TProx

TProx is a fast reverse proxy path traversal detector and directory bruteforcer

InstallUsageExamplesJoin Discord


Install Options

From Source

▶  GO111MODULE=on go get -v  github.com/ethicalhackingplayground/tprox/tprox

Docker

▶  git clone https://github.com/ethicalhackingplayground/tprox && cd tprox && docker build -t tprox .

Usage

▶ tprox -h

▶  docker run tprox -h

This will display help for the tool. Here are all the switches it supports.

👉
tprox help menu

👈

Usage of ./tprox:
  -c int
        The number of concurrent requests (default 10)
  -crawl
        crawl the resolved domain while testing for proxy misconfigs
  -depth int
        The crawl depth (default 5)
  -o string
        Output the results to a file
  -progress
        This flag will allow you to turn on the progress bar
  -regex string
        Filter crawl with regex pattern
  -s    Show Silent output
  -scope string
        Specify a scope to crawl with in using regexs
  -traverse
        This flag will allow you to turn on traversing
  -w string
        The wordlist to use against a valid endpoint to traverse

Examples

echo "https://example.com/api/v1" | tprox -w wordlist -traverse

echo "https://example.com" | tprox -w wordlist -crawl -traverse

echo "https://example.com" | tprox -w wordlist -crawl -traverse -regex "/api/"

echo "https://example.com" | tprox -w wordlist -crawl -traverse -regex "/api/" -scope ".*.\.example.com"


example


Changes

  • Added some additional flags to help aid finding traversal misconfigurations
  • Optimised the crawler
  • Added a flag to disable/enable the progress bar
  • Fixed the silent flag

Fixes

  • Fixed a crawling bug.
  • Fixed a traversal bug, it now only prints internal files & endpoints very low % of false positives.
  • Made some optimization fixes.

Known Fixes

if for some reason the program fails to install or update run:

<div class="highlight highlight-source-shell position-relative" data-snippet-clipboard-copy-content="sudo rm -r /home//go/pkg/mod/github.com/ethicalhackingplayground/tprox
go clean –modcache
go clean
“>

sudo rm -r /home/<user-name>/go/pkg/mod/github.com/ethicalhackingplayground/tprox
go clean --modcache
go clean