SourceWolf: A surprisingly fast detector

An open source scanner, tested on machines , MAC, linux but also in WSL.

What can SourceWolf do?

  • Detect responses to find hidden endpoints, either by sending or from the local response files (if any).
  • Create a list of javascript variables from the source
  • Extract all social media links from sites to find potentially broken links
  • Brute forcing using a wordlist.
  • Get the status codes for a list of addresses / Live filtering from a list of hosts.

All the above features are performed at high speed.

  • SourceWolf uses  Session module from the request library, which means it reuses the TCP connection, making it really fast.
  • SourceWolf gives you an option to scan responses files local , so that you do not send requests again to an endpoint, to which you already have a copy of the response.
  • The endpoints are in full format with a host like https://example.com/api/admin and not like /api/admin. This can be useful when scanning a list of hosts.

Installation

  • git clone https://github.com/micha3lb3n/SourceWolf (or) Download the latest version manually!
  • cd SourceWolf /
  • pip3 install -r requirements.txt

Use

> python3 sourcewolf.py -h

-l LIST, --list LIST  List of javascript URLs
-u URL, --url URL     Single URL
-t , --threads THREADS
                      Number of concurrent threads to use (default 5)
-o OUTPUT_DIR, --output directory-name OUTPUT_DIR
                      Store URL response text in a directory for further analysis
-s STATUS_CODE_FILE, --store--code STATUS_CODE_FILE
                      Store the status code in a file
-b BRUTE, --brute BRUTE
                      Brute force URL with FUZZ  (--wordlist must also be used along with this)
-w WORDLIST, --wordlist WORDLIST
                      Wordlist for brute forcing URL
-v, --verbose         Verbose mode (displays all the requests that are being sent)
-c CRAWL_OUTPUT, --crawl-output CRAWL_OUTPUT
                      Output directory to store the crawled output
-d DELAY, --delay DELAY
                      Delay in the requests (in seconds)
--timeout TIMEOUT     Maximum time to wait for connection timing out (in seconds)
--headers HEADERS     Add custom headers (Must be passed in as {'Token': 'YOUR-TOKEN-HERE'}) --> Dictionary format
-- COOKIES     Add cookies (Must be passed in as {'Cookie': 'YOUR-COOKIE-HERE'}) --> Dictionary format
--only-success        Only print 2XX responses
--local LOCAL         Directory with local response files to crawl for
--no-colors           Remove colors from the output
--update-info         Check for the latest , and update if required

Application snapshots

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).