https://github.com/vsec7/xkeys

Extract Sensitive Keys, Secret, Token Or Interested thing from source
https://github.com/vsec7/xkeys

bugbounty hacking osint pentest pentest-tool

Last synced: 5 months ago
JSON representation

Extract Sensitive Keys, Secret, Token Or Interested thing from source

• Host: GitHub
• URL: https://github.com/vsec7/xkeys
• Owner: vsec7
• Created: 2020-06-04T14:00:32.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-06-04T17:44:12.000Z (about 6 years ago)
• Last Synced: 2024-06-20T02:03:04.312Z (almost 2 years ago)
• Topics: bugbounty, hacking, osint, pentest, pentest-tool
• Language: Go
• Size: 4.88 KB
• Stars: 49
• Watchers: 2
• Forks: 12
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# xkeys

A eXtractor sensitive Keys, Secret, Token or interested things from source.

## Install

```

 ▶ go get -u github.com/vsec7/xkeys

```

## Basic Usage

```

 ▶ xkeys --help 

xKeys (eXtract Keys)

By     : viloid [Sec7or - Surabaya Hacker Link]

Basic Usage :

 ▶ echo http://domain.com/path/file.js | xkeys

 ▶ cat listurls.txt | xkeys -o cans.txt

Options :

  -H, --header                  Header to the request

  -o, --output                  Output file (*default xkeys.txt)

  -x, --proxy                    HTTP proxy

  -w, --wordlist              Custom wordlists keyword pattern

  -k, --key                    Custom single keyword pattern

  -t, --telegram  Telegram notification

```

## Advanced Usage

```

Custom single keyword with send notification telegram e.g :

 ▶ echo http://domain.com/path/file.js | xkeys -k "access_token" -t "26525265:IniBotTelegramToken|86565765"

Custom list keywords e.g : 

 ▶ cat listurls.txt | xkeys -w customkeywordlist.txt -H "Authorization: Bearer eXAmPLe" -H "Cookie: ExAmpLe" -o xkeys-domain.txt

** URLs in listurls should contains http:// or https:// 

 ▶ cat listurls.txt

http://domain.com/path/file.js

http://domain.com/path/file2.js

http://domain.com/path/file3.js

...

** customkeywordlist.txt contains your custom keyword list (delim newline) **

 ▶ cat customkeywordlist.txt

access_token

secret_key

...

```

## Possible Value Extraction

```

{keyword}=

{keyword}= 

{keyword} =

{keyword} = 

'{keyword}'=''

'{keyword}'= ''

'{keyword}' =''

'{keyword}' = ''

"{keyword}"=""

"{keyword}"= ""

"{keyword}" =""

"{keyword}" = ""

"{keyword}":""

"{keyword}": ""

"{keyword}" :""

"{keyword}" : ""

{keyword}=&

```

## Default Keywords

Check main.go in function *keywords()*

```

Code Snip:

func keywords() []string {

	return []string{

		"access_key",

		"access_token",

		"..."

		"..."

	}

}

```

## Credit And Thanks

```

@tomnomnom (github.com/tomnomnom)

@bhrdn (github.com/bhrdn)

```