Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dwisiswant0/gf-secrets

Secret and/or credential patterns used for gf.
https://github.com/dwisiswant0/gf-secrets

alienvault-otx bugbounty crawler gau gf gitleaks infosec open-threat-exchange secrets-detection trufflehog trufflehog3 wayback wayback-machine waybackurl

Last synced: 6 days ago
JSON representation

Secret and/or credential patterns used for gf.

Host: GitHub
URL: https://github.com/dwisiswant0/gf-secrets
Owner: dwisiswant0
License: mit
Created: 2020-06-26T06:08:33.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-02-10T03:42:15.000Z (over 1 year ago)
Last Synced: 2024-08-05T17:42:59.167Z (3 months ago)
Topics: alienvault-otx, bugbounty, crawler, gau, gf, gitleaks, infosec, open-threat-exchange, secrets-detection, trufflehog, trufflehog3, wayback, wayback-machine, waybackurl
Language: Shell
Homepage:
Size: 14.6 KB
Stars: 230
Watchers: 5
Forks: 50
Open Issues: 1
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - dwisiswant0/gf-secrets - Secret and/or credential patterns used for gf. (Shell)

README

        # :key: gf-secrets

Secret and/or credential patterns used for `gf`.

## Requirements :sparkles:

- Have `gf` in your machine. [Install now](https://github.com/tomnomnom/gf#install) if not ready!

## Getting started :dizzy:

Clone this repository.

```bash

▶ git clone https://github.com/dwisiswant0/gf-secrets

```

Then copy all JSON pattern files into `~/.gf` directory.

```bash

▶ cd gf-secrets/

▶ cp -a .gf/ $HOME

```

**See also**:

- [secpat2gf](https://github.com/dwisiswant0/secpat2gf): convert secret patterns to gf compatible.

## Workaround :recycle:

Finding for testing point with [gau](https://github.com/lc/gau) and [fff](https://github.com/tomnomnom/fff).

```bash

▶ gau -subs [host] | cut -d"?" -f1 | grep -E "\.js(onp?)?$" | tee urls.txt

▶ sort -u urls.txt | fff -s 200 -o out/

```

After we save response from known URLs, it's time to digging for secrets.

### Usage :speech_balloon: 

```bash

▶ ./gf-secrets.sh

```

You will see _stdout_ results in your terminal if grep recursively turns match.

## Contributing :busts_in_silhouette:

[![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswant0/gf-secrets/issues)

If you find a general pattern for secrets and/or credentials, feel free to open pull request. :green_heart:

## License :page_facing_up:

The JSON files and documentation in this project are released under the MIT License.

Tools used with this project include third party materials.

[![Twitter Follow](https://img.shields.io/twitter/follow/dwisiswant0.svg?style=social)](https://twitter.com/dwisiswant0)