_mul.html @@ -0,0 +1,38 @@ +{% extends 'index.html' %} + +{% block content %} +
+

Find any sensitive base64 encoded values

+
+ +
+ {% csrf_token %} + + +
+ + {% if result %} +

Scan Results:

+ + + + + + {% for domain, encoded_decoded in result.items %} + + + + + {% for encoded, decoded in encoded_decoded %} + + + + + {% endfor %} + + {% endfor %} +
EncodedDecoded
+ {{ domain }} +
{{ encoded }}{{ decoded }}
+ {% endif %} +{% endblock %} diff --git a/myapp/templates/google_search.html b/myapp/templates/google_search.html new file mode 100644 index 0000000..ff63b63 --- /dev/null +++ b/myapp/templates/google_search.html @@ -0,0 +1,249 @@ +{% extends 'index.html' %} + +{% block content %} +
+ +
+

Google Search Links

+
+ {% csrf_token %} +
+ +
+
+ +
+
+ +
+
+ +
+
+ +
+ +
+ + {% if google_links %} + + {% endif %} +
+ + +
+
+
site:
+
filetype:env
+
"DB_PASSWORD"
+
"mysql dump" filetype:sql
+
filetype:log inurl:log
+
filetype:bak inurl:"backup"
+
filetype:xml inurl:web.xml
+
filetype:json "apikey"
+
inurl:admin filetype:txt
+
intext:"s3.amazonaws.com" filetype:xml
+
intitle:"Index of" "passwords"
+
"Authorization: Bearer" filetype:txt OR filetype:env
+
filetype:sql "insert into" intext:password
+
"confidential" filetype:pdf
+
intext:"password" AND intext:"email" filetype:xls
+
inurl:"phpinfo.php"
+
filetype:cfg "server.cfg"
+
"MongoDB server information" filetype:json
+
intitle:"Index of" "credentials.json"
+
"AWS_SECRET_ACCESS_KEY" filetype:log OR filetype:json
+
inurl:wp-config.php
+
filetype:json "client_secret"
+
inurl:"/ftpconfig" filetype:json
+
intitle:"Index of" "id_rsa"
+
filetype:txt "private_key"
+
intext:"ftp password" filetype:txt
+
intext:"DB_USERNAME" filetype:env
+
filetype:yaml intext:"password"
+
intitle:"Index of" "shadow"
+
filetype:env "SECRET_KEY"
+
inurl:".git" "index of"
+
inurl:"backup" filetype:zip
+
inurl:credentials filetype:xls
+
inurl:"/config.inc.php"
+
"AWS_SECRET_ACCESS_KEY" filetype:json
+
intext:"OAuth" AND intext:"access_token" filetype:json
+
filetype:ini "user=*" "password=*"
+
intitle:"Index of" "secrets.txt"
+
filetype:log inurl:log4j
+
intext:"ssh-rsa" filetype:key
+
intext:"PGP PRIVATE KEY BLOCK" filetype:asc
+
intext:"auth_token" filetype:yaml
+
filetype:conf "apache.conf"
+
intext:"accessKeyId" filetype:json
+
filetype:bak "password"
+
intext:"BEGIN RSA PRIVATE KEY" filetype:pem
+
filetype:php inurl:"config"
+
filetype:sh "password"
+
intitle:"Index of" "credentials.json"
+
filetype:txt inurl:admin
+
intext:"X-Amz-Security-Token" filetype:log
+
intext:"access_key" AND intext:"secret_key" filetype:json
+
inurl:"password.txt"
+
inurl:".npmrc" filetype:rc
+
inurl:"/.ssh/id_rsa"
+
intext:"secret" AND intext:"key" filetype:yaml
+
filetype:yaml "password"
+
filetype:inc intext:"db_password"
+
inurl:"config.js"
+
filetype:dat "password"
+
inurl:".bash_history"
+
inurl:"/phpinfo.php"
+
filetype:sql "password"
+
intext:"API_KEY" filetype:py
+
intitle:"Index of" "mysql-credentials"
+
inurl:"config.json" "password"
+
filetype:bak "password"
+
inurl:"/id_dsa"
+
inurl:"/.npmrc" "authToken"
+
intitle:"Index of" "database.sql"
+
inurl:"/sftp-config.json"
+
filetype:log "password"
+
inurl:"/wp-admin/install.php"
+
inurl:"/passwd"
+
intitle:"Index of" "private.pem"
+
inurl:".keychain"
+
inurl:"/pgp_keys.asc"
+
inurl:"/.dockercfg"
+
intitle:"Index of" "database.db"
+
filetype:conf "db_password"
+
inurl:"/.terraform/"
+
intext:"private_key" filetype:pem
+
intitle:"Index of" "credentials"
+
inurl:"/.gitlab-ci.yml"
+
intext:"app_secret" filetype:json
+
intitle:"Index of" "config.yaml"
+
filetype:ini "password"
+
inurl:"/docker-compose.yml"
+
inurl:"/.travis.yml"
+
filetype:txt "password"
+
intext:"aws_secret_access_key"
+
inurl:"/secrets.xml"
+
filetype:yaml "access_key"
+
inurl:"/server.key"
+
filetype:log intext:"error"
+
inurl:"/settings.py"
+
inurl:"/database.yml"
+
inurl:"/.netrc"
+
intitle:"Index of" "env"
+
intext:"s3cmd" filetype:conf
+
intitle:"Index of" "ftpconfig"
+
filetype:conf "shadow"
+
inurl:".env.example" "DB_PASSWORD"
+
inurl:"/debug.log"
+
filetype:cfg "passwd"
+
inurl:"/.git/config" "repositoryformatversion"
+
filetype:sql "INSERT INTO" "VALUES"
+
intext:"Authorization: Bearer" filetype:json
+
intitle:"Index of" "apache/logs"
+
inurl:"/docker-compose.yml" "secrets"
+
filetype:ini "smtp_password"
+
inurl:"/.aws/credentials"
+
filetype:env "MAIL_HOST"
+
inurl:"/key.pem"
+
inurl:"/access_tokens"
+
intext:"ftp_user" filetype:xml
+
filetype:yaml "secret_key"
+
inurl:"/phpMyAdmin/scripts/setup.php"
+
filetype:json "access_key"
+
intitle:"Index of" "backup.tar.gz"
+
inurl:"/.ssh/id_rsa.pub"
+
filetype:ps1 "SecurePassword"
+
inurl:"/error_log"
+
filetype:log "token"
+
intitle:"Index of" "mongodb.conf"
+
inurl:"/.composer/auth.json"
+
filetype:bak "db_password"
+
intitle:"Index of" "auth.log"
+
intext:"Authorization Basic" filetype:htpasswd
+
inurl:"/conf.d"
+
inurl:"/id_rsa"
+
filetype:properties "username" "password"
+
inurl:"/vpn.key"
+
filetype:backup "db_user"
+
inurl:"/composer.lock"
+
intitle:"Index of" ".ssh/authorized_keys"
+
inurl:"/vault-token"
+
filetype:psql "password"
+
intitle:"Index of" "access.log"
+
intext:"AWS_SECRET_ACCESS_KEY"
+
intitle:index of .env
+
intitle: index of /Invoices*
+
intitle: index of backup.php
+
intitle: index of backup.xml
+
intitle:index of SCADA
+
intitle: index of payment
+
intitle:index of private/log
+
intitle: Index of inurl:fileadmin
+
intitle:index.of (inurl:admin | intitle:admin)
+
intitle:index of contacts.vcf
+
inurl:filemanager/upload/asp/ index of
+
intitle:index of /configs
+
intext:CAD Media Log
+
intitle:index of /.vscode
+
intitle:index of intext:client.key.pem
+
inurl:wp-content/uploads/ intitle:logs
+
inurl:/wp-content/uploads/wp-file-manager-pro/fm_backup
+
-----BEGIN PGP PRIVATE KEY BLOCK----- ext:pem | ext:key | ext:txt -git
+
-----BEGIN EC PRIVATE KEY----- | -----BEGIN EC PARAMETERS----- ext:pem | ext:key | ext:txt
+
inurl:tcpconfig.html
+
inurl:/certs/server.key
+
inurl:print.htm intext:Domain Name: + Open
+
inurl:/jsps/testoperation.jsp Test Operation
+
intitle:index of *Maildir/new
+
-- Dumped from database version + -- Dumped by pg_dump version ext:txt | ext:sql | ext:env | ext:log
+
/etc/config + index of / /
+
/etc/certs + index of / */*
+
intitle:index of dump.sql
+
intitle:index of inurl:admin/download
+
intitle:index of *.cert.pem | *.key.pem
+
ssh_host_dsa_key.pub + ssh_host_key + ssh_config = index of /
+
index of inurl:database ext:sql | xls | xml | json | csv
+
intitle:index of WebServers.xml
+
-- Dumping data for table `admin` | -- INSERT INTO `admin` VALUES ext:sql | ext:txt | ext:log | ext:env
+
intitle:index of .git/hooks/
+
inurl: /.git
+
inurl:8080 + intext:httpfileserver 2.3
+
inurl:node_modules/mqtt/test/helpers/
+
intitle: Index of inurl:admin/uploads
+
intitle:index of server.crt | server.csr
+
intitle:index of /CFIDE/ intext:administrator
+
index of mysql.sh
+
intitle:index of slapd.conf
+
GitLab ssh.log ext:log
+
ext:reg [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys]
+ + +
+
+
+ + + +{% endblock %} diff --git a/myapp/templates/index.html b/myapp/templates/index.html new file mode 100644 index 0000000..11f6bcb --- /dev/null +++ b/myapp/templates/index.html @@ -0,0 +1,161 @@ + + + + + + CTF-Duck + + + + + +
+ + +
+

Components

+ +
+ + +
+

CTF-Duck

+ + + +
+ + +
+ {% block content %} + {% endblock content %} +
+
+ + diff --git a/myapp/templates/leak_checker.html b/myapp/templates/leak_checker.html new file mode 100644 index 0000000..66fcc0f --- /dev/null +++ b/myapp/templates/leak_checker.html @@ -0,0 +1,19 @@ +{% extends 'base_generic.html' %} + +{% block content %} +

GitHub Repository Leak Checker

+
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if leaks %} +

Found Leaks:

+ + {% endif %} +{% endblock %} \ No newline at end of file diff --git a/myapp/templates/scan_git_repo.html b/myapp/templates/scan_git_repo.html new file mode 100644 index 0000000..7f3a978 --- /dev/null +++ b/myapp/templates/scan_git_repo.html @@ -0,0 +1,51 @@ +{% extends 'index.html' %} + +{% block content %} +
+

Scan GitHub Repository for Sensitive Data

+ +
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if findings %} +

Scan Results

+ + {% if findings.0.message or findings.0.error %} +

{{ findings.0.message }} {{ findings.0.error }}

+ {% else %} + + + + + + + + + + + + + {% for finding in findings %} + + + + + + + + + {% endfor %} + +
File PathSensitive StringsCommit IDAuthorDateCommit Message
{{ finding.file }} + {% for string in finding.strings_found %} +

{{ string }}

+ {% endfor %} + 		{{ finding.commit }}{{ finding.commit_author }}{{ finding.date }}{{ finding.message }}
+ {% endif %} + {% endif %} +
+{% endblock %} + diff --git a/myapp/templates/scan_links.html b/myapp/templates/scan_links.html new file mode 100644 index 0000000..2e3df7f --- /dev/null +++ b/myapp/templates/scan_links.html @@ -0,0 +1,24 @@ +{% extends 'index.html' %} + +{% block content %} +

URL Resource Scanner

+ +
+ {% csrf_token %} + {{ form.as_p }} + +
+ +

Scan Results

+ {% if results %} + + {% else %} +

No results found.

+ {% endif %} + + +{% endblock %} diff --git a/myapp/templates/scangit_repo.html b/myapp/templates/scangit_repo.html new file mode 100644 index 0000000..367a9a1 --- /dev/null +++ b/myapp/templates/scangit_repo.html @@ -0,0 +1,37 @@ +{% extends 'index.html' %} + +{% block content %} +

Scan Git Repository for Sensitive Data

+ +
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if findings %} +

Findings

+ + + + + + + + + + + {% for finding in findings %} + + + + + + + {% endfor %} + +
Pattern NameFile PathLine NumberContent
{{ finding.pattern_name }}{{ finding.file_path }}{{ finding.line_num }}{{ finding.content }}
+ {% else %} +

No findings yet.

+ {% endif %} +{% endblock %} diff --git a/myapp/templates/scrap_mul_links.html b/myapp/templates/scrap_mul_links.html new file mode 100644 index 0000000..58c9188 --- /dev/null +++ b/myapp/templates/scrap_mul_links.html @@ -0,0 +1,26 @@ +{% extends 'index.html' %} + +{% block content %} +
+

Link Scraper

+ + + +
+
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if scraped_links %} +

Scraped Links

+ + {% endif %} +{% endblock %} diff --git a/myapp/templates/scrape_links.html b/myapp/templates/scrape_links.html new file mode 100644 index 0000000..8ab78f9 --- /dev/null +++ b/myapp/templates/scrape_links.html @@ -0,0 +1,26 @@ +{% extends 'index.html' %} + +{% block content %} +
+

Link Scraper

+ + + +
+
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if scraped_links %} +

Scraped Links

+ + {% endif %} +{% endblock %} diff --git a/myapp/templates/search_results.html b/myapp/templates/search_results.html new file mode 100644 index 0000000..8670f1b --- /dev/null +++ b/myapp/templates/search_results.html @@ -0,0 +1,127 @@ + +{% extends "index.html" %} + +{% block content %} +

Search Across Multiple Tables

+
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if results %} +
+

Search Results

+ +
+ +
+

Google Links

+ + + + + + + + {% for result in results.google_links %} + + + + {% empty %} + + + + {% endfor %} + +
Link
{{ result.link }}
No results found in Google Links.
+ +

Directory Enumerations

+ + + + + + + + {% for result in results.directory_enumerations %} + + + + {% empty %} + + + + {% endfor %} + +
Directory
{{ result.directory }}
No results found in Directory Enumeration.
+ +

Link Scrap

+ + + + + + + + {% for result in results.linkscraps %} + + + + {% empty %} + + + + {% endfor %} + +
Link
{{ result.link }}
No results found in Link Scrap.
+ +

Sitemap URLs

+ + + + + + + + {% for result in results.sitemap_urls %} + + + + {% empty %} + + + + {% endfor %} + +
URL
{{ result.url }}
No results found in Sitemap URLs.
+
+ {% endif %} + + + +{% endblock %} diff --git a/myapp/templates/secret.html b/myapp/templates/secret.html new file mode 100644 index 0000000..833c10f --- /dev/null +++ b/myapp/templates/secret.html @@ -0,0 +1,47 @@ +{% extends 'index.html' %} + +{% block content %} +

Secret Scanner

+
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if scan_results %} +

Scan Results

+ + + + + + + + + + {% for result in scan_results %} + {% if result.secrets %} + {% for secret_type, secrets in result.secrets.items %} + + + + + + {% endfor %} + {% else %} + + + + + {% endif %} + {% endfor %} + +
URLSecret TypeSecrets
{{ result.url }}{{ secret_type }} +
    + {% for secret in secrets %} +
  • {{ secret }}
    • + {% endfor %} +
+
{{ result.url }}No secrets found.
+ {% endif %} +{% endblock %} diff --git a/myapp/templates/show_tables.html b/myapp/templates/show_tables.html new file mode 100644 index 0000000..9be9112 --- /dev/null +++ b/myapp/templates/show_tables.html @@ -0,0 +1,126 @@ +{% extends 'index.html' %} + +{% block content %} + +

Tables in Database

+ + + {% if selected_table %} +

Data from Table: {{ selected_table }}

+ + +
+ + + + +
+ + {% if table_data %} + + + + {% for column in columns %} + + {% endfor %} + + + + {% for row in table_data %} + + {% for item in row %} + + {% endfor %} + + {% endfor %} + +
+ {{ column }} + +
{{ item }}
+ {% else %} +

No data found in this table.

+ {% endif %} + {% endif %} + + + +{% endblock %} diff --git a/myapp/templates/sitemap_scan.html b/myapp/templates/sitemap_scan.html new file mode 100644 index 0000000..4329950 --- /dev/null +++ b/myapp/templates/sitemap_scan.html @@ -0,0 +1,20 @@ +{% extends 'index.html' %} + +{% block content %} +

Sitemap URL Scanner

+ +
+ {% csrf_token %} + {{ form.as_p }} + +
+ + {% if sitemap_urls %} +

Fetched Sitemap URLs

+ + {% endif %} +{% endblock %} diff --git a/myapp/templates/subdomain.html b/myapp/templates/subdomain.html new file mode 100644 index 0000000..e32806c --- /dev/null +++ b/myapp/templates/subdomain.html @@ -0,0 +1,21 @@ +{% extends 'index.html' %} + +{% block content %} +

Subdomain Scanner

+
+ {% csrf_token %} + {{ form1.as_p }} + +
+ + {% if subdomain_list %} +

Available Subdomains for {{ form1.cleaned_data.domain }}

+ + {% endif %} +{% endblock %} diff --git a/myapp/tests.py b/myapp/tests.py new file mode 100644 index 0000000..7ce503c --- /dev/null +++ b/myapp/tests.py @@ -0,0 +1,3 @@ +from django.test import TestCase + +# Create your tests here. diff --git a/myapp/trigger.py b/myapp/trigger.py new file mode 100644 index 0000000..8c0ff13 --- /dev/null +++ b/myapp/trigger.py @@ -0,0 +1,33 @@ +# trigger.py +from django.db.models import Q +from myapp.models import GoogleLink, DirectoryEnumeration, Linkscrap, SitemapURL + +def trigger_search(keywords): + keywords = [keyword.strip() for keyword in keywords.split(',')] + + google_links_q = Q() + for keyword in keywords: + google_links_q |= Q(query__icontains=keyword) | Q(link__icontains=keyword) + google_links_results = GoogleLink.objects.filter(google_links_q) + + directory_enum_q = Q() + for keyword in keywords: + directory_enum_q |= Q(domain__icontains=keyword) | Q(directory__icontains=keyword) + directory_enum_results = DirectoryEnumeration.objects.filter(directory_enum_q) + + linkscrap_q = Q() + for keyword in keywords: + linkscrap_q |= Q(link__icontains=keyword) + linkscrap_results = Linkscrap.objects.filter(linkscrap_q) + + sitemap_url_q = Q() + for keyword in keywords: + sitemap_url_q |= Q(url__icontains=keyword) + sitemap_url_results = SitemapURL.objects.filter(sitemap_url_q) + + return { + 'google_links': google_links_results, + 'directory_enumerations': directory_enum_results, + 'linkscraps': linkscrap_results, + 'sitemap_urls': sitemap_url_results, + } diff --git a/myapp/urls.py b/myapp/urls.py new file mode 100644 index 0000000..79837a3 --- /dev/null +++ b/myapp/urls.py @@ -0,0 +1,20 @@ +from django.urls import path +from . import views + +urlpatterns = [ + path('', views.index, name='home'), + path('show-tables/', views.show_tables, name='show_tables'), + path('google_search/', views.google_search, name='google_search'), + path('subdomain/', views.subdomain, name='subdomain'), + path('base64_multiple/', views.base64_multiple, name='base64_multiple'), + path('scrape_links/', views.scrape_links, name='scrape_links'), + path('directory_enumeration_view/', views.directory_enumeration_view, name='directory_enumeration_view'), + path('scan_github_repository/', views.scan_github_repository, name='scan_github_repository'), + path('scan_secrets/', views.scan_secrets, name='scan_secrets'), + path('scrape_linksM/', views.scrape_linksM, name='scrape_linksM'), + path('sitemap_scan_view/', views.sitemap_scan_view, name='sitemap_scan_view'), + path('search_multiple_tables/', views.search_multiple_tables, name='search_multiple_tables'), + path('clear_data_view/', views.clear_data_view, name='clear_data_view'), + path('scan_links/', views.scan_links, name='scan_links'), + path('scan_git_repo/', views.scan_git_repo, name='scan_git_repo'), +] \ No newline at end of file diff --git a/myapp/views.py b/myapp/views.py new file mode 100644 index 0000000..b8e4d51 --- /dev/null +++ b/myapp/views.py @@ -0,0 +1,417 @@ +from django.shortcuts import render +from django.http import HttpResponse +from django.template import loader +from .glsearch import find_google_link +from .subdom import gather_subdomains +from .base64find import find_and_decode_base64_in_source +from .direnum import web_directory_enumeration +from .secret import find_secrets +from .linkscrapping import find_all_links +from .sitemap_scan import fetch_sitemap_urls +from .trigger import trigger_search +from .cleardata import clear_data +from .linkscraping import recursive_crawl +from .git_secret import clone_and_scan_repo +from .forms import ScanForm, MultiInputSearchForm, DomainInputForm, GitHubScanForm, SecretScanForm,LinkScrapingForm,LinkScrapingFormM,SitemapScanForm,KeywordSearchForm,URLScanForm,GitRepoForm +from .models import GoogleLink, Subdomain,DirectoryEnumeration,GitHubScan, SecretScan, Linkscrap,SitemapURL,Link_Resource,GitDataLeak +from django.db import connection +import subprocess +import json +import requests + +# Create your views here. +def index(request): + template = loader.get_template('index.html') + return HttpResponse(template.render()) + + +def google_search(request): + result = None + google_links = [] + if request.method == 'POST': + form = MultiInputSearchForm(request.POST) + if form.is_valid(): + # Get the input data from the form and concatenate them to form the search query + input1 = form.cleaned_data['input1'] + input2 = form.cleaned_data['input2'] + input3 = form.cleaned_data['input3'] + input4 = form.cleaned_data['input4'] + input5 = form.cleaned_data['input5'] + site_qry = f"{input1} {input2} {input3} {input4} {input5}".strip() + + # Get the list of Google links + google_links = find_google_link(site_qry) + + # Store the links in the database + for link in google_links: + if not GoogleLink.objects.filter(link=link).exists(): + GoogleLink.objects.create(query=site_qry, link=link) + + # Retrieve the links from the database + result = GoogleLink.objects.filter(query=site_qry) + else: + form = MultiInputSearchForm() + + context = { + 'form': form, + 'google_links': result or google_links, + } + return render(request, 'google_search.html', context) + + +# ---------------------------------------------------------- +# this section for showing data base +def show_tables(request): + with connection.cursor() as cursor: + # Execute a raw SQL query to get the table names + cursor.execute("SELECT name FROM sqlite_master WHERE type='table';") + tables = cursor.fetchall() # Fetch all results + + # Extract table names from the fetched data + table_names = [table[0] for table in tables] + + selected_table = request.GET.get('table') + search_query = request.GET.get('search') # Get search query from the input + table_data = None + columns = [] + + if selected_table: + with connection.cursor() as cursor: + # If a search query exists, modify the SQL to filter results + if search_query: + cursor.execute(f"SELECT * FROM {selected_table} WHERE {get_filter_condition(selected_table, search_query)};") + else: + cursor.execute(f"SELECT * FROM {selected_table};") # Fetch all rows if no filter + + table_data = cursor.fetchall() + columns = [col[0] for col in cursor.description] # Get column names + + context = { + 'table_names': table_names, + 'table_data': table_data, + 'columns': columns, + 'selected_table': selected_table, + 'search_query': search_query, + } + return render(request, 'show_tables.html', context) + + +def get_filter_condition(table_name, query): + # Define which column(s) to filter for each table (based on your table schema) + # Adjust the WHERE clause depending on the structure of your table + # For simplicity, we'll search across all columns + + # Dynamic filtering based on table and query. Adjust based on specific table structures. + return f" OR ".join([f"{col} LIKE '%{query}%'" for col in get_column_names(table_name)]) + + +def get_column_names(table_name): + # A helper function to get column names dynamically from the selected table + with connection.cursor() as cursor: + cursor.execute(f"PRAGMA table_info({table_name});") + columns = [col[1] for col in cursor.fetchall()] # Column names are in the second field of each row + return columns + +# ---------------------------------------------------------- + +# ---------------------------------------------------------------- +# this is for Subdomains +def subdomain(request): + available_subdomains = None + subdomain_list = [] + + if request.method == 'POST': + form1 = ScanForm(request.POST) + + if form1.is_valid(): + domain = form1.cleaned_data['domain'] + subdomain_list = gather_subdomains(domain) # Get available subdomains + + # Store subdomains in the database and avoid duplicates using get_or_create + for subs in subdomain_list: + if not Subdomain.objects.filter(subdomains=subs[0]): + Subdomain.objects.get_or_create(domain_name=domain, subdomains=subs[0]) + + subdomain_list = Subdomain.objects.filter(domain_name=domain) + + else: + form1 = ScanForm() + + context = { + 'form1': form1, + 'subdomain_list':subdomain_list, + } + + return render(request, 'subdomain.html', context) +# ---------------------------------------------------------- + +# ---------------------------------------------------------------- +def base64_multiple(request): + result = {} + if request.method == 'POST': + if 'domain_text' in request.POST: + # Read textarea input and split by lines (assuming each line is a domain) + domains = request.POST['domain_text'].splitlines() + + for domain in domains: + # Call your custom function to process each domain + encoded_decoded_pairs = find_and_decode_base64_in_source(domain) + result[domain] = encoded_decoded_pairs + + return render(request, 'findbase64_mul.html', {'result': result}) + +# ------------------------------------------------------------------------ +# ------------------------------------------------------------------------ +def scrape_links(request): + form = LinkScrapingForm(request.POST or None) + scraped_links = [] + + if request.method == 'POST' and form.is_valid(): + base_url = form.cleaned_data['base_url'] + visited_links = set() + + find_all_links(base_url, visited_links, depth=2) + + scraped_links = Linkscrap.objects.filter(link__startswith=base_url) + + context = { + 'form': form, + 'scraped_links': scraped_links, + } + return render(request, 'scrape_links.html', context) + +# ------------------------------------------------------------------------ +# ------------------------------------------------------------------------ +def directory_enumeration_view(request): + enumerated_directories = [] + + if request.method == 'POST': + form = DomainInputForm(request.POST) + + if form.is_valid(): + url = form.cleaned_data['domain'] + wordlist_path = "C:\\Users\\User\\Desktop\\duck-duck-leak\\duck_duck_leak\\myapp\\payloads\\common.txt" + # Call the directory enumeration function + enumerated_directories = web_directory_enumeration(url, wordlist_path, max_workers=20) + + # Store the found directories in the database + for directory in enumerated_directories: + if not DirectoryEnumeration.objects.filter(directory=directory).exists(): + DirectoryEnumeration.objects.create(domain=url, directory=directory) + + # Retrieve the stored directories from the database + enumerated_directories = DirectoryEnumeration.objects.filter(domain=url) + else: + form = DomainInputForm() + + context = { + 'form': form, + 'enumerated_directories': enumerated_directories, + } + + return render(request, 'directory_enumeration.html', context) +# ------------------------------------------------------------------------ +# ------------------------------------------------------------------------ + +def scan_github_repository(request): + scan_results = None + if request.method == 'POST': + form = GitHubScanForm(request.POST) + if form.is_valid(): + repository_url = form.cleaned_data['repository_url'] + + # Run truffleHog command + command = f"trufflehog git --json {repository_url}" + try: + # Execute the command + result = subprocess.run(command, shell=True, capture_output=True, text=True, check=True) + + # Parse the JSON output + scan_results = json.loads(result.stdout) + + # Save the results to the database + GitHubScan.objects.create(repository_url=repository_url, scan_results=scan_results) + except subprocess.CalledProcessError as e: + print(f"Error occurred while running truffleHog: {e}") + scan_results = {"error": str(e)} + else: + form = GitHubScanForm() + + context = { + 'form': form, + 'scan_results': scan_results, + } + return render(request, 'gitscan.html', context) +# ------------------------------------------------------------------------ +# ------------------------------------------------------------------------ + +def scan_secrets(request): + scan_results = [] + + if request.method == 'POST': + form = SecretScanForm(request.POST) + if form.is_valid(): + urls = form.cleaned_data['urls'].splitlines() + + for url in urls: + try: + response = requests.get(url) + if response.status_code == 200: + # Scan the page content for secrets + secrets = find_secrets(response.text) + for secret_type, secret_values in secrets.items(): + for value in secret_values: + if not SecretScan.objects.filter(secret_value=value).exists(): + # Save the result to the database + SecretScan.objects.create( + url=url, + secret_type=secret_type, + secret_value=value + ) + scan_results.append({'url': url, 'secrets': secrets}) + else: + scan_results.append({'url': url, 'error': 'Failed to retrieve content'}) + except requests.exceptions.RequestException as e: + scan_results.append({'url': url, 'error': str(e)}) + else: + form = SecretScanForm() + + return render(request, 'secret.html', {'form': form, 'scan_results': scan_results}) + +# ---------------------------------------------------------------- +# scrapping the multiple links +#----------------------------------------------------------------- + + +def scrape_linksM(request): + form = LinkScrapingFormM(request.POST or None) + scraped_links = [] + + if request.method == 'POST' and form.is_valid(): + base_urls = form.cleaned_data['base_urls'].splitlines() # Split lines for multiple URLs + visited_links = set() + + for base_url in base_urls: + if base_url.strip(): # Ignore empty lines + find_all_links(base_url.strip(), visited_links, depth=2) + + # Query the database for links matching any base URL entered + scraped_links = Linkscrap.objects.filter(link__in=visited_links) + + context = { + 'form': form, + 'scraped_links': scraped_links, + } + return render(request, 'scrap_mul_links.html', context) + +# ---------------------------------------------------------------- +#----------------------------------------------------------------- + +def sitemap_scan_view(request): + form = SitemapScanForm(request.POST or None) + sitemap_urls = [] + + if request.method == 'POST' and form.is_valid(): + base_url = form.cleaned_data['base_url'] + + # Fetch sitemap URLs from the base URL + fetched_urls = fetch_sitemap_urls(base_url) + + # Loop through each fetched URL and store it if it's not already in the database + for url in fetched_urls: + if not SitemapURL.objects.filter(url=url).exists(): + SitemapURL.objects.create(url=url) + sitemap_urls.append(url) # Add to list to display on the page + + context = { + 'form': form, + 'sitemap_urls': sitemap_urls, # Display both new and existing URLs + } + return render(request, 'sitemap_scan.html', context) +# ---------------------------------------------------------------- +#----------------------------------------------------------------- +def search_multiple_tables(request): + form = KeywordSearchForm(request.POST or None) + results = {} + + if request.method == 'POST' and form.is_valid(): + # Get keywords from the form and pass to trigger_search + keywords = form.cleaned_data['keywords'] + results = trigger_search(keywords) # Perform the search and get results + + context = { + 'form': form, + 'results': results, + } + return render(request, 'search_results.html', context) + +# ---------------------------------------------------------------- +#----------------------------------------------------------------- + +def clear_data_view(request): + if request.method == "POST": + clear_data() + return render(request, "clear_data.html", {"data_cleared": True}) + return render(request, "clear_data.html", {"data_cleared": False}) +# ------------------------------------------------------------------------ +# ------------------------------------------------------------------------ + +def scan_links(request): + results = [] + + if request.method == 'POST': + form = URLScanForm(request.POST) + if form.is_valid(): + # Get URLs from the form input, split by lines + urls = form.cleaned_data['urls'].splitlines() + + # Loop through each URL and crawl + for url in urls: + visited = set() + resources_found = [] + + # Call the recursive_crawl function + recursive_crawl(url, visited, resources_found) + + # Save resources found to the results list + for resource in resources_found: + results.append({ + 'url': url, + 'resource': resource + }) + # Save to the database + Link_Resource.objects.create(url=url, resource=resource) + + # Display "No resources found" if the list is empty + if not results: + results = [{"url": url, "resource": "No resources found"}] + + else: + form = URLScanForm() + + # Pass form and results to the template + return render(request, 'scan_links.html', {'form': form, 'results': results}) + +# ------------------------------------------------------------------------ +# ------------------------------------------------------------------------ + +def scan_git_repo(request): + form = GitRepoForm() + findings = [] + + if request.method == 'POST': + form = GitRepoForm(request.POST) + if form.is_valid(): + repo_url = form.cleaned_data['repo_url'] + findings = clone_and_scan_repo(repo_url) + + # Store findings in the database + for finding in findings: + GitDataLeak.objects.create( + pattern_name=finding['pattern_name'], + file_path=finding['file_path'], + line_num=finding['line_num'], + content=finding['content'], + ) + + return render(request, 'scangit_repo.html', {'form': form, 'findings': findings}) \ No newline at end of file