Open In App

Snallygaster – Scan For Secret Files On HTTP Servers

Last Updated : 27 Jan, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

Some of the files present on the server need to be kept safe from public access, as these can have a bunch of sensitive data like version details, certificates, API keys, and a lot more. So to identify these secret files we have an automated tool names snallygaster. Snallygaster tool is a fully automated cyber security tool that has the potential to find out secret files from the target domain. This tool is developed in the Python language and it’s available on the GitHub platform for free.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Snallygaster Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/hannob/snallygaster.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd snallygaster

Step 3: You are in the directory of the snallygaster. Now you have to install the dependencies using the following command.

sudo pip3 install -r requirements.txt

Step 4: Now install the tool by running the setup.py file.

sudo python3 setup.py install

Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

snallygaster -h

Working with Snallygaster Tool on Kali Linux OS

Example 1: Scanning on geeksforgeeks.org domain (secured)

snallygaster geeksforgeeks.org

We are scanning for secret files on geeksforgeeks.org’s target domain.

Unfortunately, we haven’t got any secret files on the geeksforgeeks.org domain.

Example 2: Scanning secret files on zero.webappsecurity.com domain.

snallgaster zero.webappsecurity.com

In this example, we are scanning for the secret files on the zero.webappsecurity.com domain.

We have got the secret file that is present on the zero.webappsecurity.com domain.

After visiting the URL, we have got the information about the server like its versions built to date and many more.


Like Article
Suggest improvement
Previous
sigurlfind3r - Passive reconnaissance tool for known URLs discovery
Next
Webscreenshot - Simple Script To Screenshot A List Of Websites
Share your thoughts in the comments

Similar Reads

How to Automatically Redirect HTTP to HTTPS on Apache Servers?
Juumla - Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla
Git-Secret - Go Script For Finding An API Key / Some Keywords In Repository
How to Run Multiple Commands on Multiple Linux Servers
How to Monitor System Usage, Outages and Troubleshoot Linux Servers
Best Linux mail servers in 2023
How to start nmap and run a simple scan ?
How to Scan Vulnerabilities of Websites using Nikto in Linux?
Golismero - Scan Website, Vulnerability Scanning, WEB Server in Kali Linux
CRLFuzz - A Linux Tool To Scan CRLF Vulnerability Written in Go

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox