Installation • Tool options • Usage • License
BackupKiller is a tool to generate wordlist based on the URLs to check for backup, installation, etc files.
git clone https://github.com/Q0120S/BackupKiller.git
cd BackupKiller
pip install -r requirements.txt
python3 fback.py -hYou can add this tool to your bashrc for ease of use:
fback() {
python3 /path/to/your/tool/fback.py "$@"
}-pattern: You can define your pattern to get your desired output-extensions: Add extensions-wordlistonly: Use this option to generate a wordlist to use in feature fuzzing-levels: Choose the level you want to use in generation from the extensions.json-backup-levels: Choose the backup level you want to use in generation from the extensions.json-compress-levels: Choose the compress level you want to use in generation from the extensions.json-date-custom: Define your own date format for generation, e.g. '$full_domain.%y-%m-%d.$ext' [separated by comma]-date-default: Choose this option to use the default date format in patterns.json
python3 fback.py -hThis will display help for the tool. Here are all the switches it supports.
usage: fback.py [-h] [-p PATTERN_FILE] [-e EXTENSIONS_FILE] [-o OUTPUT_FILE] [-wo] [-jo] [-l LEVELS] [-bl BACKUP_LEVELS]
[-cl COMPRESS_LEVELS] [-w WORDLIST] [-dm] [-dc DATE_CUSTOM] [-dd] [-yr YEAR_RANGE] [-mr MONTH_RANGE]
[-dr DAY_RANGE] [-nr NUMBER_RANGE] [-s]
Fback is a fast and dynamic tool to generate wordlist to find backup files.
options:
-h, --help show this help message and exit
Flags:
INPUT:
-p PATTERN_FILE, -pattern PATTERN_FILE
Pattern File Name (default "pattern.json")
-e EXTENSIONS_FILE, -extensions EXTENSIONS_FILE
Input file containing list of extensions with levels (default "extensions.json")
-o OUTPUT_FILE, -output OUTPUT_FILE
Name of the output file
OUTPUT:
-wo, -wordlistonly Wordlist only
-jo, -json-output Wordlist only in JSON format
LEVELS MANAGEMENT:
-l LEVELS, -levels LEVELS
Backup & Compress extensions level(s) [min:1 max:10] (default "1,2")
-bl BACKUP_LEVELS, -backup-levels BACKUP_LEVELS
Backup extensions level(s) [min:1 max:10]
-cl COMPRESS_LEVELS, -compress-levels COMPRESS_LEVELS
Compress extensions level(s) [min:1 max:10]
MAIN METHODS:
-w WORDLIST, -wordlist WORDLIST
Wordlist method, to generate by words
DATE METHODS:
-dm, -date-method Enable Date Method
-dc DATE_CUSTOM, -date-custom DATE_CUSTOM
Custom Date format, e.g. '$full_domain.%y-%m-%d.$ext' [separated by comma]
-dd, -date-default Use default formats for date method in patterns.json
-yr YEAR_RANGE, -year-range YEAR_RANGE
Range of years (default "2019-2022")
-mr MONTH_RANGE, -month-range MONTH_RANGE
Range of months [min:1 max:12] (default "2,3")
-dr DAY_RANGE, -day-range DAY_RANGE
Range of days [min:1 max:31] (default "1-3")
OTHER OPTIONS:
-nr NUMBER_RANGE, -number-range NUMBER_RANGE
Range of $num var in patterns (default "1,2")
-s, -silent Silent modeSimple usage:
cat sample_urls.txt | python3 fback.py -w wordlist.txt -sOutput:
https://example.com/example.com.tar.xz
https://example.com/.example.bk
https://subs.example.com/fullbackup.bundle
https://example.com/passwords.txt.tar.bzip2.1
https://subs.example.com/files/.bak2
https://subs.example.com/logs.spg
https://example.com/search/.pack
https://subs.example.com/files/passwords.txt.save.1
https://subs.example.com/files/passwords.txt/install.tar.bzip2
https://example.com/passwords.txt.tig
https://example.com/path/.passwords.txt.swp.2
https://example.com/path/backup.gz2
[more]
...Advance usage:
cat sample_urls.txt | python3 fback.py -s -p patterns.json -e extensions.json -w wordlist.txt -dm -yr 2020-2022 -mr 1-
4 -dr 10-20 -dd -bl 1 -cl 1Output
https://example.com/example.com.20210215.bkup
https://example.com/path/example.2022-04-19.old
https://subs.example.com/files/example.com.20200110.save
https://subs.example.com/files/example.com.20200117.back
https://example.com/example.com.20220116.sav
https://example.com/example.com.2022-03-18.save
https://subs.example.com/files/example.com.20220114.back
https://example.com/path/example.com.2022-04-19.~
https://subs.example.com/search/.swp
https://example.com/example.2021-01-11.bckp
https://example.com/path/subs.example.com.2021-03-12.backup1
https://subs.example.com/files/subs.example.com.20210112.swp
https://example.com/search/2021-01-18.backup
https://example.com/path/subs.example.com.20200312.bckp
https://subs.example.com/files/subs.example.com.2021-03-17.old
[more]
...This project is licensed under the MIT license. See the LICENSE file for details.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent