Add --env-path flag

add README, Makefile .github
mmpx12 · Nov 14, 2022 · 4b06d97 · 4b06d97
1 parent 0f0034b
commit 4b06d97
Show file tree

Hide file tree

Showing 6 changed files with 158 additions and 8 deletions.
diff --git a/.github/screenshot/output.png b/.github/screenshot/output.png
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,31 @@
+name: release binaries
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  release-binaries:
+    name: release binaries linux/windows/android
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        goos: [linux, windows, android]
+        goarch: ["386", amd64, arm64]
+        exclude:
+          - goarch: 386
+            goos: android
+          - goarch: amd64
+            goos: android
+          - goarch: arm64
+            goos: windows
+    steps:
+    - uses: actions/checkout@v2
+    - uses: wangyoucao577/[email protected]
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        goos: ${{ matrix.goos }}
+        goarch: ${{ matrix.goarch }}
+        goversion: "1.19"
+        ldflags: "-w -s"
+        md5sum: FALSE
diff --git a/Makefile b/Makefile
@@ -0,0 +1,18 @@
+build:
+	go build -ldflags="-w -s" 
+
+install:
+	mv xenv /usr/bin/xenv
+
+termux-install:
+	mv xenv /data/data/com.termux/files/usr/bin/xenv
+
+all: build install
+
+termux-all: build termux-install
+
+clean:
+	rm -f xenv /usr/bin/xenv
+
+termux-clean:
+	rm -f xenv /data/data/com.termux/files/usr/bin/xenv
diff --git a/README.md b/README.md
@@ -0,0 +1,94 @@
+# X-ENV
+
+![img](.github/screenshot/output.png)
+
+Scan for exposed env file.
+
+## Usage:
+
+```
+-h, --help                   Show this help
+-t, --thread=NBR             Number of threads (default 50)
+-o, --output=FILE            Output file (default found_env.txt)
+-i, --input=FILE             Input file
+-e, --env-path=ENV           Env Path (comma separated)
+-k, --insecure               Ignore certificate errors
+-u, --user-agent=USR         Set user agent
+-p, --proxy=PROXY            Use proxy (proto://ip:port)
+-V, --version                Print version and exit
+```
+
+**[!] note:**  `-e|--env-path` souldn't have space and must start with `/`.
+
+By default it only scan for "/.env", but most common path are:
+
+- /.env
+- /api/.env
+- /core/.env
+- /admin/.env
+- /local/.env
+- /docker/.env
+- etc...
+
+
+## Examples:
+
+```sh
+$ xenv -i top-alexa.txt
+$ xenv -i top-alexa.txt -k -e "/.env,/api/.env,/core/.env"
+$ xenv -p socks5://127.0.0.1:9050 -o good.txt -i top-alexa.txt -t 60
+```
+
+**Example of input file:**
+
+```
+google.com
+github.com
+domain.com/code
+```
+
+**note:** domain in list shouldn't have protocol in them:
+
+
+```go
+req, err := http.NewRequest("GET", "https://"+url+"/.env/", nil)
+```
+
+
+#### WARNING
+
+Do not use too much threads or you will DOS yourself.
+
+
+## Install:
+
+With one liner if **$GOROOT/bin/** is in **$PATH**:
+
+```sh
+go install github.com/mmpx12/xenv@latest
+```
+
+or from source with:
+
+```sh
+git clone https://github.com/mmpx12/xenv.git
+cd xenv
+make
+sudo make install
+# or 
+sudo make all
+```
+
+for **termux** you can do:
+
+```sh
+git clone https://github.com/mmpx12/xenv.git
+cd xenv
+make
+make termux-install
+# or
+make termux-all
+```
+
+
+There is also prebuild binaries [here](https://github.com/mmpx12/xenv/releases/latest).
diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module xenv
+module github.com/mmpx12/xenv
 
 go 1.19
 

diff --git a/xenv.go b/xenv.go
@@ -29,7 +29,7 @@ var (
 	output    = "found_env.txt"
 	proxy     string
 	insecure  bool
-	version   = "alpha:dev"
+	version   = "1.0.2"
 	userAgent = "Mozilla/5.0 (X11; Linux x86_64)"
 	path      = []string{"/.env"}
 )
@@ -68,13 +68,11 @@ func CheckEnv(client *http.Client, url, path string) {
 		<-thread
 		return
 	}
-	//r := regexp.MustCompile(`(?m)^([A-Za-z0-9-]|[-_#]|^[\s\.]){1,35}[\s]?\=.{1,100}`)
 	r := regexp.MustCompile(`(?m)^([A-Za-z0-9#-_]){1,35}[\s]{0,10}=.{2,100}$`)
 	if r.MatchString(string(body)) {
 		all := r.FindAllString(string(body), -1)
 		if len(all) > 5 {
 			mu.Lock()
-			//success++
 			atomic.AddInt32(&success, 1)
 			WriteToFile("============================\n" + resp.Request.URL.String())
 			fmt.Println("\033[1K\r\033[32mENV FOUND:\033[36m", resp.Request.URL.String()+"\033[0m")
@@ -116,17 +114,20 @@ func LineNBR(f string) int {
 }
 
 func main() {
-	var threads, input string
+	var threads, input, env string
 	var printversion bool
 	op := optionparser.NewOptionParser()
-	op.Banner = "Scan for exposed git repos\n\nUsage:\n"
+	op.Banner = "Scan for exposed env file\n\nUsage:\n"
 	op.On("-t", "--thread NBR", "Number of threads (default 50)", &threads)
-	op.On("-o", "--output FILE", "Output file (default found_git.txt)", &output)
+	op.On("-o", "--output FILE", "Output file (default found_env.txt)", &output)
 	op.On("-i", "--input FILE", "Input file", &input)
+	op.On("-e", "--env-path ENV", "Env Path comma sparated (default '/.env')", &env)
 	op.On("-k", "--insecure", "Ignore certificate errors", &insecure)
 	op.On("-u", "--user-agent USR", "Set user agent", &userAgent)
 	op.On("-p", "--proxy PROXY", "Use proxy (proto://ip:port)", &proxy)
 	op.On("-V", "--version", "Print version and exit", &printversion)
+	op.Exemple("xenv -i alexa-top-1M.lst")
+	op.Exemple("xenv -k -e /.env,/api/.env,/admin/.env -i alexa-top-1M.lst")
 	op.Parse()
 	fmt.Printf("\033[31m")
 	op.Logo("[X-env]", "doom", false)
@@ -147,6 +148,11 @@ func main() {
 		op.Help()
 		os.Exit(1)
 	}
+
+	if env != "" {
+		path = strings.Split(env, ",")
+	}
+
 	client := &http.Client{
 		Timeout: 5 * time.Second,
 		Transport: &http.Transport{
@@ -175,6 +181,7 @@ func main() {
 	fileScanner.Split(bufio.ScanLines)
 	i := 0
 	total := LineNBR(input) * len(path)
+
 	for fileScanner.Scan() {
 		target := fileScanner.Text()
 		for _, p := range path {
@@ -188,5 +195,5 @@ func main() {
 		}
 	}
 	wg.Wait()
-	fmt.Printf("\033[1K\rFound %d git repos.\n", success)
+	fmt.Printf("\033[1K\rFound %d env files.\n", success)
 }