Here is the online demo : Jbin ( This might crash because heroku doesn't supply much computing power, try it locally )
Jbin will gather all the URLs from the website and then it will try to expose the secret data from them. It collects both URLs and JS links to scrape secrets out of it. Also if you are looking for a specific string in a page or want to run custom regex then you can do that too now with the new release, It also provides you with a informative excel report.
How does it work?
- Directory bruteforce to get more URLs
- Custom wordlist
- Added realtime task monitoring
- Added the option to reduce power
Third Party Components
- Wayback API
Required: Python-3.8.5, Flask
- Install flask
pip install Flask
- Install the requirements
pip install -r requirements.txt
- Now set the environment variables
- Now you can just run the application
[Note]: Make sure you verify that flask is installed
Copy the url and put this as a target in the tool, Select AWS Keys/IPV4/IPV6 from the options and verify it's capabilities
Now go to
http://127.0.0.1:5000/ where by default the application will be launched but if that port is in used you can run this
flask run --host=127.0.0.1 --port=ANY PORT NUMBER
Enter your target domain and put your custom regex or string, You can run the tool as per your requirement.
Currently we can scrape these secrets!
Google Maps API Artifactory API Artifactory Pass Auth Tokens AWS Access Keys AWS MWS Auth Token Base 64 Basic Auth Credentials Cloudanary Basic Auth Tokens Facebook Access Tokens Facebook Oauth Tokens Github Secrets Google Cloud API Google Oauth Tokens Youtube Oauth Tokens Heroku API Keys IPV4 IPV6 URL Without http URL With http Generic API RSA Private Keys PGP Private Keys Mailchamp API key Mailgun API key Picatic API Slack Token Slack Webhook Stripe API Keys Square Access Token Square Oauth Secret Twilio API key Twitter Client ID Twitter Oauth Twitter Secret Keys Vault Token Firebase Secrets Paypal Braintree Tokens
The result will be like this and you can download the excel to find all the organized links and secrets:
Demo Excel report:
Issues & Fixes
- Large scopes should be tested locally, Heroku doesn't supply enough computing power since the application does not store any data and does the entire process without any database.
- Making the script more faster
*Please do create issues if you face any error while using the application*