Skip to content

caioluders/LostAndFound

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
burp_plugin
burp_plugin
 
 
checkers
checkers
 
 
extractors
extractors
 
 
.gitignore
.gitignore
 
 
LostAndFound.py
LostAndFound.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
utils.py
utils.py
 
 

Repository files navigation

Lost & Found

    :・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
    (ノ◕ヮ◕)ノ*:・゚✧:::::𝓛𝓸𝓼𝓽 & 𝓕𝓸𝓾𝓷𝓭:::::。.:☆*:・'(*⌒―⌒*)))
    :・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧

The tool helps you find broken, wrong and expired assets on any application.

Usage

usage: LostAndFound.py - [-h] - [-u URL | -a APK | -d DIR | -i IPA | -b BIN | -t TXT | -p PROXY]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL to check
  -a APK, --apk APK     APK to check
  -d DIR, --dir DIR     Directory of Source Code to check
  -i IPA, --ipa IPA     IPA to check
  -b BIN, --bin BIN     Binary to check
  -t TXT, --txt TXT     Text file to check
  -p PROXY, --proxy PROXY
                        Proxy to check

First input the desired application to check, the tool will then extract every URL it finds and pass it to the respective checkers. The checker will look if the URL has a broken asset, a expired domain, etc.

$ python3 LostAndFound.py -u http://aratu.boitatech.com.br/

    :・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
    (ノ◕ヮ◕)ノ*:・゚✧     𝓛𝓸𝓼𝓽 & 𝓕𝓸𝓾𝓷𝓭         。.:☆*:・'(*⌒―⌒*)))
    :・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
	
URL:  http://aratu.boitatech.com.br/
- ['https://aratu.boitatech.com.br', 'https://aratu.boitatech.com.br/images-event/meta-image.png', 'https://aratu.boitatech.com.br', 'https://aratu.boitatech.com.br/images-event/meta-image.png', 'https://platform-api.sharethis.com/js/sharethis.js#property=6254e99180366d0019fc1adf&product=sticky-share-buttons', 'https://forms.gle/oLHmm4V6HzZxr2Pr6', 'https://discord.gg/7xrXqR8x5T', 'https://ctf-api.boitatech.com.br/login', 'https://www.hakaioffensivesecurity.com/', 'https://crowsec.com.br/', 'https://hackingclub.com/', 'https://www.bughunt.com.br/', 'https://www.convisoappsec.com/', 'https://idwall.co/', 'https://www.faculdadevincit.edu.br/cursos', 'https://discord.gg/7xrXqR8x5T', 'https://twitter.com/boitatech', 'https://instagram.com/boitatech', 'https://github.com/boitatech', 'https://www.googletagmanager.com/gtag/js?id=G-SJF22ZP7FR']
100%|█████████████████████████████████████████████████████████████████████████████████| 14/14 - [00:01<00:00, 13.61it/s]

Checkers

They check (duh) if this asset is broken.

  • npm
  • twitter
  • github
  • TikTok
  • instagram
  • Youtube
  • domain
  • bitbucket
  • gitlab
  • rubygems
  • pypi
  • packagist/composer
  • S3
  • buckets

Extractors

Given an input, they extract (duh again) all the URLS they find and pass them to the respective checkers.

  • apk
  • ipa
  • website
  • binary
  • Burp Plugin
  • source code

Burp Plugin

The tool also can be used inside Burp Suite. Load burp_plugin/LostAndFound_burp_plugin.py using Jython. The plugin is fully passive and will only check the passing requests.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

16 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 4

  •  
  •  
  •  
  •  

Languages