secretfinder
SecretFinder is a python script based on LinkFinder (version for burpsuite here), written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.
Name:secretfinder
Category:Static Code Analysis
Publisher:trickest
Created:6/23/2021
Container:
quay.io/trickest/secretfinder:a0283cbOutput Type:
License:Unknown
Source:View Source
Parameters
-pSet proxy (host:port)-cAdd cookies for authenticated JS files-HSet headers (Name:Value
Name:Value)-iInput a file-iInput folder-iInput a URL-rRegEx for filtering purposes against found endpoint. (e.g: ^/api/)-nProcess js url, if it contain the provided string (string;string2..)-gIgnore js url, if it contain the provided string (string;string2..)-eExtract all javascript links located in a page and process it-bSupport burp exported file