Skip to content

DomainSecretScanner automates secret extraction from JavaScript files, aiding bug bounty hunters, penetration testers, Security Researchers also developers. It simplifies collecting sensitive data like API keys and passwords, username, AWS Access key and others.

Notifications You must be signed in to change notification settings

husnainsuleman/DomainSecretScanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

DomainSecretScanner

DomainSecretScanner automates secret extraction from JavaScript files, aiding bug bounty hunters, penetration testers, Security Researchers also developers. It simplifies collecting sensitive data like API keys and passwords, usernames, AWS Access keys, and others.

Features

  • Automated subdomain discovery.
  • Collection of JavaScript files from discovered subdomains.
  • Extraction of secrets from JavaScript files.
  • Consolidation of extracted secrets into a single output file.

Setup

Follow these steps for Installation:

https://github.com/husnainsuleman/DomainSecretScanner.git
chmod +x install.sh domain_secret_scanner.sh
./install.sh

Usage

./domain_secret_scanner.sh

image

You can see in this ScreenShot all secrets extracted from the JavaScript file:

image

Disclaimer

This tool is intended for educational and ethical testing purposes only. Users are responsible for complying with all applicable laws and regulations.

About

DomainSecretScanner automates secret extraction from JavaScript files, aiding bug bounty hunters, penetration testers, Security Researchers also developers. It simplifies collecting sensitive data like API keys and passwords, username, AWS Access key and others.

Resources

Stars

Watchers

Forks

Languages