Skip to content

A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.

Notifications You must be signed in to change notification settings

shiblisec/Kyubi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

made with python author co-author

Kyubi

A tool to discover Nginx alias traversal misconfiguration, read more https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/

Installation

OPTION 1:

git clone https://github.com/shibli2700/Kyubi.git
cd /Kyubi
sudo python3 setup.py install
pip install .

OPTION 2: Pulling the Docker Image from Docker Hub

You can pull the Docker image from Docker Hub and running it locally using the following command:

docker pull saydocerr/kyubi
docker run -it saydocerr/kyubi

Options

usage: kyubi [-h] [-v] [-a] url

This tool checks nginx alias traversal misconfiguration.

positional arguments:
  url         URL of the target

optional arguments:
  -h, --help  show this help message and exit
  -v          increase verbosity
  -a          append segment in the end

Usage

$ kyubi -v https://127.0.0.1/resources/images/users/profile/profile.png

Future Addition

  • Brute forcing with filenames and directories.
  • Web Interface.

About

A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published