From b7d275d5b005ad8f0f0e1496641d76824d242845 Mon Sep 17 00:00:00 2001 From: Markus Date: Sat, 1 Oct 2022 17:20:51 +0200 Subject: [PATCH] Api Key Leaks: Add Trivy to tools section --- API Key Leaks/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/API Key Leaks/README.md b/API Key Leaks/README.md index 8438d2c..f1c9369 100644 --- a/API Key Leaks/README.md +++ b/API Key Leaks/README.md @@ -24,15 +24,16 @@ ## Tools - [KeyFinder - is a tool that let you find keys while surfing the web!](https://github.com/momenbasel/KeyFinder) -- [Keyhacks - is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.](https://github.com/streaak/keyhacks) -- [truffleHog - Find credentials all over the place](https://github.com/trufflesecurity/truffleHog) +- [KeyHacks - is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.](https://github.com/streaak/keyhacks) +- [TruffleHog - Find credentials all over the place](https://github.com/trufflesecurity/truffleHog) ```ps1 docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --org=trufflesecurity trufflehog git https://github.com/trufflesecurity/trufflehog.git trufflehog github --endpoint https://api.github.com --org trufflesecurity --token GITHUB_TOKEN --debug --concurrency 2 ``` - +- [Trivy - General purpose vulnerability and misconfiguration scanner which also searches for API keys/secrets](https://github.com/aquasecurity/trivy) + ## Exploit The following commands can be used to takeover accounts or extract personal information from the API using the leaked token.