InfoSec News & Investigations

laravelN00b – Automated Scan .env Files And Checking Debug Mode In Victim Host

Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host.

Scan rationale

  • Scan host.
  • Resolve IP adress and check .env file in IP Adress
  • Checking debug mode Laravel ( Read .env variables )

Installation
1 – Install with installer.sh
chmod +x installer.sh
./installer.sh
2 – Install manual
go get github.com/briandowns/spinner
go get github.com/christophwitzko/go-curl
go run main.go --hostname victim.host
or
go build laravelN00b main.go

Run
./laravelN00b --hostname victim.host

Download laravelN00b
Original Source