Jbin will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, API secrets, API tokens and many other juicy information.
Improvements such as multi-threading added and also users can now add custom regex to scan. Also you will have a nice excel report after the scan is done!
pip install Flask
export FLASK_APP=wsgi.py
and export FLASK_ENV=debug
flask run
[Note]: Make sure you verify that flask is installed flask --version
Url: https://peaceful-colden-270bad.netlify.app
Copy the url and put it to the tool, Select AWS Keys/IPV4/IPV6 from the options and verify it's capabilities
Now go to http://127.0.0.1:5000/
where by default the application will be launched but if that port is in used you can run this flask run --host=127.0.0.1 --port=ANY PORT NUMBER
Enter your target domain and select the regex which will scrape out the secrets.
Currently we are scraping these secrets:
Google Maps API
Artifactory API
Artifactory Pass
Auth Tokens
AWS Access Keys
AWS MWS Auth Token
Base 64
Basic Auth Credentials
Cloudanary Basic Auth Tokens
Facebook Access Tokens
Facebook Oauth Tokens
Github Secrets
Google Cloud API
Google Oauth Tokens
Youtube Oauth Tokens
Heroku API Keys
IPV4
IPV6
URL Without http
URL With http
Generic API
RSA Private Keys
PGP Private Keys
Mailchamp API key
Mailgun API key
Picatic API
Slack Token
Slack Webhook
Stripe API Keys
Square Access Token
Square Oauth Secret
Twilio API key
Twitter Client ID
Twitter Oauth
Twitter Secret Keys
Vault Token
Firebase Secrets
Paypal Braintree Tokens
The result will be like this:
If we find a valid secret it will show like this:
Please do create issues if you face any error while using the application