GitHub - shiblisec/Kyubi: A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.

Kyubi

A tool to discover Nginx alias traversal misconfiguration, read more https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/

Installation

OPTION 1:

git clone https://github.com/shibli2700/Kyubi.git
cd /Kyubi
sudo python3 setup.py install
pip install .

OPTION 2: Pulling the Docker Image from Docker Hub

You can pull the Docker image from Docker Hub and running it locally using the following command:

docker pull saydocerr/kyubi

docker run -it saydocerr/kyubi

Options

usage: kyubi [-h] [-v] [-a] url

This tool checks nginx alias traversal misconfiguration.

positional arguments:
  url         URL of the target

optional arguments:
  -h, --help  show this help message and exit
  -v          increase verbosity
  -a          append segment in the end

Usage

$ kyubi -v https://127.0.0.1/resources/images/users/profile/profile.png

Future Addition

Brute forcing with filenames and directories.
Web Interface.

README.md

Kyubi

Installation

OPTION 1:

OPTION 2: Pulling the Docker Image from Docker Hub

Options

Usage

Future Addition

About

Releases

Packages

Contributors 3

Languages

shiblisec/Kyubi

Sign In Required

Launching GitHub Desktop

Launching GitHub Desktop

Launching Xcode

Launching Visual Studio Code

Latest commit

Git stats

Files

README.md

Kyubi

Installation

OPTION 1:

OPTION 2: Pulling the Docker Image from Docker Hub

Options

Usage

Future Addition

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages