FindEverything 搜寻指定文件敏感信息

工具概述

当对内网束手无策的时候，入口机器上面说不定藏着突破口，翻找本地的文件和建立的网络连接就是手法

这里也提供一个文件内容敏感词的字典，需要可以自己去整理，如下:

jdbc:
user=
password=
key=
ssh-
ldap:
mysqli_connect
sk-

扩展

jdbc:
user=
password=
key=
ssh-host=
ssh-port=
ssh-user=
ssh-private-key=
ldap:
url=
bind-user=
bind-password=
base-dn=
search-filter=
mysqli_connect=
db-name=
api-key=
secret-token=
client-secret=
access-token=
refresh-token=
smtp-server=
smtp-user=
smtp-password=
third-party-api-key=
oauth-client-id=
oauth-client-secret=
session-secret=
encryption-key=
storage-access-key=
storage-secret-key=
webhook-url=
database-url=
cache-password=
service-account-key=
jwt-secret=
api-secret=
payment-gateway-key=
files-access-token=
ftp-username=
ftp-password=
kafka-broker-url=
kafka-consumer-group=
rabbitmq-url=
rabbitmq-username=
rabbitmq-password=
docker-hub-username=
docker-hub-password=
cloud-storage-key=
cloud-storage-secret=
push-notification-key=
biometric-encryption-key=
rate-limiter-secret=
sso-provider-url=
sso-client-id=
sso-client-secret=
healthcheck-token=
wechat-app-id=
wechat-app-secret=
alipay-app-id=
alipay-private-key=
alipay-public-key=
baidu-api-key=
baidu-secret-key=
tencent-cloud-secret-id=
tencent-cloud-secret-key=
dingtalk-webhook-url=
server-addr=
namespace=
data-id=
group=
username=
access-key=
secret-key=
config-type=
tenant=

通过快速遍历机器文件，去寻找这些关键词，可以找到突破口。

工具使用

Python3环境

python3 FindEverything.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c "password=" -d D:/
python3 FindEverything.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql
python3 FindEverything.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt

Python2环境

python2 FindEverything-py2.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c "password=" -d D:/
python2 FindEverything-py2.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql
python2 FindEverything-py2.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.tx

项目地址

https://github.com/AabyssZG/FindEverything

原文始发于微信公众号（云梦安全）：FindEverything 搜寻指定文件敏感信息