Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

BFAC – Backup File Artifacts Checker

  • Last Updated : 10 Oct, 2021

BFAC or Backup File Artifacts Checker tool is an automated tool that aims to verify or check the backup artifacts that can reveal the building code or source code of the web-based application. These artifacts are very much sensitive as they contain sensitive information like passwords, directory structure, and many more. BFAC tool is developed in the Python language and is available on the GitHub platform. BFAC tool is an open-source and free-to-use tool. BFAC tool supports a multi-threading approach for faster results.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of BFAC Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/mazen160/bfac.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.



cd bfac/

Step 3: You are in the directory of the bfac. Now you have to install a dependency of the bfac using the following command.

sudo pip3 install -r requirements.txt

Step 4: Build the tool by using the following command.

sudo python3 setup.py install

Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

bfac -h

Working with BFAC Tool on Kali Linux OS

Example 1: Check a single URL.



bfac --url http://testphp.vulnweb.com/login.php

Example 2: Check a list of URLs.

bfac --list lists.txt

We are scanning multiple target URLs at the same time.

We have got the results for our multiple URLs scan.

Example 3: Single URL with a different level (level 2 for example).

bfac –url http://testphp.vulnweb.com/login.php –level 2



Example 4: Single URL and show the results only.

bfac --no-text --url http://testphp.vulnweb.com/login.php

Example 5: Limit the test to exposed DVCS tests.

bfac --dvcs-test --url http://testphp.vulnweb.com/login.php

Example 6: Verify the existence of files using Content-Length checks only.

bfac -u http://testphp.vulnweb.com/login.php –technique content_length

We are verifying the existence of files that contains only the Content-Length check.

Example 7: Verify the existence of files using Status-Code checks only.



bfac –technique status_code -u http://testphp.vulnweb.com/login.php

We are verifying the existence of files that contain only the Status-Code check.

Example 8: Exclude results with specific status codes.

bfac –exclude-status-codes 301,999,400 -u http://testphp.vulnweb.com/login.php

We have excluded status codes 301,999,400 from our scan. We have got the results excluding the specified status codes.




My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!