Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dwisiswant0/gf-secrets
Secret and/or credential patterns used for gf.
https://github.com/dwisiswant0/gf-secrets
alienvault-otx bugbounty crawler gau gf gitleaks infosec open-threat-exchange secrets-detection trufflehog trufflehog3 wayback wayback-machine waybackurl
Last synced: about 1 month ago
JSON representation
Secret and/or credential patterns used for gf.
- Host: GitHub
- URL: https://github.com/dwisiswant0/gf-secrets
- Owner: dwisiswant0
- License: mit
- Created: 2020-06-26T06:08:33.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-02-10T03:42:15.000Z (almost 2 years ago)
- Last Synced: 2024-08-05T17:42:59.167Z (4 months ago)
- Topics: alienvault-otx, bugbounty, crawler, gau, gf, gitleaks, infosec, open-threat-exchange, secrets-detection, trufflehog, trufflehog3, wayback, wayback-machine, waybackurl
- Language: Shell
- Homepage:
- Size: 14.6 KB
- Stars: 230
- Watchers: 5
- Forks: 50
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - dwisiswant0/gf-secrets - Secret and/or credential patterns used for gf. (Shell)
README
# :key: gf-secrets
Secret and/or credential patterns used for `gf`.
## Requirements :sparkles:
- Have `gf` in your machine. [Install now](https://github.com/tomnomnom/gf#install) if not ready!
## Getting started :dizzy:
Clone this repository.
```bash
▶ git clone https://github.com/dwisiswant0/gf-secrets
```Then copy all JSON pattern files into `~/.gf` directory.
```bash
▶ cd gf-secrets/
▶ cp -a .gf/ $HOME
```**See also**:
- [secpat2gf](https://github.com/dwisiswant0/secpat2gf): convert secret patterns to gf compatible.
## Workaround :recycle:
Finding for testing point with [gau](https://github.com/lc/gau) and [fff](https://github.com/tomnomnom/fff).
```bash
▶ gau -subs [host] | cut -d"?" -f1 | grep -E "\.js(onp?)?$" | tee urls.txt
▶ sort -u urls.txt | fff -s 200 -o out/
```After we save response from known URLs, it's time to digging for secrets.
### Usage :speech_balloon:
```bash
▶ ./gf-secrets.sh
```You will see _stdout_ results in your terminal if grep recursively turns match.
## Contributing :busts_in_silhouette:
[![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswant0/gf-secrets/issues)
If you find a general pattern for secrets and/or credentials, feel free to open pull request. :green_heart:
## License :page_facing_up:
The JSON files and documentation in this project are released under the MIT License.
Tools used with this project include third party materials.
[![Twitter Follow](https://img.shields.io/twitter/follow/dwisiswant0.svg?style=social)](https://twitter.com/dwisiswant0)