TProx is a fast reverse proxy path traversal detector and directory bruteforcer
Install • Usage • Examples • Join Discord
Install Options
From Source
▶ GO111MODULE=on go get -v github.com/ethicalhackingplayground/tprox/tprox
Docker
▶ git clone https://github.com/ethicalhackingplayground/tprox && cd tprox && docker build -t tprox .
Usage
▶ tprox -h
▶ docker run tprox -h
This will display help for the tool. Here are all the switches it supports.
👉
tprox help menu
👈
Usage of ./tprox:
-c int
The number of concurrent requests (default 10)
-crawl
crawl the resolved domain while testing for proxy misconfigs
-depth int
The crawl depth (default 5)
-o string
Output the results to a file
-progress
This flag will allow you to turn on the progress bar
-regex string
Filter crawl with regex pattern
-s Show Silent output
-scope string
Specify a scope to crawl with in using regexs
-traverse
This flag will allow you to turn on traversing
-w string
The wordlist to use against a valid endpoint to traverse
Examples
▶ echo "https://example.com/api/v1" | tprox -w wordlist -traverse
▶ echo "https://example.com" | tprox -w wordlist -crawl -traverse
▶ echo "https://example.com" | tprox -w wordlist -crawl -traverse -regex "/api/"
▶ echo "https://example.com" | tprox -w wordlist -crawl -traverse -regex "/api/" -scope ".*.\.example.com"
Changes
- Added some additional flags to help aid finding traversal misconfigurations
- Optimised the crawler
- Added a flag to disable/enable the progress bar
- Fixed the silent flag
Fixes
- Fixed a crawling bug.
- Fixed a traversal bug, it now only prints internal files & endpoints very low % of false positives.
- Made some optimization fixes.
Known Fixes
if for some reason the program fails to install or update run:
sudo rm -r /home/<user-name>/go/pkg/mod/github.com/ethicalhackingplayground/tprox
go clean --modcache
go clean
Then try and install it again.
License
Tprox is distributed under MIT License
