A tool to automate a bugbounty process as: Tool will execute multiple tools to collect URLs from internet archives then use some useful patterns/RegEx to look for Sensitive Data Leakage in the form of multiple juicy extensions.
Back-Me-Up is a powerful shell script tool designed to automate the bug bounty process by collecting URLs from internet archive data and searching for sensitive data leakage in the form of juicy extensions. The tool utilizes multiple tools, including gau, gauplus, cariddi, waymore, gospider, crawley, hakrawler,katana, and waybackurls to streamline the process.
[+] go
[+] cariddi
[+] waybackurls
[+] git
[+] waymore
[+] gau
[+] pip3
[+] gauplus
[+] katana
[+] gospider
[+] crawley
[+] httpx
[+] anew
[+] curl
[+] hakrawler
- Clone the repo:
git clone https://github.com/Dheerajmadhukar/back-me-up.git - Change dir & run the script:
cd back-me-up/ - To check installed prerequisite packages/tools/libs :
bash backmeup.sh --check/-c
- To install all the prerequisite packages/tools/libs :
bash backmeup.sh --install/-i
To use Back-Me-Up, run the following command:
bash backmeup.sh --help/-h
Back-Me-Up works by combining the power of multiple tools to automate the bug bounty process. Here's a high-level overview of the process:
- The tool uses
gau,gauplus,waybackurls,cariddi,waymore,gospider,crawley,hakrawlerandkatanato gather URLs from internet archive data.
- Back-Me-Up filters the URLs based on a list of juicy extensions, which are known to contain sensitive data e.g .sql, .bkp, .txt etc...
- Finally, Back-Me-Up analyzes the extracted data using regular expressions and patterns to discover sensitive data leakage.
- Automates the bug bounty process for sensitive data leakage discovery
- Utilizes multiple tools for URL collection, data extraction, and data analysis
- Flexible to add more Extensions as per user's demand
- Provides a user-friendly command-line interface
- Regular expression and pattern-based data analysis
$ cat ext.txt
dat,rtf,xls,ppt,sdf,odf,pptx,xlsx,exe,lnk,7z,bin,part,pdb,cgi,crdownload,ini,zipx,bak,torrent,jar,sys,deb,sh,docm,mdb,xla,zip,tar.gz,txt,json,csv,doc,docx,git,pem,bash_history,db,key,tar,log,sql,accdb,dbf,apk,cer,cfg,rar,sln,tmp,dll,iso,c,cpp,tgz,sqlite,pgsql.txt,mysql.txt,gz,config,backup,bkp,crt,eml,java,lst,passwd,pl,pwd,dir,orig,bz2,old,vbs,img,inf,py,vbproj,war,go,psql,sql.gz,vb,webinfo,jnlp,temp,webproj,xsql,raw,inc,lck,nz,rc,html.gz,env,yml,save,save.1,ovpn,secret,secrets,access,gitignore,properties,dtd,conf,configs,xml,rb,yaml,toml,tar.bz2,dochtml,odt,pdf,action,adr,ascx,asmx,axd,bkf,bok,achee,cfm,cnf,csr,ica,mai,mbox,mbx,md,nsf,ora,pac,pcf,pgp,plist,rdp,reg,skr,swf,tpl,url,wml,xsd,swp,bac,BAK,NEW,_bak,_old,bak1,lock,atom,_backup,~,%01,(1),gzip,cab,mysql-pconnect,mysql-connect
$ echo "db" >> ext.txt
Watch the demo video on
Back-Me-Up is designed for responsible use in legitimate penetration testing and bug bounty programs. Misuse of this tool may lead to legal consequences. The author is not responsible for any misuse of this tool.
╔════════[ me_dheeraj ]════════════╗
- Twitter: @Dheerajmadhukar
- YouTube: @Dheerajmadhukar
- LinkedIn: @dheerajtechnolegends
╚═════════════════════════════╝
If you find Back-Me-Up useful, consider buying me a beer to support future development:
