Engine v1.0.2 Live

Backupfinder

Fast backup discovery wordlist generator. Permutates domain segments with thousands of common archive, sql, and backup patterns.

Standard Extensions

1906

Wordlist Patterns

9k+

Total Permutations

Generator

Deterministic Wordlist Generation

discovery_session_std

❯

0 / 0 PATTERNS

// Waiting for target vector...
// Ready to execute generation matrix.

How it works

Pattern Logic

The engine breaks down the target domain into segments and applies common naming conventions for backups and database dumps.

Segment Extraction

Isolates hostnames and subdomains.

Pattern Application

Applies .zip, .sql, .tar.gz, .bak and 2000+ other extensions.

Clean Output

Deduplicated and sorted results ready for fuzzing.

Logic Examples

Input: admin.domains.com

1. admin.zip

2. domains-admin.sql

3. admin_backup.tar.gz

4. domains.com.bak

Ext patterns

1,900+

Deep patterns

Reference

Validated Industry Disclosures

Bugcrowd

Advanced Enumeration

Automated discovery of version control leaks and legacy database snapshots using intelligent pattern matching on public bug bounty targets.

HackerOne

Critical Data Exposure

Exposed backup archive discovered at the root directory, named precisely after the host domain. This finding was validated and rewarded by the MTN Group security team.

Discovered Path: https://mtn.co.rw/mtn.zip

Report #1516520 ↗

CLI Reference

Automation & Scripting

Standard Extraction

$backupfinder -u https://target.com

Deep Matrix Analysis

$backupfinder -u https://target.com -w

Piping to FFUF

$backupfinder -u https://target.com --silent \

| ffuf -w /dev/stdin -u https://target.com/FUZZ

Batch Processing

$cat live_subs.txt | while read url; do

  backupfinder -u "$url" -w --silent >> wordlist.txt

done