├── pic ├── readme.md └── FindEverything.png ├── LICENSE ├── FindEverything-py2.py ├── FindEverything-notqdm.py ├── FindEverything.py ├── README.md └── FindEverything.sh /pic/readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /pic/FindEverything.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AabyssZG/FindEverything/HEAD/pic/FindEverything.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 曾哥 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /FindEverything-py2.py: -------------------------------------------------------------------------------- 1 | import os 2 | import argparse 3 | 4 | def logo(): 5 | logo0 = ''' 6 | _______ ______ _____ ____ __ 7 | / ____(_)___ ____/ / __ \/ ___/ / __ \__ __/ /_ 8 | / /_ / / __ \/ __ / / / /\__ \______/ / / / / / / __/ 9 | / __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_ 10 | /_/ /_/_/ /_/\__,_/\____//____/ \____/\__,_/\__/ 11 | ''' 12 | print(logo0) 13 | 14 | def search_files(directory, extensions): 15 | files = [] 16 | for root, _, filenames in os.walk(directory): 17 | for filename in filenames: 18 | for extension in extensions: 19 | if filename.endswith(extension): 20 | files.append(os.path.join(root, filename)) 21 | return files 22 | 23 | def search_content(file_path, content): 24 | matching_lines = [] 25 | try: 26 | with open(file_path, 'r') as file: 27 | for line_num, line in enumerate(file, 1): 28 | try: 29 | if content in line: 30 | matching_lines.append((line_num, line)) 31 | except UnicodeDecodeError as e: 32 | print("[-] Unicode decode error in file %s, line %d: %s" % (file_path, line_num, e)) 33 | return matching_lines 34 | except: 35 | print("[-] Error file %s" % (file_path)) 36 | 37 | def write_to_file(output_file, file_path, matching_lines): 38 | with open(output_file, 'a') as f: 39 | f.write("[+] File Path: %s\n" % file_path) 40 | f.write("[=] Line Rows: %d\n" % len(matching_lines)) 41 | for line_num, line in matching_lines: 42 | f.write("[~] In Line %d: %s\n" % (line_num, line.strip())) 43 | f.write("\n") 44 | 45 | def main(): 46 | parser = argparse.ArgumentParser(description="FindOS-Out") 47 | parser.add_argument("-n", "--name", help="Specify the suffix", required=True) 48 | parser.add_argument("-c", "--content", help="Specify file content", required=True) 49 | parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt") 50 | parser.add_argument("-d", "--directory", help="Target directory", default="./") 51 | args = parser.parse_args() 52 | 53 | directory = args.directory 54 | extensions = args.name.split(',') 55 | content = args.content 56 | output_file = args.output 57 | 58 | files = search_files(directory, extensions) 59 | 60 | for file_path in files: 61 | matching_lines = search_content(file_path, content) 62 | if matching_lines: 63 | write_to_file(output_file, file_path, matching_lines) 64 | 65 | if __name__ == "__main__": 66 | logo() 67 | print("[+] Runing Search..") 68 | main() 69 | print("[+] Out to findout.txt..") 70 | -------------------------------------------------------------------------------- /FindEverything-notqdm.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import os 5 | import argparse 6 | 7 | def logo(): 8 | logo0 = r''' 9 | _______ ______ _____ ____ __ 10 | / ____(_)___ ____/ / __ \/ ___/ / __ \__ __/ /_ 11 | / /_ / / __ \/ __ / / / /\__ \______/ / / / / / / __/ 12 | / __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_ 13 | /_/ /_/_/ /_/\__,_/\____//____/ \____/\__,_/\__/ 14 | ''' 15 | print(logo0) 16 | 17 | def search_files(directory, extensions): 18 | files = [] 19 | for root, _, filenames in os.walk(directory): 20 | for filename in filenames: 21 | for extension in extensions: 22 | if filename.endswith(extension): 23 | files.append(os.path.join(root, filename)) 24 | return files 25 | 26 | def search_content(file_path, content): 27 | matching_lines = [] 28 | try: 29 | with open(file_path, 'r', encoding='utf-8', errors='ignore') as file: 30 | for line_num, line in enumerate(file, 1): 31 | try: 32 | if content in line: 33 | matching_lines.append((line_num, line)) 34 | except UnicodeDecodeError as e: 35 | print(f"[-] Unicode decode error file {file_path}, line {line_num}: {e}") 36 | print() 37 | return matching_lines 38 | except: 39 | print(f"[-] Error file {file_path}") 40 | print() 41 | 42 | def write_to_file(output_file, file_path, matching_lines): 43 | with open(output_file, 'a', encoding='utf-8') as f: 44 | f.write(f"[+] File Path: {file_path}\n") 45 | f.write(f"[=] Line Rows: {len(matching_lines)}\n") 46 | for line_num, line in matching_lines: 47 | f.write(f"[~] In Line {line_num}: {line.strip()}\n") 48 | f.write("\n") 49 | 50 | def main(): 51 | parser = argparse.ArgumentParser(description="FindOS-Out") 52 | parser.add_argument("-n", "--name", help="Specify the suffix", required=True) 53 | parser.add_argument("-c", "--content", help="Specify file content", required=True) 54 | parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt") 55 | parser.add_argument("-d", "--directory", help="Target directory", default="./") 56 | args = parser.parse_args() 57 | 58 | directory = args.directory 59 | extensions = args.name.split(',') 60 | content = args.content 61 | output_file = args.output 62 | 63 | files = search_files(directory, extensions) 64 | 65 | for file_path in files: 66 | matching_lines = search_content(file_path, content) 67 | if matching_lines: 68 | write_to_file(output_file, file_path, matching_lines) 69 | 70 | if __name__ == "__main__": 71 | logo() 72 | print("[+] Runing Search..") 73 | main() 74 | print("[+] Out to findout.txt..") 75 | -------------------------------------------------------------------------------- /FindEverything.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import os 5 | import argparse 6 | from tqdm import tqdm 7 | 8 | def logo(): 9 | logo0 = r''' 10 | _______ ______ _____ ____ __ 11 | / ____(_)___ ____/ / __ \/ ___/ / __ \__ __/ /_ 12 | / /_ / / __ \/ __ / / / /\__ \______/ / / / / / / __/ 13 | / __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_ 14 | /_/ /_/_/ /_/\__,_/\____//____/ \____/\__,_/\__/ 15 | ''' 16 | print(logo0) 17 | 18 | def search_files(directory, extensions): 19 | files = [] 20 | for root, _, filenames in os.walk(directory): 21 | for filename in filenames: 22 | for extension in extensions: 23 | if filename.endswith(extension): 24 | files.append(os.path.join(root, filename)) 25 | return files 26 | 27 | def search_content(file_path, content): 28 | matching_lines = [] 29 | try: 30 | with open(file_path, 'r', encoding='utf-8', errors='ignore') as file: 31 | for line_num, line in enumerate(file, 1): 32 | try: 33 | if content in line: 34 | matching_lines.append((line_num, line)) 35 | except UnicodeDecodeError as e: 36 | print(f"[-] Unicode decode error file {file_path}, line {line_num}: {e}") 37 | print() 38 | return matching_lines 39 | except: 40 | print(f"[-] Error file {file_path}") 41 | print() 42 | 43 | def write_to_file(output_file, file_path, matching_lines): 44 | with open(output_file, 'a', encoding='utf-8') as f: 45 | f.write(f"[+] File Path: {file_path}\n") 46 | f.write(f"[=] Line Rows: {len(matching_lines)}\n") 47 | for line_num, line in matching_lines: 48 | f.write(f"[~] In Line {line_num}: {line.strip()}\n") 49 | f.write("\n") 50 | 51 | def main(): 52 | parser = argparse.ArgumentParser(description="FindOS-Out") 53 | parser.add_argument("-n", "--name", help="Specify the suffix", required=True) 54 | parser.add_argument("-c", "--content", help="Specify file content", required=True) 55 | parser.add_argument("-o", "--output", help="Specify output file", default="findout.txt") 56 | parser.add_argument("-d", "--directory", help="Target directory", default="./") 57 | args = parser.parse_args() 58 | 59 | directory = args.directory 60 | extensions = args.name.split(',') 61 | content = args.content 62 | output_file = args.output 63 | 64 | files = search_files(directory, extensions) 65 | 66 | for file_path in tqdm(files, desc="Searching files", unit="file"): 67 | matching_lines = search_content(file_path, content) 68 | if matching_lines: 69 | write_to_file(output_file, file_path, matching_lines) 70 | 71 | if __name__ == "__main__": 72 | logo() 73 | print("[+] Runing Search..") 74 | main() 75 | print("[+] Out to findout.txt..") 76 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![FindEverything](https://socialify.git.ci/AabyssZG/FindEverything/image?description=1&descriptionEditable=%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E8%BF%87%E7%A8%8B%E4%B8%AD%E6%90%9C%E5%AF%BB%E6%8C%87%E5%AE%9A%E6%96%87%E4%BB%B6%E5%86%85%E5%AE%B9%EF%BC%8C%E4%BB%8E%E8%80%8C%E6%89%BE%E5%88%B0%E7%AA%81%E7%A0%B4%E5%8F%A3%E7%9A%84%E4%B8%80%E6%AC%BE%E5%B0%8F%E5%B7%A5%E5%85%B7&font=Rokkitt&forks=1&issues=1&language=1&logo=https%3A%2F%2Favatars.githubusercontent.com%2Fu%2F54609266%3Fv%3D4&name=1&owner=1&pattern=Charlie%20Brown&stargazers=1&theme=Dark) 2 | 3 | ## ✈️ 工具概述 4 | 5 | 当对内网束手无策的时候,入口机器上面说不定藏着突破口,翻找本地的文件和建立的网络连接就是手法 6 | 7 | 这里也提供一个文件内容敏感词的字典,需要可以自己去整理,如下: 8 | 9 | ``` 10 | jdbc: 11 | user= 12 | password= 13 | key= 14 | ssh- 15 | ldap: 16 | mysqli_connect 17 | sk- 18 | ``` 19 | 20 | 通过快速遍历机器文件,去寻找这些关键词,可以找到突破口,这个代码我之前也分享给好几个朋友,在实战阶段效果不错,具体可以看公众号文章:[内网渗透信息搜集骚姿势](https://mp.weixin.qq.com/s/GkK4AgXsqng6OLAGs45MUg) 21 | 22 | ## 🚨 项目优势 23 | 24 | **有其他敏感文件搜索工具,这个项目的优势在哪?** 25 | 26 | - Linux基本都自带 `Python2/Python3` 环境,可以直接用来跑脚本 27 | - 本项目没有使用到额外的pip库,运行 `.py` 脚本不需要执行额外的动作 28 | - 其他项目基本需要编译成可执行文件使用(比如采用 `go` 语言编写的项目),如果编译后的文件不兼容或者无法执行就寄了 29 | - 原理简单,输出文件方便清晰更加直观,有时最简单的就是最稳定的 30 | - 可自定义性强,可以自由指定文件后缀名、搜寻内容以及搜寻目录 31 | 32 | ## 🐉 工具使用 33 | 34 | ![FindEverything](./pic/FindEverything.png) 35 | 36 | Python的默认安装路径是 `/usr/bin/python` 或 `/usr/local/bin/python` 37 | 38 | 通过以下命令可以尝试常见Python变量并查看版本 `-V` 39 | 40 | ``` 41 | python -V 42 | python2 -V 43 | python3 -V 44 | py -V 45 | py2 -V 46 | py3 -V 47 | ``` 48 | 49 | Python3环境 50 | 51 | ``` 52 | python3 FindEverything.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c "password=" -d D:/ 53 | python3 FindEverything.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql 54 | python3 FindEverything.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt 55 | ``` 56 | 57 | Python3环境但没有tqdm包 58 | 59 | ``` 60 | python3 FindEverything-notqdm.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c "password=" -d D:/ 61 | python3 FindEverything-notqdm.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql 62 | python3 FindEverything-notqdm.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt 63 | ``` 64 | 65 | Python2环境 66 | 67 | ``` 68 | python2 FindEverything-py2.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c "password=" -d D:/ 69 | python2 FindEverything-py2.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql 70 | python2 FindEverything-py2.py -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt 71 | ``` 72 | 73 | 没有Python环境则使用sh 74 | 75 | ``` 76 | ./FindEverything.sh -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c "password=" -d D:/ 77 | ./FindEverything.sh -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql 78 | ./FindEverything.sh -n .txt,.ini,.yaml,.php,.jsp,.java,.xml,.sql -c jdbc:mysql -o output.txt 79 | ``` 80 | 81 | 其他小技巧 82 | 83 | ``` 84 | find / -type f \( -iname "*.conf" -o -iname "*.yml" -o -iname "*.yaml" -o -iname "*.ini" \) 85 | ``` 86 | 87 | ## 🙏 感谢各位师傅 88 | 89 | [![Star History Chart](https://api.star-history.com/svg?repos=AabyssZG/FindEverything&type=Date)](https://star-history.com/#AabyssZG/FindEverything&Date) 90 | -------------------------------------------------------------------------------- /FindEverything.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Colors for output 4 | GREEN='\033[0;32m' 5 | RED='\033[0;31m' 6 | NC='\033[0m' # No Color 7 | YELLOW='\033[1;33m' 8 | 9 | # Logo function 10 | print_logo() { 11 | echo ' _______ ______ _____ ____ __ ' 12 | echo ' / ____(_)___ ____/ / __ \/ ___/ / __ \__ __/ /_' 13 | echo ' / /_ / / __ \/ __ / / / /\__ \______/ / / / / / / __/' 14 | echo ' / __/ / / / / / /_/ / /_/ /___/ /_____/ /_/ / /_/ / /_ ' 15 | echo '/_/ /_/_/ /_/\__,_/\____//____/ \____/\__,_/\__/ ' 16 | echo 17 | } 18 | 19 | # Help function 20 | show_help() { 21 | echo "Usage: $0 [options]" 22 | echo 23 | echo "Options:" 24 | echo " -n, --name Specify the file extensions (comma separated)" 25 | echo " -c, --content Specify the content to search for" 26 | echo " -o, --output Specify output file (default: findout.txt)" 27 | echo " -d, --directory Target directory (default: ./)" 28 | echo 29 | echo "Example:" 30 | echo " $0 -n .txt,.log -c \"password\" -o results.txt -d /path/to/search" 31 | } 32 | 33 | # Initialize variables with default values 34 | output_file="findout.txt" 35 | directory="./" 36 | extensions="" 37 | content="" 38 | 39 | # Parse command line arguments 40 | while [[ $# -gt 0 ]]; do 41 | case $1 in 42 | -n|--name) 43 | extensions="$2" 44 | shift 2 45 | ;; 46 | -c|--content) 47 | content="$2" 48 | shift 2 49 | ;; 50 | -o|--output) 51 | output_file="$2" 52 | shift 2 53 | ;; 54 | -d|--directory) 55 | directory="$2" 56 | shift 2 57 | ;; 58 | -h|--help) 59 | show_help 60 | exit 0 61 | ;; 62 | *) 63 | echo "Unknown option: $1" 64 | show_help 65 | exit 1 66 | ;; 67 | esac 68 | done 69 | 70 | # Check required parameters 71 | if [ -z "$extensions" ] || [ -z "$content" ]; then 72 | echo -e "${RED}Error: Missing required parameters${NC}" 73 | show_help 74 | exit 1 75 | fi 76 | 77 | # Convert extensions string to array 78 | IFS=',' read -ra ext_array <<< "$extensions" 79 | 80 | # Clear output file 81 | > "$output_file" 82 | 83 | # Main search function 84 | search_files() { 85 | local dir="$1" 86 | local search_content="$2" 87 | 88 | # Create find command with multiple extensions 89 | find_cmd="find \"$dir\" -type f" 90 | for ext in "${ext_array[@]}"; do 91 | find_cmd="$find_cmd -o -name \"*$ext\"" 92 | done 93 | 94 | # Execute find command and process each file 95 | while IFS= read -r file; do 96 | echo -e "${YELLOW}Searching in: $file${NC}" 97 | 98 | # Search content in file and write results 99 | if grep -n "$search_content" "$file" > /dev/null 2>&1; then 100 | { 101 | echo -e "[+] File Path: $file" 102 | line_count=$(grep -c "$search_content" "$file") 103 | echo "[=] Line Rows: $line_count" 104 | grep -n "$search_content" "$file" | while IFS=: read -r line_num line; do 105 | echo "[~] In Line $line_num: $line" 106 | done 107 | echo 108 | } >> "$output_file" 109 | fi 110 | done < <(eval "$find_cmd") 111 | } 112 | 113 | # Main execution 114 | print_logo 115 | echo -e "${GREEN}[+] Running Search..${NC}" 116 | search_files "$directory" "$content" 117 | echo -e "${GREEN}[+] Results written to $output_file${NC}" 118 | --------------------------------------------------------------------------------