https://github.com/copyleftdev/fatt
A high-performance, modular, asynchronous, and distributed security scanning CLI tool designed to rapidly identify sensitive or exposed files and directories across millions of domains.
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (14.7%) to scientific vocabulary
Keywords
Repository
A high-performance, modular, asynchronous, and distributed security scanning CLI tool designed to rapidly identify sensitive or exposed files and directories across millions of domains.
Basic Info
- Host: GitHub
- Owner: copyleftdev
- License: other
- Language: Rust
- Default Branch: master
- Homepage: https://fatt-cli.vercel.app/
- Size: 48.4 MB
Statistics
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
- Releases: 3
Topics
Metadata Files
README.md
FATT (Find All The Things)
A high-performance, modular, asynchronous, and distributed security scanning CLI tool designed to rapidly identify sensitive or exposed files and directories across millions of domains.
Features
- 🚀 High Performance: Built in Rust for maximum speed and efficiency
- 🔄 Asynchronous: Leverages Tokio for concurrent scanning operations
- 🌐 Distributed: Scales horizontally across multiple worker nodes
- 🧩 Modular: Easily extend with custom scanning rules via YAML configuration
- 💾 Persistent DNS Cache: Dramatically improves scanning speed for repeat operations
- 📊 Comprehensive Reporting: SQLite storage for efficient result management
Installation
bash
cargo install fatt
Or build from source:
bash
git clone https://github.com/copyleftdev/fatt.git
cd fatt
cargo build --release
Releases
FATT is available as pre-built binaries for Windows, macOS (Intel and Apple Silicon), and Linux. These binaries are automatically generated through our CI/CD pipeline whenever a new release is tagged.
Download Pre-built Binaries
Visit the Releases page to download the latest version for your platform:
- Windows:
fatt-windows-amd64.zip - macOS Intel:
fatt-macos-amd64.tar.gz - macOS Apple Silicon:
fatt-macos-arm64.tar.gz - Linux:
fatt-linux-amd64.tar.gz
Each release package includes the executable, LICENSE file, and rule-examples directory.
Creating a Release
For maintainers, creating a new release is as simple as pushing a new version tag:
bash
git tag -a v1.0.0 -m "Release v1.0.0"
git push origin v1.0.0
This will trigger the GitHub Actions workflow that builds and packages FATT for all platforms.
Quick Start
```bash
Scan domains from a list using default rules
fatt scan -i domains.txt
Scan with custom rules
fatt scan -i domains.txt -r custom-rules.yaml
Export results to CSV
fatt results export -o findings.csv
Start a worker node for distributed scanning
fatt worker start -m master-ip:port ```
Configuration
FATT uses YAML-based rules for scan configuration. Example:
yaml
rules:
- name: Git Exposure
path: /.git/HEAD
signature: "ref: refs/"
- name: Env File Exposure
path: /.env
signature: "APP_KEY="
Rule Examples
FATT includes a comprehensive set of rule examples in the rule-examples directory, organized by technology:
- admin-panels.yaml - Common admin interfaces and control panels
- api-endpoints.yaml - REST API endpoints and documentation resources
- cloud-service-paths.yaml - AWS, GCP, Azure, and Kubernetes paths
- common-paths.yaml - Comprehensive collection of various path types
- dangerous-defaults.yaml - Exposed configs and sensitive files
- database-paths.yaml - SQL and NoSQL database management interfaces
- debug-endpoints.yaml - Debug, monitoring, and development endpoints
- ecommerce-webapp-paths.yaml - eCommerce platforms and web frameworks
- graphql-endpoints.yaml - GraphQL endpoints and development tools
- iot-embedded-paths.yaml - IoT devices, routers, cameras, and ICS systems
- java-spring-paths.yaml - Spring Boot actuators and Java web applications
- microsoft-paths.yaml - Microsoft Exchange, SharePoint, and Azure paths
Load specific rule sets for targeted scanning:
```rust // Use a single category let rules = rules::load_rules("rule-examples/microsoft-paths.yaml").unwrap();
// Or add rules to your main ruleset rules::add_rule("rule-examples/database-paths.yaml").unwrap(); ```
Usage
```
USAGE:
fatt
SUBCOMMANDS: scan Scan domains for sensitive files and directories rules Manage scanning rules results Query and export scan results dns Manage DNS cache worker Control distributed worker nodes help Prints help information ```
Performance Tuning
FATT is designed for high performance but can be further optimized:
- Increase concurrency with
-c/--concurrencyflag - Adjust batch size with
-b/--batch-sizeflag - Optimize DNS cache lifetime with
--dns-ttloption
License
This project is licensed under the HACKFU PUBLIC LICENSE (HFPL) - "Don't Be A Noob" Edition. See the LICENSE file for details.
2025 copyleftdev
Owner
- Name: Donald Johnson
- Login: copyleftdev
- Kind: user
- Location: Los Angeles
- Repositories: 39
- Profile: https://github.com/copyleftdev
GitHub Events
Total
- Release event: 3
- Watch event: 2
- Delete event: 6
- Push event: 23
- Pull request event: 10
- Create event: 12
Last Year
- Release event: 3
- Watch event: 2
- Delete event: 6
- Push event: 23
- Pull request event: 10
- Create event: 12
Committers
Last synced: 6 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Don Johnson | d****j@z****m | 15 |
| L337[bf49944f]SIGMA | d****n@c****o | 6 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 7 months ago
All Time
- Total issues: 0
- Total pull requests: 5
- Average time to close issues: N/A
- Average time to close pull requests: 5 minutes
- Total issue authors: 0
- Total pull request authors: 1
- Average comments per issue: 0
- Average comments per pull request: 0.0
- Merged pull requests: 5
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 5
- Average time to close issues: N/A
- Average time to close pull requests: 5 minutes
- Issue authors: 0
- Pull request authors: 1
- Average comments per issue: 0
- Average comments per pull request: 0.0
- Merged pull requests: 5
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
- copyleftdev (10)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 1
-
Total downloads:
- cargo 1,293 total
- Total dependent packages: 0
- Total dependent repositories: 0
- Total versions: 2
- Total maintainers: 1
crates.io: fatt
Find All The Things - A high-performance, distributed security scanning tool
- Documentation: https://docs.rs/fatt/
- License: MIT
-
Latest release: 0.1.1
published 11 months ago
Rankings
Maintainers (1)
Dependencies
- 308 dependencies
- actions-rs/cargo v1 composite
- actions-rs/toolchain v1 composite
- actions/checkout v3 composite
- actions/download-artifact v4 composite
- actions/upload-artifact v4 composite
- softprops/action-gh-release v1 composite
- actions-rs/cargo v1 composite
- actions-rs/toolchain v1 composite
- actions/cache v3 composite
- actions/checkout v3 composite
- actions-rs/toolchain v1 composite
- actions/cache v3 composite
- actions/checkout v3 composite