Menu

Tree [73a74a] main /
 History

HTTPS git://
HTTPS access

File Date Author Commit
 LICENSE 2024-11-26 diraka diraka [d44433] Initial commit
 README.md 2024-11-26 diraka diraka [73a74a] Update README.md
 dir-aka.zip 2024-11-26 diraka diraka [d8ed9b] Add files via upload
 diraka.py 2024-11-26 diraka diraka [488095] Update diraka.py

Read Me

The Dir-aka Vulnerability Scanner is a Python-based security tool designed for cybersecurity professionals and system administrators to analyze and secure web servers against unauthorized access. This tool identifies sensitive files and folders on a target web server, filters content by file extensions, and highlights potential misconfigurations or vulnerabilities in publicly accessible directories.

By scanning for directory indexing, probing for commonly targeted paths, and analyzing HTTP responses, the scanner helps professionals preemptively mitigate risks such as data exposure, credential leaks, and unauthorized access.

Key Features

  1. Directory Enumeration:
  2. Scans directories for exposed files and folders.

  3. Automatically detects directory indexing if enabled.

  4. File Extension Filtering:

  5. Filters results based on user-defined file extensions (e.g., .php, .html, .txt) for precise discovery.

  6. Probing for Common Paths:

  7. Tests predefined paths like /admin/, /uploads/, .git/, and config.php for potential vulnerabilities.

  8. Authentication Support:

  9. Supports HTTP Basic Authentication for scanning protected resources.

  10. Error Handling:

  11. Parses custom error pages (404 responses) for hidden links or misconfigured error handling.

  12. Flexible Deployment:

  13. Simple CLI-based design suitable for standalone use or integration with larger security workflows.

Documentation

1. Prerequisites

To run the Directory Vulnerability Scanner, ensure the following:
- Python: Version 3.6 or higher.
- Libraries:
- requests for HTTP requests.
- BeautifulSoup (from bs4) for HTML parsing.
- requests.auth for handling HTTP Basic Authentication.

Install the dependencies using for linux:

pip install requests beautifulsoup4

2. How It Works

The tool operates in three stages:

  1. Input:

  2. The user provides the target URL, optional authentication credentials, and file extensions for filtering.

  3. Processing:

  4. Scans the provided directory.
  5. Iterates through a predefined list of common paths to uncover hidden files and folders.

  6. Filters links by file extensions if specified.

  7. Output:

  8. Displays accessible files, directories, and potentially sensitive resources.
  9. Highlights errors (e.g., 403 Forbidden, 404 Not Found) and parses custom error pages for useful links.

3. Usage Instructions

  1. Run the Script:
    Execute the script in a terminal or command line:
    ```bash

git clone https://github.com/diraka/dir-aka.git
cd dir-aka
python diraka.py
```

  1. Provide Inputs:
  2. URL: Enter the target directory URL (e.g., https://example.com/some-directory/).
  3. Authentication: If the directory requires HTTP Basic Authentication, provide credentials.

  4. File Extensions: Specify file extensions to filter results (e.g., .php,.html) or leave blank to display all files.

  5. Example Input:
    Enter the remote directory URL: https://example.com/ Enable authentication? (yes/no): no Enter file extensions to search (comma-separated, e.g., .html,.php,.txt) or press Enter to skip: .php,.html

  6. Output:
    The tool displays:

  7. Accessible links.
  8. Detected files and directories matching the extensions.
  9. Any common paths tested.

4. Output Example

```

OS Fingerprinting

Server Header: Apache/2.4.41 (Ubuntu)
X-Powered-By: PHP/7.4.3
Target IP: 93.184.216.34
Detected TTL: 64
OS Guess: Linux/Unix

Successfully accessed: https://example.com/

Files and Directories:
index.php
contact.php
login.php

Testing Alternative Paths

Successfully accessed: https://example.com/index.html
index.html
Failed to access https://example.com/.git/. HTTP Status: 404

`

5. Customization

  • Common Paths:
    Modify the common_paths list to add or remove frequently targeted files/directories.
    Example:
    python common_paths = [ "login.php", "admin/", "backup.sql", "private/" ]

  • Error Handling:
    Enhance the error handling to capture specific HTTP statuses or implement retries for unstable networks.

6. Security Best Practices

While using this tool:
- Authorization: Use the tool only on servers you own or have explicit permission to test.
- Rate Limiting: Avoid overloading servers; use delays if necessary.
- Data Storage: Ensure that scanned data is stored securely and deleted after use.

7. Potential Applications

  1. Vulnerability Assessment:

  2. Identify misconfigured directories exposing sensitive files.

  3. Penetration Testing:

  4. Integrate with broader penetration testing workflows to probe for sensitive endpoints.

  5. Incident Response:

  6. Quickly locate potential data leaks during incident response activities.

  7. DevOps Security:

  8. Monitor environments for accidental exposure of backup files, logs, and temporary data.

8. Limitations

  • The tool cannot bypass strong authentication mechanisms or firewalls.
  • Results depend on the server's response; heavily obfuscated configurations may require additional tools.

9. Future Enhancements

  • Add multi-threading for faster scanning.
  • Integrate with vulnerability databases (e.g., CVE or OWASP).
  • Support advanced authentication methods (e.g., OAuth, JWT).

find the windows version https://diraka.github.io
This tool is a starting point for assessing directory vulnerabilities. Use it responsibly to enhance your server’s security posture.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.