hannob
snallygaster
Python

Tool to scan for secret files on HTTP servers

Last updated Jun 20, 2026
2.1k
Stars
230
Forks
12
Issues
0
Stars/day
Attention Score
94
Language breakdown
Python 96.2%
Shell 3.8%
β–Έ Files click to expand
README

snallygaster ============

Finds file leaks and other security problems on HTTP servers.

what?


snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.

Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities.

As an introduction to these kinds of issues you may want to watch this talk:

See the TESTS.md file for an overview of all tests and links to further information about the issues.

install


snallygaster is available via pypi:

pip3 install snallygaster

It's a simple python 3 script, so you can just download the file "snallygaster" and execute it. Dependencies are urllib3, lxml and dnspython. In Debian- or Ubuntu-based distributions you can install them via:

apt install python3-dnspython python3-lxml python3-urllib3

distribution packages


Some Linux and BSD systems have snallygaster packaged:

More at Repology.

faq


Q: I want to contribute / send a patch / a pull request!

A: That's great, but please read the CONTRIBUTIONS.md file.

Q: What's that name?

A: Snallygaster is the name of a dragon that according to some legends was seen in Maryland and other parts of the US. There's no particular backstory why this tool got named this way, other than that I was looking for a fun and interesting name.

I thought a name of some mythical creature would be nice, but most of those had the problem that I would have had name collisions with other software. Checking the list of dragons on Wikipedia I learned about the Snallygaster. The name sounded funny, the idea that there are dragon legends in the US interesting and I found no other piece of software with that name.

credit and thanks


  • Thanks to Tim Philipp SchΓ€fers and Sebastian Neef from the Internetwache for plenty of ideas about things to look for. development of this script. programming during the development. about Python packaging.
    • Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom
    track at 34C3 for letting me present this work.

    author


    snallygaster is developed and maintained by Hanno BΓΆck.

πŸ”— More in this category

Β© 2026 GitRepoTrend Β· hannob/snallygaster Β· Updated daily from GitHub