testing for 7z files backup file

hannob / snallygaster

Tool to scan for secret files on HTTP servers

BSD Zero Clause License

2.07k stars 228 forks source link

testing for 7z files backup file #62

Closed security-companion closed 3 years ago

security-companion commented 3 years ago

I suggest to add testing for 7z files backup file I uploaded a test file (backup.7z) to my webspace and the file was identified correctly as 7z

hannob commented 3 years ago

We can consider that, I'd run some tests how prevalent this is before. However we should check the full 7z file signature, not just the first 2 bytes. That looks too likely for a false positive to me. That should be '7z\xBC\xAF\x27\x1C' according to https://en.wikipedia.org/wiki/List_of_file_signatures

security-companion commented 3 years ago

Thanks for the hint, I adapted the pull request.

hannob commented 3 years ago

I made a scan with this added on the alexa top 1 million and it found zero instances of a 7z backup file. (It also found zero .bz2 or .xz archives...) Given these numbers I'm currently not keen on adding more file formats... I guess maybe people who leave backups on their servers are less likely to use unconventional compression formats.

security-companion commented 3 years ago

Thanks for checking on this, I completely understand that you didn't want to merge this.