dwisiswant0 / Gf Secrets
Licence: mit
Secret and/ credential patterns used for gf.
Stars: ✭ 96
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Gf Secrets
Go Dork
The fastest dork scanner written in Go.
Stars: ✭ 274 (+185.42%)
Mutual labels: crawler, infosec, bugbounty
Assessment Mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (+533.33%)
Mutual labels: infosec, bugbounty
S3scanner
Scan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+1273.96%)
Mutual labels: infosec, bugbounty
Gospider
Gospider - Fast web spider written in Go
Stars: ✭ 785 (+717.71%)
Mutual labels: crawler, bugbounty
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+430.21%)
Mutual labels: infosec, bugbounty
Learn365
This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (+446.88%)
Mutual labels: infosec, bugbounty
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+244.79%)
Mutual labels: infosec, bugbounty
Bug Bounty Responses
A collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-52.08%)
Mutual labels: infosec, bugbounty
31 Days Of Api Security Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Stars: ✭ 1,038 (+981.25%)
Mutual labels: infosec, bugbounty
Jaeles
The Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+1017.71%)
Mutual labels: infosec, bugbounty
Metabigor
Intelligence tool but without API key
Stars: ✭ 424 (+341.67%)
Mutual labels: infosec, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (+514.58%)
Mutual labels: infosec, bugbounty
Bugbountyguide
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (+252.08%)
Mutual labels: infosec, bugbounty
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-35.42%)
Mutual labels: infosec, bugbounty
Bugbounty Cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+3695.83%)
Mutual labels: infosec, bugbounty
Hetty
Hetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+3645.83%)
Mutual labels: infosec, bugbounty
Legal Bug Bounty
#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-56.25%)
Mutual labels: infosec, bugbounty
🔑 gf-secrets
Secret and/ credential patterns used for gf.
Requirements ✨
- Have
gfin your machine. Install now if not ready!
Getting started 💫
Clone this repository.
▶ git clone https://github.com/dwisiswant0/gf-secrets
Then copy all JSON pattern files into ~/.gf directory.
▶ cd gf-secrets/
▶ cp -a .gf/ $HOME
Workaround ♻️
Finding for testing point with gau and fff.
▶ gau -subs [host] | cut -d"?" -f1 | grep -E "\.js(?:onp?)?$" | tee urls.txt
▶ sort -u urls.txt | fff -s 200 -o out/
After we save response from known URLs, it's time to digging for secrets.
Usage 💬
▶ for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i}; done
You will see stdout results in your terminal if grep recursively turns match.
Contributing 👥
If you find a general pattern for secrets and/ credentials, feel free to open pull request. 💚
License 📄
The JSON files and documentation in this project are released under the MIT License.
Tools used with this project include third party materials.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].