Jbin Website Secret Scraper Versions Save

Jbin will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, API secrets, API tokens and many other juicy information.

Jbin-V12.0

2 years ago

Jbin-V1.5

2 years ago
  • Added the option to reduce power
  • Fixed the parser

Jbin-V1.4

2 years ago
  • Realtime task monitoring
  • Url validation

Jbin-V1.3

2 years ago
  • Directory bruteforce option added
  • Custom wordlist

Jbin-V1.2

2 years ago
  • Fixed the loading bar issues now you can go to "Settings" and set your default process count and it will help us track the actual background tasks.
  • Added wayback API URLs as a bonus with all the URLs we scrape

Jbin-V1.1

2 years ago

Improvements such as multi-threading added and also users can now add custom regex to scan. Also you will have a nice excel report after the scan is done!

Jbin-V1.0

2 years ago

Jbin Website Secret Scraper V1.0

Installation

  1. Install flask pip install Flask
  2. Now set the environment variables export FLASK_APP=wsgi.py and export FLASK_ENV=debug
  3. Now you can just run the application flask run

[Note]: Make sure you verify that flask is installed flask --version

Testing

Url: https://peaceful-colden-270bad.netlify.app

Copy the url and put it to the tool, Select AWS Keys/IPV4/IPV6 from the options and verify it's capabilities

Usage

Now go to http://127.0.0.1:5000/ where by default the application will be launched but if that port is in used you can run this flask run --host=127.0.0.1 --port=ANY PORT NUMBER

Enter your target domain and select the regex which will scrape out the secrets.

Screenshot 2022-02-23 at 11 57 06 PM

Currently we are scraping these secrets:

 Google Maps API 
 Artifactory API 
 Artifactory Pass 
 Auth Tokens 
 AWS Access Keys 
 AWS MWS Auth Token 
 Base 64 
 Basic Auth Credentials 
 Cloudanary Basic Auth Tokens 
 Facebook Access Tokens 
 Facebook Oauth Tokens 
 Github Secrets 
 Google Cloud API 
 Google Oauth Tokens 
 Youtube Oauth Tokens 
 Heroku API Keys 
 IPV4 
 IPV6 
 URL Without http 
 URL With http 
 Generic API 
 RSA Private Keys 
 PGP Private Keys 
 Mailchamp API key 
 Mailgun API key 
 Picatic API 
 Slack Token 
 Slack Webhook 
 Stripe API Keys 
 Square Access Token 
 Square Oauth Secret 
 Twilio API key 
 Twitter Client ID 
 Twitter Oauth 
 Twitter Secret Keys 
 Vault Token 
 Firebase Secrets 
 Paypal Braintree Tokens

The result will be like this: Screenshot 2022-02-24 at 12 05 46 AM

If we find a valid secret it will show like this: Screenshot 2022-02-24 at 12 11 51 AM

Please do create issues if you face any error while using the application