Unlock Hidden Backups with wayBackupFinder.py

As security researchers, penetration testers, and bug bounty hunters, we often uncover vulnerabilities and recover valuable resources from websites. Some sensitive files or past versions of sites may not be accessible through normal means but could still exist in the Wayback Machine, increasing the attack surface. These archived resources are often overlooked in standard security assessments, providing an unexpected opportunity for threat actors.

wayBackupFinder.py is a Python script that helps identify these hidden backups, allowing you to access files securely archived in the Wayback Machine that may no longer be available on the live site, exposing potential information disclosure vulnerabilities.

Github: https://github.com/anmolksachan/WayBackupFinder

How It Works

wayBackupFinder.py scans the Wayback Machine, fetching URLs for a given domain and filtering them based on specified file extensions (e.g., .pdf, .jpg, .zip). The tool doesn’t just find these URLs but also checks if any archived snapshots of the URLs are available. If an archived version exists, the script will provide you with a direct link to the snapshot, helping you retrieve those files.

Why Should Security Professionals Use It?

For security researchers and penetration testers, finding backups can be crucial in multiple scenarios:

• Recovering Sensitive Files: When conducting vulnerability assessments or forensic investigations, you may need to recover deleted or lost files from a site. These files might still be available in the Wayback Machine, even if they’ve been removed from the live site.
• Historical Analysis: Review past versions of a site or application to understand how it has changed, potentially revealing outdated security flaws, exposed data, or previous vulnerabilities.
• Bug Bounty Hunting: During bug bounty programs, uncovering hidden or forgotten files that are still accessible in Wayback snapshots can uncover valuable attack vectors or evidence for your findings.

This script is an essential tool in your arsenal to identify archived files that could have been missed otherwise.

How to Use

1. Run the script: python3 wayBackupFinder.py.
2. Enter the domain of the target website.
3. You can either specify the file extensions using the custom option or select the load option to use the built-in list of extensions.
4. The script will automatically fetch the URLs and check if any archived snapshots exist.
5. The content can be downloaded directly using the links provided by the script, though the original website may no longer host that material.

Example

1. In the following example, we selected a random target purely for demonstration purposes and focused on searching for the .zip file extension within the scope.

2. For the demonstration, we selected a random URL that is no longer directly accessible through our target website.

3. By utilizing the link provided by our tool, we can access the ZIP file via the same URL that was previously hosted, as demonstrated in the screenshot below which is no longer accessible directly. These zip files may contain source code, backups, databases, and other sensitive resources not meant for user access.

4. This is merely an example, and we can search for sensitive data like hardcoded secrets, credentials, backup files, SQL files, and so on.

Conclusion

From a security researcher, pentester, or bug bounty hunter’s perspective, wayBackupFinder.py is a powerful tool that extends your attack surface into an often-overlooked area — the Wayback Machine. Many critical resources, including backups, might be hidden within this archive, providing attackers with a unique and unusual vector to explore. This tool helps uncover potentially valuable historical data that can significantly impact security assessments, vulnerability discovery, and bug bounty submissions.

For threat actors, this increases the attack surface by revealing forgotten or overlooked assets from a past version of a site or application. By exploiting backups or archived pages stored in the Wayback Machine, attackers can gain access to sensitive information or identify security gaps that might have been closed or forgotten over time. By using wayBackupFinder.py, security professionals can uncover these hidden resources, offering a chance to recover lost data, find overlooked vulnerabilities, and gather intel that could otherwise stay beyond reach. This tool is essential for uncovering valuable insights that could improve your security posture or assist in identifying potential attack vectors in unexpected places.

Watch tool in action here: https://anmolksachan.medium.com/discovering-backups-secrets-and-more-using-the-waybackupfinder-py-tool-b97f67e95c50