moeinfatehi / Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
GNU General Public License v3.0
160 stars 29 forks source link
application-security appsecurity backupfinder burp burp-extensions burpsuite burpsuite-extender data-leakage owasp owasp-top-10 owasp-top-ten penetration-testing pentesting portswigger sensitive-data-exposure

Backup-Finder: Advanced Webserver File Analysis Tool

Backup-Finder is an innovative Burp Suite extension designed to meticulously scan webservers for backup, old, temporary, and unreferenced files that may contain sensitive information. By leveraging both dynamic and static payload generation, this tool surpasses traditional backup finder tools, adapting its search patterns to the specific target being tested. It's an indispensable tool for security professionals and penetration testers aiming to uncover potential vulnerabilities in web applications.

Key Features:

Why Should I Use This Extension?

Backup-Finder excels where other tools might fall short. Consider a web application with the following directory structure:

/
├───upload
│   ├───index.php
│   ├───index.php~
│   ├───index.php.bkup
│   └───upload.zip
├───users
│   └───catalog.zip
└───WeirdDirName
    ├───index.php
    ├───captcha.php
    ├───captcha.php.old
    └───WeirdDirName.tar.gz

A crawler will detect this structure:

/
├───upload    #Dir
├───├─── /
├───└───users    #Dir
├───────├─── /
├───WeirdDirName    #Dir
├───├─── /
├───├───captcha.php

While most tools rely on static payloads, Backup-Finder dynamically generates payloads based on this structure, effectively identifying files like index.php~, upload.zip, and WeirdDirName.tar.gz that others might miss.

This extension will find all backup, old and temp files in this scenario:

References

"Backup-Finder" aligns with key security standards and methodologies, underscoring its effectiveness in web application security:

  1. OWASP Web Security Testing Guide (WSTG):

    • WSTG-CONF-04: Testing for File and Directory Information Leakage - Directly relevant to "Backup-Finder's" core functionality. More Info
  2. OWASP Top Ten - A6:2017-Security Misconfiguration:

    • Addresses issues related to insecure default configurations and misconfigurations leading to information leakage. More Info
  3. CWE (Common Weakness Enumeration):

    • CWE-538: File and Directory Information Exposure - Concerns the exposure of sensitive information through files and directories. More Info
    • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer - Relevant for identifying sensitive data in backup files. More Info
  4. WASC (Web Application Security Consortium):

    • WASC-13: Information Leakage - Includes the exposure of sensitive information through improperly secured files. More Info
  5. MITRE ATT&CK Framework:

    • Unsecured Credentials (T1552): Relevant if the tool helps identify backup files containing sensitive credentials. More Info

By adhering to these standards and methodologies, "Backup-Finder" demonstrates its commitment to robust web application security practices, making it a valuable tool for security professionals and penetration testers.

Installation

Using BApp Store [Quickest]

  1. Open Burp Suite.
  2. Navigate to Extender -> BApp Store.
  3. Search for and install the "Backup Finder" Extension.

Load The JAR File

  1. Download the BackupFinder.jar file from the repository or build it from the source code.
  2. Open Burp Suite.
  3. Go to Extender -> Extensions -> Add.
  4. Select the BackupFinder.jar file and add it to Burp Suite.
  5. A new tab for "Backup Finder" will be added to the Burp Suite interface.

How to Use Backup-Finder

  1. Select a Request: Choose a target host request from any tab in Burp Suite.
  2. Configure Options: In the "backupFinder -> Finder -> options" tab, set your preferred configurations.
  3. Start Scanning: Navigate to the "backupFinder -> Finder -> Finder" tab and initiate the scanning process.

Pro Tips [Fine Tuning]:

Customization Options

Build From Source Code

  1. Ensure you have Gradle installed.
  2. Clone the repository: git clone https://github.com/moeinfatehi/Backup-Finder
  3. Navigate to the main directory (where build.gradle exists) and run: gradle makeJar
  4. The Jar file will be generated in build/libs/Backup-finder.jar

Disclaimer

This program is for educational purposes ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that I'm not liable for any damages caused by the direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (data loss, system crash, system compromise, etc.) caused by the use of this program is not my responsibility.

Contributing to Backup-Finder

We welcome contributions from the community! Whether you're reporting bugs, suggesting enhancements, or submitting code changes, your input is valuable to the project's success.

Reporting Bugs

Please use the GitHub Issues page to report bugs. Include detailed steps to reproduce the issue, any error messages you encountered, and the expected vs. actual behavior.

Feature Requests

Have an idea for a new feature or an enhancement to an existing one? Open an issue on GitHub with the label feature request. Please describe the feature in detail, including its potential benefits and use cases.

Code Contributions

If you'd like to contribute code:

  1. Fork the repository.
  2. Create a new branch for your feature or fix.
  3. Write clean, well-commented code.
  4. Ensure your changes are thoroughly tested.
  5. Submit a pull request with a clear description of the changes and any relevant issue numbers.

Improving Documentation

Help make our documentation better by correcting errors, adding new examples, or writing tutorials. Submit your changes as a pull request, and we'll review them promptly.

Thank you for contributing to Backup-Finder!

Contact

If you have any further questions, please don't hesitate to contact me via my Twitter account.