Tool Description

Back-Me-Up is a powerful shell script tool designed to automate the bug bounty process by collecting URLs from internet archive data and searching for sensitive data leakage in the form of juicy extensions. The tool utilizes multiple tools, including gau, gauplus, cariddi, waymore, gospider, crawley, hakrawler,katana, and waybackurls to streamline the process.

Prerequisites and Installation [Don’t worry, back-me-up take care of this!!!]

Requirements

[+] go

[+] cariddi

[+] waybackurls

[+] git

[+] waymore

[+] gau

[+] pip3

[+] gauplus

[+] katana

[+] gospider

[+] crawley

[+] httpx

[+] anew

[+] curl

[+] hakrawler

Installation

1. Clone the repo: git clone https://github.com/Dheerajmadhukar/back-me-up.git
2. Change dir & run the script: cd back-me-up/
3. To check installed prerequisite packages/tools/libs :

bash backmeup.sh --check/-c

4. To install all the prerequisite packages/tools/libs :

bash backmeup.sh --install/-i

Usage/Help

To use Back-Me-Up, run the following command:

bash backmeup.sh --help/-h

How it Works

Back-Me-Up works by combining the power of multiple tools to automate the bug bounty process. Here’s a high-level overview of the process:

Step 1: URL Collection

• The tool uses gau, gauplus, waybackurls, cariddi, waymore, gospider, crawley, hakrawler and katana to gather URLs from internet archive data.

Step 2: Extension Filtering

• Back-Me-Up filters the URLs based on a list of juicy extensions, which are known to contain sensitive data e.g .sql, .bkp, .txt etc…

Step 4: Data Analysis

• Finally, Back-Me-Up analyzes the extracted data using regular expressions and patterns to discover sensitive data leakage.

Features

• Automates the bug bounty process for sensitive data leakage discovery
• Utilizes multiple tools for URL collection, data extraction, and data analysis
• Flexible to add more Extensions as per user’s demand
• Provides a user-friendly command-line interface
• Regular expression and pattern-based data analysis

Supports 162 uniq extensions

$ cat ext.txt 

dat,rtf,xls,ppt,sdf,odf,pptx,xlsx,exe,lnk,7z,bin,part,pdb,cgi,crdownload,ini,zipx,bak,torrent,jar,sys,deb,sh,docm,mdb,xla,zip,tar.gz,txt,json,csv,doc,docx,git,pem,bash_history,db,key,tar,log,sql,accdb,dbf,apk,cer,cfg,rar,sln,tmp,dll,iso,c,cpp,tgz,sqlite,pgsql.txt,mysql.txt,gz,config,backup,bkp,crt,eml,java,lst,passwd,pl,pwd,dir,orig,bz2,old,vbs,img,inf,py,vbproj,war,go,psql,sql.gz,vb,webinfo,jnlp,temp,webproj,xsql,raw,inc,lck,nz,rc,html.gz,env,yml,save,save.1,ovpn,secret,secrets,access,gitignore,properties,dtd,conf,configs,xml,rb,yaml,toml,tar.bz2,dochtml,odt,pdf,action,adr,ascx,asmx,axd,bkf,bok,achee,cfm,cnf,csr,ica,mai,mbox,mbx,md,nsf,ora,pac,pcf,pgp,plist,rdp,reg,skr,swf,tpl,url,wml,xsd,swp,bac,BAK,NEW,_bak,_old,bak1,lock,atom,_backup,~,%01,(1),gzip,cab,mysql-pconnect,mysql-connect

Custom extensions [Extension Filtering e.g .sql, .bkp, .txt etc…]

You want to add your custom/new

$ echo "db" >> ext.txt

Demo Video

Watch the demo video on

Disclaimer

Back-Me-Up is designed for responsible use in legitimate penetration testing and bug bounty programs. Misuse of this tool may lead to legal consequences. The author is not responsible for any misuse of this tool.

Author

╔════════[ me_dheeraj ]════════════╗

• Twitter: @Dheerajmadhukar
• YouTube: @Dheerajmadhukar
• LinkedIn: @dheerajtechnolegends

╚═════════════════════════════╝

Support Me

If you find Back-Me-Up useful, consider buying me a beer to support future development: