BFAC – Backup File Artifacts Checker
BFAC or Backup File Artifacts Checker tool is an automated tool that aims to verify or check the backup artifacts that can reveal the building code or source code of the web-based application. These artifacts are very much sensitive as they contain sensitive information like passwords, directory structure, and many more. BFAC tool is developed in the Python language and is available on the GitHub platform. BFAC tool is an open-source and free-to-use tool. BFAC tool supports a multi-threading approach for faster results.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of BFAC Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/mazen160/bfac.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the bfac. Now you have to install a dependency of the bfac using the following command.
sudo pip3 install -r requirements.txt
Step 4: Build the tool by using the following command.
sudo python3 setup.py install
Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
Working with BFAC Tool on Kali Linux OS
Example 1: Check a single URL.
bfac --url http://testphp.vulnweb.com/login.php
Example 2: Check a list of URLs.
bfac --list lists.txt
We are scanning multiple target URLs at the same time.
We have got the results for our multiple URLs scan.
Example 3: Single URL with a different level (level 2 for example).
bfac –url http://testphp.vulnweb.com/login.php –level 2
Example 4: Single URL and show the results only.
bfac --no-text --url http://testphp.vulnweb.com/login.php
Example 5: Limit the test to exposed DVCS tests.
bfac --dvcs-test --url http://testphp.vulnweb.com/login.php
Example 6: Verify the existence of files using Content-Length checks only.
bfac -u http://testphp.vulnweb.com/login.php –technique content_length
We are verifying the existence of files that contains only the Content-Length check.
Example 7: Verify the existence of files using Status-Code checks only.
bfac –technique status_code -u http://testphp.vulnweb.com/login.php
We are verifying the existence of files that contain only the Status-Code check.
Example 8: Exclude results with specific status codes.
bfac –exclude-status-codes 301,999,400 -u http://testphp.vulnweb.com/login.php
We have excluded status codes 301,999,400 from our scan. We have got the results excluding the specified status codes.