From 25d2be529f746ab4f8f9bd3e55515fd26fe1adbe Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Wed, 12 Apr 2023 13:12:33 +0200 Subject: [PATCH] BadSecrets Tool --- API Key Leaks/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/API Key Leaks/README.md b/API Key Leaks/README.md index e65d687..20b854d 100644 --- a/API Key Leaks/README.md +++ b/API Key Leaks/README.md @@ -37,6 +37,15 @@ ```powershell nuclei -t token-spray/ -var token=token_list.txt ``` +- [blacklanternsecurity/badsecrets](https://github.com/blacklanternsecurity/badsecrets) - A library for detecting known or weak secrets on across many platforms + ```ps1 + python examples/cli.py --url http://example.com/contains_bad_secret.html + python examples/cli.py eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo + python ./badsecrets/examples/blacklist3r.py --viewstate /wEPDwUJODExMDE5NzY5ZGQMKS6jehX5HkJgXxrPh09vumNTKQ== --generator EDD8C9AE + python ./badsecrets/examples/telerik_knownkey.py --url http://vulnerablesite/Telerik.Web.UI.DialogHandler.aspx + python ./badsecrets/examples/symfony_knownkey.py --url https://localhost/ + ``` + ## Exploit