Skip to content
/ Kyubi Public

A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.

111 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shiblisec/Kyubi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
kyubi
kyubi
 
 
Docker_README.md
Docker_README.md
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

made with python author co-author

Kyubi

A tool to discover Nginx alias traversal misconfiguration, read more https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/

Installation

OPTION 1:

git clone https://github.com/shibli2700/Kyubi.git
cd /Kyubi
sudo python3 setup.py install
pip install .

OPTION 2: Pulling the Docker Image from Docker Hub

You can pull the Docker image from Docker Hub and running it locally using the following command:

docker pull saydocerr/kyubi
docker run -it saydocerr/kyubi

Options

usage: kyubi [-h] [-v] [-a] url

This tool checks nginx alias traversal misconfiguration.

positional arguments:
  url         URL of the target

optional arguments:
  -h, --help  show this help message and exit
  -v          increase verbosity
  -a          append segment in the end

Usage

$ kyubi -v https://127.0.0.1/resources/images/users/profile/profile.png

Future Addition

  • Brute forcing with filenames and directories.
  • Web Interface.

About

A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.

Resources

Readme
Activity

Stars

111 stars

Watchers

4 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

Languages