Search for sensitive files

1. Goal

Detect whether sensitive files exist in your website path:

log file
environment variables file
backup file

2. Description

sensitive_files.txtReads a regular expression from a file and searches for matching files within the specified document root directory. This gives you more flexibility in checking sensitive files.
sensitive_files.txtYou can increase detection by adding more regular expressions to the file.

3. Code

vi check_sensitive_files.sh

#!/bin/bash

# 사용법 안내 함수
usage() {
    echo "Usage: $0 <DOCUMENT_ROOT>"
    exit 1
}

# 명령줄 인수 확인
if [ "$#" -ne 1 ]; then
    usage
fi

# 웹 서버의 문서 루트 디렉토리
DOCUMENT_ROOT="$1"

# 민감한 파일 목록 파일
SENSITIVE_FILES_LIST="sensitive_files.txt"

# 민감한 파일 목록을 읽어들이기
if [ ! -f "$SENSITIVE_FILES_LIST" ]; then
    echo "Error: Sensitive files list file not found: $SENSITIVE_FILES_LIST"
    exit 1
fi

# 함수: 파일 접근 가능 여부 확인
check_file() {
    local file_pattern="$1"
    local matched_files=($(find "$DOCUMENT_ROOT" -type f -regex "$file_pattern"))
    
    if [ ${#matched_files[@]} -gt 0 ]; then
        for file in "${matched_files[@]}"; do
            echo "[노출됨] 민감한 파일 발견: $file"
        done
    else
        echo "[안전함] 민감한 파일 없음: $file_pattern"
    fi
}

echo "민감한 파일 접근 여부 확인 중..."

# 민감한 파일 목록을 읽어서 함수 호출
while IFS= read -r file_pattern; do
    check_file "$file_pattern"
done < "$SENSITIVE_FILES_LIST"

Log file detection

Because log files record application and server activity, they may contain sensitive information:

LOG_FILES=(
    "error.log"
    "access.log"
    "application.log"
    "debug.log"
    "server.log"
    "app.log"
    "system.log"
    "database.log"
    "auth.log"
    "nginx/access.log"
    "nginx/error.log"
    "apache2/access.log"
    "apache2/error.log"
    "syslog"
    "secure"
    "messages"
)

Environmental variable exposure detection

Environment variables files can contain sensitive information, such as database passwords and API keys:

ENV_FILES=(
    ".env"
    "env"
    "config.env"
    "settings.env"
    "secrets.env"
    ".env.local"
    ".env.production"
    ".env.development"
    ".env.test"
)

Backup file detection

Backup files may contain snapshots of entire databases or file systems, which poses a significant risk if exposed:

BACKUP_FILES=(
    "backup.tar"
    "backup.zip"
    "backup.sql"
    "db_backup.sql"
    "website_backup.tar.gz"
    "backup.gz"
    "backup.bz2"
    "backup.tgz"
    "backup.tbz2"
    "backup.tar.bz2"
    "backup.tar.gz"
    "backup.tgz"
    "database_backup.sql"
    "db_backup.gz"
    "site_backup.zip"
    "backup_YYYYMMDD.tar.gz" # 날짜 형식의 백업 파일
    "backup_YYYYMMDD.zip"
    "dump.sql"
)

DEBUG INFO EXPOSURE file detection

Files used for debugging purposes can expose internal system configuration information or environmental settings, which can pose a significant security risk if exposed to the outside world:

INFO_EXPOSURE_FILES=(
    "phpinfo.php"
    "info.sh"
    "info.py"
    "info.pl"
    "info.asp"
    "info.jsp"
)

`vi sensitive_files.txt`

.*\.log$
.*\.env$
.*backup\.(tar|zip|sql|gz|bz2|tgz|tbz2|tar\.bz2|tar\.gz)$
.*db_backup\.(sql|gz)$
.*database_backup\.sql$
.*site_backup\.zip$
backup_[0-9]{8}\.(tar\.gz|zip)$
.*\.sql$
.*phpinfo\.php$
.*phpinfo_[0-9]{8}\.php$
.*phpinfo_[a-zA-Z0-9_-]+\.php$
.*info\.(sh|py|pl|asp|jsp)$
.*info_[0-9]{8}\.(sh|py|pl|asp|jsp)$
.*info_[a-zA-Z0-9_-]+\.(sh|py|pl|asp|jsp)$

4. Run

When running the script, pass the web server's document root directory as an argument:

sudo bash ./check_sensitive_files.sh /var/www/html

PreviousWordPress

Last updated 1 year ago

hashtag1. Goal

hashtag2. Description

hashtag3. Code

hashtagLog file detection

hashtagEnvironmental variable exposure detection

hashtagBackup file detection

hashtagDEBUG INFO EXPOSURE file detection

hashtagvi sensitive_files.txt

hashtag4. Run