Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because it could validate the directories using specific-word or 2 words at once and the results will more accurate.
It will help you to find:
- Web administrator/login panel
- Credential in some paths
- Third-party token
git clone https://github.com/xchopath/pathprobercd pathprober/
pip3 install -r requirements.txt
- Multiple URL targets (in a file separated by newline) or single URL target
- Multiple paths (in a file separated by newline) or single path
- 1 word or 2 words (filter)
- Save valid results to another file
Multiple target, multiple path, and multiple words:
python3 pathprober.py -T target.txt -P path.txt -w "APP_NAME" -w2 "DB_PASSWORD"
Single target, multiple path, and single word:
python3 pathprober.py -t https://redacted.com/ -P path.txt -w "APP_NAME"
Multiple target, single path, multiple words, and save output to file:
python3 pathprober.py -T target.txt -p /.env -w "APP_NAME" -w2 "TWILIO" -o output.txt
Need more help?
bash:~/pathprober$ python3 pathprober.py --help ___ ____ ___ _ _ ___ ____ ____ ___ ____ ____ |__] |__| | |__| |__] |__/ | | |__] |___ |__/ | | | | | | | | \ |__| |__] |___ | \ Probe HTTP pathname filtered by wordsusage: pathprober.py [-h] [-t https://example.com] [-p pathname] [-T target.txt] [-P path.txt] [-w Word] [-w2 Word] [-o output.txt]PathProber - Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at onceoptional arguments: -h, --help show this help message and exit -t https://example.com Single website target -p pathname Single pathname -T target.txt Multiple target separated by newline -P path.txt Multiple pathname separated by newline -w Word A word that you want to find in a path -w2 Word A secon d word that you want to find in a path -o output.txt Save the results to file