:・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
(ノ◕ヮ◕)ノ*:・゚✧:::::𝓛𝓸𝓼𝓽 & 𝓕𝓸𝓾𝓷𝓭:::::。.:☆*:・'(*⌒―⌒*)))
:・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
The tool helps you find broken, wrong and expired assets on any application.
usage: LostAndFound.py - [-h] - [-u URL | -a APK | -d DIR | -i IPA | -b BIN | -t TXT | -p PROXY]
options:
-h, --help show this help message and exit
-u URL, --url URL URL to check
-a APK, --apk APK APK to check
-d DIR, --dir DIR Directory of Source Code to check
-i IPA, --ipa IPA IPA to check
-b BIN, --bin BIN Binary to check
-t TXT, --txt TXT Text file to check
-p PROXY, --proxy PROXY
Proxy to check
First input the desired application to check, the tool will then extract every URL it finds and pass it to the respective checkers. The checker will look if the URL has a broken asset, a expired domain, etc.
$ python3 LostAndFound.py -u http://aratu.boitatech.com.br/
:・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
(ノ◕ヮ◕)ノ*:・゚✧ 𝓛𝓸𝓼𝓽 & 𝓕𝓸𝓾𝓷𝓭 。.:☆*:・'(*⌒―⌒*)))
:・゚✧:・゚✧:☆*:✧:・゚✧::☆*:・゚✧::☆*::・゚:☆*:゚✧:・゚:☆*::・゚:☆*::・゚✧
URL: http://aratu.boitatech.com.br/
- ['https://aratu.boitatech.com.br', 'https://aratu.boitatech.com.br/images-event/meta-image.png', 'https://aratu.boitatech.com.br', 'https://aratu.boitatech.com.br/images-event/meta-image.png', 'https://platform-api.sharethis.com/js/sharethis.js#property=6254e99180366d0019fc1adf&product=sticky-share-buttons', 'https://forms.gle/oLHmm4V6HzZxr2Pr6', 'https://discord.gg/7xrXqR8x5T', 'https://ctf-api.boitatech.com.br/login', 'https://www.hakaioffensivesecurity.com/', 'https://crowsec.com.br/', 'https://hackingclub.com/', 'https://www.bughunt.com.br/', 'https://www.convisoappsec.com/', 'https://idwall.co/', 'https://www.faculdadevincit.edu.br/cursos', 'https://discord.gg/7xrXqR8x5T', 'https://twitter.com/boitatech', 'https://instagram.com/boitatech', 'https://github.com/boitatech', 'https://www.googletagmanager.com/gtag/js?id=G-SJF22ZP7FR']
100%|█████████████████████████████████████████████████████████████████████████████████| 14/14 - [00:01<00:00, 13.61it/s]
They check (duh) if this asset is broken.
- npm
- github
- TikTok
- Youtube
- domain
- bitbucket
- gitlab
- rubygems
- pypi
- packagist/composer
- S3
- buckets
Given an input, they extract (duh again) all the URLS they find and pass them to the respective checkers.
- apk
- ipa
- website
- binary
- Burp Plugin
- source code
The tool also can be used inside Burp Suite. Load burp_plugin/LostAndFound_burp_plugin.py using Jython. The plugin is fully passive and will only check the passing requests.