🎖️
Here is the online demo : Jbin ( This might crash because heroku doesn't supply much computing power, try it locally )
Jbin will gather all the URLs from the website and then it will try to expose the secret data from them. It collects both URLs and JS links to scrape secrets out of it. Also if you are looking for a specific string in a page or want to run custom regex then you can do that too now with the new release, It also provides you with a informative excel report.
How does it work?
New Features?
- Directory bruteforce to get more URLs
- Custom wordlist
- Added realtime task monitoring
- Added the option to reduce power
Third Party Components
- Wayback API
Installation
Required: Python-3.8.5, Flask
- Install flask
pip install Flask
- Install the requirements
pip install -r requirements.txt
- Now set the environment variables
export FLASK_APP=wsgi.py
- Now you can just run the application
flask run
[Note]: Make sure you verify that flask is installed flask --version
Testing
Url: https://peaceful-colden-270bad.netlify.app
Copy the url and put this as a target in the tool, Select AWS Keys/IPV4/IPV6 from the options and verify it's capabilities
Usage
Now go to http://127.0.0.1:5000/
where by default the application will be launched but if that port is in used you can run this flask run --host=127.0.0.1 --port=ANY PORT NUMBER
Enter your target domain and put your custom regex or string, You can run the tool as per your requirement.
Currently we can scrape these secrets!
Google Maps API
Artifactory API
Artifactory Pass
Auth Tokens
AWS Access Keys
AWS MWS Auth Token
Base 64
Basic Auth Credentials
Cloudanary Basic Auth Tokens
Facebook Access Tokens
Facebook Oauth Tokens
Github Secrets
Google Cloud API
Google Oauth Tokens
Youtube Oauth Tokens
Heroku API Keys
IPV4
IPV6
URL Without http
URL With http
Generic API
RSA Private Keys
PGP Private Keys
Mailchamp API key
Mailgun API key
Picatic API
Slack Token
Slack Webhook
Stripe API Keys
Square Access Token
Square Oauth Secret
Twilio API key
Twitter Client ID
Twitter Oauth
Twitter Secret Keys
Vault Token
Firebase Secrets
Paypal Braintree Tokens
The result will be like this and you can download the excel to find all the organized links and secrets:
Demo Excel report:
Issues & Fixes
- Large scopes should be tested locally, Heroku doesn't supply enough computing power since the application does not store any data and does the entire process without any database.
Ongoing Development
- Making the script more faster
*Please do create issues if you face any error while using the application*