gquere/spring_actuator_explorer.py

## spring_actuator_explorer.py
#!/usr/bin/env python3
import requests
import sys
import urllib3

# https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt
actuators = [ 'trace', 'health', 'loggers', 'logfile', 'metrics', 'autoconfig', 'heapdump', 'env', 'env/home', 'env/pwd', 'env/lang', 'env/language', 'env/tz', 'env/path', 'env/hostname', 'info', 'dump', 'configprops', 'cloudfoundryapplication', 'features', 'flyway', 'liquibase', 'mappings', 'version', 'auditevents', 'beans', 'gateway/routes', 'actuator', 'actuator/auditLog', 'actuator/auditevents', 'actuator/beans', 'actuator/caches', 'actuator/conditions', 'actuator/configurationMetadata', 'actuator/configprops', 'actuator/dump', 'actuator/env', 'actuator/env/home', 'actuator/env/pwd', 'actuator/env/lang', 'actuator/env/language', 'actuator/env/tz', 'actuator/env/path', 'actuator/env/hostname', 'actuator/events', 'actuator/exportRegisteredServices', 'actuator/features', 'actuator/flyway', 'actuator/gateway/routes', 'actuator/health', 'actuator/healthcheck', 'actuator/heapdump', 'actuator/httptrace', 'actuator/info', 'actuator/integrationgraph', 'actuator/jolokia', 'actuator/mappings', 'actuator/metrics', 'actuator/logfile', 'actuator/loggers', 'actuator/loggingConfig', 'actuator/liquibase', 'actuator/redis/info', 'actuator/redis/keysSize', 'actuator/redis/memoryInfo', 'actuator/refresh', 'actuator/registeredServices', 'actuator/releaseAttributes', 'actuator/resolveAttributes', 'actuator/scheduledtasks', 'actuator/sessions', 'actuator/springWebflow', 'actuator/sso', 'actuator/ssoSessions', 'actuator/statistics', 'actuator/status', 'actuator/threaddump', 'actuator/trace', 'actuator/prometheus', 'jolokia', 'list', 'docs' ]


# SUPPRESS WARNINGS ############################################################
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


# MAIN #########################################################################
url = sys.argv[1]
if url[-1] != '/':
    url = url + '/'

for actuator in actuators:
    r = requests.head(url + actuator, verify=False)
    if r.status_code != 404:
        print('{}: {}'.format(actuator, r.status_code))
	#!/usr/bin/env python3
	import requests
	import sys
	import urllib3

	# https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt
	actuators = [ 'trace', 'health', 'loggers', 'logfile', 'metrics', 'autoconfig', 'heapdump', 'env', 'env/home', 'env/pwd', 'env/lang', 'env/language', 'env/tz', 'env/path', 'env/hostname', 'info', 'dump', 'configprops', 'cloudfoundryapplication', 'features', 'flyway', 'liquibase', 'mappings', 'version', 'auditevents', 'beans', 'gateway/routes', 'actuator', 'actuator/auditLog', 'actuator/auditevents', 'actuator/beans', 'actuator/caches', 'actuator/conditions', 'actuator/configurationMetadata', 'actuator/configprops', 'actuator/dump', 'actuator/env', 'actuator/env/home', 'actuator/env/pwd', 'actuator/env/lang', 'actuator/env/language', 'actuator/env/tz', 'actuator/env/path', 'actuator/env/hostname', 'actuator/events', 'actuator/exportRegisteredServices', 'actuator/features', 'actuator/flyway', 'actuator/gateway/routes', 'actuator/health', 'actuator/healthcheck', 'actuator/heapdump', 'actuator/httptrace', 'actuator/info', 'actuator/integrationgraph', 'actuator/jolokia', 'actuator/mappings', 'actuator/metrics', 'actuator/logfile', 'actuator/loggers', 'actuator/loggingConfig', 'actuator/liquibase', 'actuator/redis/info', 'actuator/redis/keysSize', 'actuator/redis/memoryInfo', 'actuator/refresh', 'actuator/registeredServices', 'actuator/releaseAttributes', 'actuator/resolveAttributes', 'actuator/scheduledtasks', 'actuator/sessions', 'actuator/springWebflow', 'actuator/sso', 'actuator/ssoSessions', 'actuator/statistics', 'actuator/status', 'actuator/threaddump', 'actuator/trace', 'actuator/prometheus', 'jolokia', 'list', 'docs' ]


	# SUPPRESS WARNINGS ############################################################
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


	# MAIN #########################################################################
	url = sys.argv[1]
	if url[-1] != '/':
	url = url + '/'

	for actuator in actuators:
	r = requests.head(url + actuator, verify=False)
	if r.status_code != 404:
	print('{}: {}'.format(actuator, r.status_code))