bitquark / shortscan Goto Github PK
View Code? Open in Web Editor NEWAn IIS short filename enumeration tool
License: MIT License
An IIS short filename enumeration tool
License: MIT License
How do we create or upload a wordlist like the default one?
i've got loads of files the shortscan isn't finding full names for as it's PHP which is fine but when i choose the PHP wordlist it doesn't find them but if i use a dirbuster it does?
trying to add https://wordlists-cdn.assetnote.io/data/automated/httparchive_php_2023_12_28.txt
I would like to ask if there are any plans to support "autocomplete" for DLL Source Code Disclosure, quoted from Source Code Disclosure in ASP.NET apps
best wishes.
First of all I wanted to say thank you for the great tool! I was looking into using a wordlist with your shortutil tool, but I'm unsure of what the wordlist should contain. Would it be possible to include a few samples?
I'm unsure if it can contain directories like /iishelp/iis/misc/default.asp
Or the end directory like /misc/
Of if the word list can contain actual pages like admin.aspx
$> shortscan target.url
access to target via web browser and via ping indicate server is up and running prior to scan
Finished! Requests: 722; Retries: 0; Sent 139614 bytes; Received 274905 bytes
no shortnames are found and after running scan, and now the website is not reachable from my machine via ping or web browser.
isitdownrightnow.com also reports site as down
Could you please add more examples to the README about adding multiple headers or how to send a request to an IP with a different HOST header?
Is there any way to use NTLM authentication with this?
I can do this via a web proxy but the tool does not provide a way to use a web proxy either.
Hi,
I am working on a site and using shortscan. I get a list of 40-50 possible files and folders with different extensions. Could you add a flag to output the results in an organised matter so that they can be used in Burp Intruder or FFUF.
Example output:
ACTIVi~2.ASP ACTIVI?.ASP?
DATAPR~2.ASP DATAPR?.ASP?
RISKRE~2.ASP RISKRE?.ASP?
RISKGR~2.ASM RISKGR?.ASM?
RISKIN~2.ASP RISKIN?.ASP?
ZENDES~1.ASH ZENDES?.ASH?
I would like an output similar to this (sorted and unique), if possible (printed to terminal or stored in txt files):
ASP? files (might require some fuzzing as these are not complete names):
ACTIVI
DATAPR
RISKRE
RISKIN
ASH? files (might require some fuzzing as these are not complete names):
ZENDES
Folders (might require some fuzzing as these are not complete names):
TMP
usersd
Known files:
test.aspx
test123.aspx
Known folders:
javascript
js
This way, it is much easier to go to the next step and ffuz.
Thanks <3
Hey :)
Just adding this here for next time I have the same issue!
Once I installed shortscan, I couldn't run it just by typing shortscan but I had to type:
$HOME/go/bin/shortscan
Shortscan finds folders, make it recursive so that for each found folder, you run shortscan against them.
Hey dude,
Can you add WMSCalendar and manifest.json and productimg and NEW FOLDER to the wordlist as this has come up a few times for me so far.
Cheers
Hey dude,
Got an idea can we get an option to add a prefix to the wordlist.
that way we can do something like ASP as the prefix and then bruteforce the rest of the folder
When I use shortscan on the webroot, I sometimes get few results and the tool cannot find certain folders, unless you know the name.
For example, even though I have the folder "handlers" in my wordlist, shortscan does not find it.
If I point shortscan to site/handlers though, shortscan see the directory as vulnerable and finds files/folders.
I was wondering if it would be possible to add another flag so that shortscan goes through a wordlist of folders so that instead of me scripting it via bash, shortscan will try its magic with:
site/admin
site/js
site/docs
site/upload
site/...
You could have a short check to find vulnerable folders first and then do a complete check only on those folders that are vulnerable to reduce the amount of requests.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.