Discovering backups, secrets, and more using the wayBackupFinder.py tool.
I recently created a tool that efficiently searches for backup files within Wayback Machine or archive.org URLs. Here’s a quick overview of how I was able to locate backups containing .sql files in a matter of minutes. This write-up aims to provide insights into how you can make the most of this tool.
To start, I selected a target and ran the tool using a custom option instead of scanning through an extensive list of extensions. For this specific case, I focused on .zip files. Within seconds, the tool generated a list of .zip files that were not directly accessible on the website but were still available on archive.org.
I came across a suspicious .zip file and attempted to open it directly. However, I was redirected to an authentication page, suggesting that the file is either no longer available or requires authentication for access.
Using the link located through WayBackupFinder and accessed via web.archive.org, I successfully downloaded the .zip file.
Upon extracting the file, several .sql files were discovered.
This is an example of how the tool can be used to identify backups, uncover information disclosure, and detect other critical vulnerabilities.
Read more about this tool: https://anmolksachan.medium.com/unlock-hidden-backups-with-waybackupfinder-py-7b98041a82d9
You’re welcome to reach out to me here for any suggestions, feedback, or even just a friendly chat!
https://linkedin.com/in/anmolksachan/
https://x.com/fr13nd0x7f
