forked from PortSwigger/BChecks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexposed-backup-file.bcheck
28 lines (24 loc) · 1.03 KB
/
exposed-backup-file.bcheck
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
metadata:
language: v2-beta
name: "Path-level"
description: "Tests for exposed backup files"
author: "Carlos Montoya"
run for each:
# you could add more values to this list to make the check repeat
extension = ".bak", ".back", ".backup", ".old"
given path then
if not({base.response.status_code} is "404") then
send request called check:
replacing path: {regex_replace({base.response.url.path}, "(.)/?$", `$1{extension}`)}
if {check.response.status_code} is {base.response.status_code} then
send request called garbage:
replacing path: {regex_replace({base.response.url.path}, "(.)/?$", `$1.{random_str(10)}`)}
if {garbage} differs from {check} then
report issue and continue:
severity: info
confidence: firm
detail: `Backup file found at {check.request.url}`
remediation: "Ensure your backup files are not exposed."
end if
end if
end if