Skip to content
/ PathFinder Public

A lightweight Python tool for scanning websites to discover hidden directories and files. Ideal for penetration testing and security assessments.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cybertricksnet/PathFinder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
PathFinder.py
PathFinder.py
 
 
README.md
README.md
 
 

Repository files navigation

PathFinder

PathFinder is a Python tool for discovering hidden directories and files on web servers. It uses multithreading for faster scanning, making it useful for penetration testing and security assessments.

Requirements

  • Python 3.7 or higher

Installation

  • Clone this repository:

    git clone https://github.com/cybertricksnet/PathFinder.git

  • Change to the directory:

    cd PathFinder

  • Install necessary libraries: Install any missing Python libraries by running:

    pip install -r requirements.txt

Usage

Basic scan:

python3 PathFinder.py https://example.com /usr/share/wordlists/dirb/common.txt --threads 100

This will scan the domain https://example.com using the wordlist common.txt and 100 threads.

With file extensions (e.g., .php, .html, .js):

python3 PathFinder.py https://example.com /usr/share/wordlists/dirb/common.txt -e php html js --threads 100

This will attempt to find directories or files with .php, .html, and .js extensions.

Using a larger wordlist:

You can use a larger wordlist from SecLists for more comprehensive scanning. To download SecLists:

git clone https://github.com/danielmiessler/SecLists.git

Then use a larger wordlist like this:

python3 PathFinder.py https://example.com /path/to/SecLists/Discovery/Web-Content/big.txt --threads 100

Wordlist Reference

The default wordlist comes from DirBuster, typically found on Kali Linux under /usr/share/wordlists/dirb/. Alternatively, you can use wordlists from SecLists:

Features

  • Multithreading: Scan multiple directories and files at once for faster results.
  • Supports file extensions: You can check for specific file extensions like .php, .html, and .js.
  • Custom headers and user agents: Add headers and user-agent strings for advanced use cases.

Notes

  • You can adjust the number of threads depending on your machine's resources.
  • Larger wordlists may take more time but can discover more hidden files and directories.

Licensing

MIT License

NOTE: Downloading this repository may trigger a false-positive alert from your anti-virus or anti-malware software. You can whitelist the filepath if necessary. This repository is safe to use and can be used free of charge. However, it is not recommended to store these files on critical systems, as they could pose a risk of local file inclusion attacks if improperly handled.

About

A lightweight Python tool for scanning websites to discover hidden directories and files. Ideal for penetration testing and security assessments.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages