For a new project I needed a tool that could scan a web server for the http status code of different URLs and have the results listed in a easily parseable result. The URLs are typical Linux resources (f.e. the password file, the hostname, services file, …) that could lead to disclosing sensitive system information.
There are already a number of tools that can achieve this but none really provided the output that I needed. Hence I wrote my own small script.
You can find it on Github : https://github.com/cudeso/tools/tree/master/twus
It’s a python script that needs one necessary parameter, the URL and two optional parameters. The URL can contain a port number if necessary. So both http://www.myhost.com/ and http://www.myhost.com:995/ are valid.
1 | usage: twus.py [-h] [-r RESOURCES] [-v] url |
6 | url The URL to scan (include http://) |
9 | -h, --help show this help message and exit |
10 | -r RESOURCES, --resources RESOURCES |
11 | File containing the resources to check (default: |
13 | -v, --verbose Add verbose output (default: False) |
4 | "Code", "URL", "Server", "Last Modified", "Content Type", "Cache Control" |
The file containing the resources lists one resource per line. You don’t need to pay attention if it starts with / or not. If the resource starts with a / then it’s stripped. If the URL is not ended with a /, then there is a / added.
twus.input, the default resources file, contains mostly Linux interesting resources.
Pingback: Analyze the network traffic of a TV | Koen Van Impe - vanimpe.eu