Skip to content

Instantly share code, notes, and snippets.

@gquere
Created April 12, 2022 16:03
Show Gist options
  • Save gquere/6ba1f59ce1fb2e807a0792541caac74e to your computer and use it in GitHub Desktop.
Save gquere/6ba1f59ce1fb2e807a0792541caac74e to your computer and use it in GitHub Desktop.
#!/usr/bin/env python3
import requests
import sys
import urllib3
# https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt
actuators = [ 'trace', 'health', 'loggers', 'logfile', 'metrics', 'autoconfig', 'heapdump', 'env', 'env/home', 'env/pwd', 'env/lang', 'env/language', 'env/tz', 'env/path', 'env/hostname', 'info', 'dump', 'configprops', 'cloudfoundryapplication', 'features', 'flyway', 'liquibase', 'mappings', 'version', 'auditevents', 'beans', 'gateway/routes', 'actuator', 'actuator/auditLog', 'actuator/auditevents', 'actuator/beans', 'actuator/caches', 'actuator/conditions', 'actuator/configurationMetadata', 'actuator/configprops', 'actuator/dump', 'actuator/env', 'actuator/env/home', 'actuator/env/pwd', 'actuator/env/lang', 'actuator/env/language', 'actuator/env/tz', 'actuator/env/path', 'actuator/env/hostname', 'actuator/events', 'actuator/exportRegisteredServices', 'actuator/features', 'actuator/flyway', 'actuator/gateway/routes', 'actuator/health', 'actuator/healthcheck', 'actuator/heapdump', 'actuator/httptrace', 'actuator/info', 'actuator/integrationgraph', 'actuator/jolokia', 'actuator/mappings', 'actuator/metrics', 'actuator/logfile', 'actuator/loggers', 'actuator/loggingConfig', 'actuator/liquibase', 'actuator/redis/info', 'actuator/redis/keysSize', 'actuator/redis/memoryInfo', 'actuator/refresh', 'actuator/registeredServices', 'actuator/releaseAttributes', 'actuator/resolveAttributes', 'actuator/scheduledtasks', 'actuator/sessions', 'actuator/springWebflow', 'actuator/sso', 'actuator/ssoSessions', 'actuator/statistics', 'actuator/status', 'actuator/threaddump', 'actuator/trace', 'actuator/prometheus', 'jolokia', 'list', 'docs' ]
# SUPPRESS WARNINGS ############################################################
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# MAIN #########################################################################
url = sys.argv[1]
if url[-1] != '/':
url = url + '/'
for actuator in actuators:
r = requests.head(url + actuator, verify=False)
if r.status_code != 404:
print('{}: {}'.format(actuator, r.status_code))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment