An open source detector, tested on Windows, MAC, linux and WSL machines.
What can it do SourceWolf;
- Detect responses to find hidden endpoints, either by sending requests or from local response files (if any).
- Create a list of javascript variables from the source
- Extract all social media links from sites to find potentially broken links
- Brute forcing using a wordlist.
- Get them codestatus for a list of URLs / Filtering of live domains from a list of hosts.
All the above features are performed at high speed.
- SourceWolf uses Session module from the request library, which means it reuses the TCP connection, making it really fast.
- SourceWolf gives you an option to scan responses files local , so that you do not send requests again to an endpoint, to which you already have a copy of the response.
- The endpoints are in full format with a host like
https://example.com/api/admin
and not like/api/admin
. This can be useful when scanning a list of hosts.
Installation
- git clone https://github.com/micha3lb3n/SourceWolf (or) Download the latest version manually!
- cd SourceWolf /
- pip3 install -r requirements.txt
Use
> python3 sourcewolf.py -h
-l LIST, --list LIST List of javascript URLs
-u URL, --url URL Single URL
-t THREADS, --threads THREADS
Number of concurrent threads to use (default 5)
-o OUTPUT_DIR, --output directory-name OUTPUT_DIR
Store URL response text in a directory for further analysis
-s STATUS_CODE_FILE, --store-status-code STATUS_CODE_FILE
Store the status code in a file
-b BRUTE, --brute BRUTE
Brute force URL with FUZZ keyword (--wordlist must also be used along with this)
-w WORDLIST, --wordlist WORDLIST
Wordlist for brute forcing URL
-v, --verbose Verbose mode (displays all the requests that are being sent)
-c CRAWL_OUTPUT, --crawl-output CRAWL_OUTPUT
Output directory to store the crawled output
-d DELAY, --delay DELAY
Delay in the requests (in seconds)
--timeout TIMEOUT Maximum time to wait for connection timing out (in seconds)
--headers HEADERS Add custom headers (Must be passed in as {'Token': 'YOUR-TOKEN-HERE'}) --> Dictionary format
--cookies COOKIES Add cookies (Must be passed in as {'Cookie': 'YOUR-COOKIE-HERE'}) --> Dictionary format
--only-success Only print 2XX responses
--local LOCAL Directory with local response files to crawl for
--no-colors Remove colors from the output
--update-info Check for the latest version, and update if required
Application snapshots
You can download it program from here.