snallygaster

snallygaster

Verified 2089 Stars

Tool to scan for secret files on HTTP servers

hannob
Bug-bounty
Jun 01, 2025
2089 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Bug-bounty
GitHub Stars
2089
Project Added On
Jun 01, 2025
Contributors
16

README.md

View on GitHub

snallygaster

Finds file leaks and other security problems on HTTP servers.

what?

snallygaster is a tool that looks for files accessible on web servers that shouldn’t be
public and can pose a security risk.

Typical examples include publicly accessible git repositories, backup files potentially
containing passwords or database dumps. In addition, it contains a few checks for other
security vulnerabilities.

As an introduction to these kinds of issues you may want to watch this talk:
* Attacking with HTTP Requests

See the TESTS.md file for an overview of all tests and links to further
information about the issues.

install

snallygaster is available via pypi:

pip3 install snallygaster

It’s a simple python 3 script, so you can just download the file “snallygaster” and
execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In Debian- or
Ubuntu-based distributions you can install them via:

apt install python3-dnspython python3-urllib3 python3-bs4

distribution packages

Some Linux and BSD systems have snallygaster packaged:

faq

Q: I want to contribute / send a patch / a pull request!

A: That’s great, but please read the CONTRIBUTIONS.md file.

Q: What’s that name?

A: Snallygaster is the name of a dragon
that according to some legends was seen in Maryland and other parts of the US. There’s
no particular backstory why this tool got named this way, other than that I was looking
for a fun and interesting name.

I thought a name of some mythical creature would be nice, but most of those had the
problem that I would have had name collisions with other software. Checking the list of
dragons on Wikipedia I learned about the Snallygaster. The name sounded funny, the idea
that there are dragon legends in the US interesting and I found no other piece of
software with that name.

credit and thanks

  • Thanks to Tim Philipp Schäfers and Sebastian Neef from the Internetwache for plenty of ideas about things to look for.
  • Thanks to Craig Young for many discussions during the
    development of this script.
  • Thanks to Sebastian Pipping for some help with Python
    programming during the development.
  • Thanks to Benjamin Balder Bach for teaching me lots of things
    about Python packaging.
  • Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom
    track at 34C3 for letting me present this work.

author

snallygaster is developed and maintained by Hanno Böck.

Tool Information

Author

hannob

Project Added On

June 01, 2025

License

Open Source

Tags

security tool
View on GitHub

Related Tools

awesome-bugbounty-builder

awesome-bugbounty-builder

Awesome Bug bounty builder Project

Stable
awesome-oneliner-bugbounty

awesome-oneliner-bugbounty

A collection of awesome one-liner scripts especially for bug bounty tips.

Stable
burp_bug_finder

burp_bug_finder

Automatic Bug finder with buprsuite

Stable
View more Bug-bounty tools