m4ll0k / secretfinder Goto Github PK

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

License: GNU General Public License v3.0

Python 97.17% Dockerfile 2.83%

secretfinder's Introduction

about SecretFinder

SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding and search anything on js files.

The output is given in HTML or plaintext.

Help

usage: SecretFinder.py [-h] [-e] -i INPUT [-o OUTPUT] [-r REGEX] [-b]
                       [-c COOKIE] [-g IGNORE] [-n ONLY] [-H HEADERS]
                       [-p PROXY]

optional arguments:
  -h, --help            show this help message and exit
  -e, --extract         Extract all javascript links located in a page and
                        process it
  -i INPUT, --input INPUT
                        Input a: URL, file or folder
  -o OUTPUT, --output OUTPUT
                        Where to save the file, including file name. Default:
                        output.html
  -r REGEX, --regex REGEX
                        RegEx for filtering purposes against found endpoint
                        (e.g: ^/api/)
  -b, --burp            Support burp exported file
  -c COOKIE, --cookie COOKIE
                        Add cookies for authenticated JS files
  -g IGNORE, --ignore IGNORE
                        Ignore js url, if it contain the provided string
                        (string;string2..)
  -n ONLY, --only ONLY  Process js url, if it contain the provided string
                        (string;string2..)
  -H HEADERS, --headers HEADERS
                        Set headers ("Name:Value\nName:Value")
  -p PROXY, --proxy PROXY
                        Set proxy (host:port)

Installation

SecretFinder supports Python 3.

$ git clone https://github.com/m4ll0k/SecretFinder.git secretfinder
$ cd secretfinder
$ python -m pip install -r requirements.txt or pip install -r requirements.txt
$ python3 SecretFinder.py

Usage

Most basic usage to find the sensitive data with default regex in an online JavaScript file and output the HTML results to results.html:

python3 SecretFinder.py -i https://example.com/1.js -o results.html

CLI/STDOUT output (doesn't use jsbeautifier, which makes it very fast):

python3 SecretFinder.py -i https://example.com/1.js -o cli

Analyzing an entire domain and its JS files:

python3 SecretFinder.py -i https://example.com/ -e

Ignore certain js file (like external libs) provided by -g --ignore

python3 SecretFinder.py -i https://example.com/ -e -g 'jquery;bootstrap;api.google.com'

Process only certain js file provided by -n --only:

python3 SecretFinder.py -i https://example.com/ -e -n 'd3i4yxtzktqr9n.cloudfront.net;www.myexternaljs.com'

Use your regex:

python3 SecretFinder.py -i https://example.com/1.js -o cli -r 'apikey=my.api.key[a-zA-Z]+'

Other options: add headers,proxy and cookies:

python3 SecretFinder.py -i https://example.com/ -e -o cli -c 'mysessionid=111234' -H 'x-header:value1\nx-header2:value2' -p 127.0.0.1:8080 -r 'apikey=my.api.key[a-zA-Z]+'

Input accept all this entries:
Url: e.g. https://www.google.com/ [-e] is required
Js url: e.g. https://www.google.com/1.js
Folder: e.g. myjsfiles/*
Local file: e.g /js/myjs/file.js

add Regex

Open SecretFinder.py and add your regex:

_regex = {
    'google_api'     : r'AIza[0-9A-Za-z-_]{35}',
    'google_captcha' : r'6L[0-9A-Za-z-_]{38}|^6[0-9a-zA-Z_-]{39}$',
    'google_oauth'   : r'ya29\.[0-9A-Za-z\-_]+',
    'amazon_aws_access_key_id' : r'A[SK]IA[0-9A-Z]{16}',
    'amazon_mws_auth_toke' : r'amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}',
    'amazon_aws_url' : r's3\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\.s3\.amazonaws.com',
    'facebook_access_token' : r'EAACEdEose0cBA[0-9A-Za-z]+',
    'authorization_basic' : r'basic\s*[a-zA-Z0-9=:_\+\/-]+',
    'authorization_bearer' : r'bearer\s*[a-zA-Z0-9_\-\.=:_\+\/]+',
    'authorization_api' : r'api[key|\s*]+[a-zA-Z0-9_\-]+',
    'mailgun_api_key' : r'key-[0-9a-zA-Z]{32}',
    'twilio_api_key' : r'SK[0-9a-fA-F]{32}',
    'twilio_account_sid' : r'AC[a-zA-Z0-9_\-]{32}',
    'twilio_app_sid' : r'AP[a-zA-Z0-9_\-]{32}',
    'paypal_braintree_access_token' : r'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}',
    'square_oauth_secret' : r'sq0csp-[ 0-9A-Za-z\-_]{43}|sq0[a-z]{3}-[0-9A-Za-z\-_]{22,43}',
    'square_access_token' : r'sqOatp-[0-9A-Za-z\-_]{22}|EAAA[a-zA-Z0-9]{60}',
    'stripe_standard_api' : r'sk_live_[0-9a-zA-Z]{24}',
    'stripe_restricted_api' : r'rk_live_[0-9a-zA-Z]{24}',
    'github_access_token' : r'[a-zA-Z0-9_-]*:[a-zA-Z0-9_\-]+@github\.com*',
    'rsa_private_key' : r'-----BEGIN RSA PRIVATE KEY-----',
    'ssh_dsa_private_key' : r'-----BEGIN DSA PRIVATE KEY-----',
    'ssh_dc_private_key' : r'-----BEGIN EC PRIVATE KEY-----',
    'pgp_private_block' : r'-----BEGIN PGP PRIVATE KEY BLOCK-----',
    'json_web_token' : r'ey[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$',

    'name_for_my_regex' : r'my_regex',
    # for example
    'example_api_key'    : r'^example\w+{10,50}'
}

secretfinder's People

Contributors

Stargazers

Watchers

Forkers

fuzz-security random-robbie silentsoul04 thesecuretux laowang1026 nova4005 vionde hunter0x8 mmg1 bbhunter boudar tmacbg monopole-zh agent00049 gub0x1 optionalg crackercat 5l1v3r1 sec-js sec99 jack51706 anhkhoa14592 zardnet slowmistio rdago ihab000 hoangthanhnguyen 3453-315h kewser hotelzululima arryboom alishahmughal123 affilares 0xceeb b-xiang aurorafang terncgod viuviu-max faisalrathore quint-anir element-92 samueladewole victorb32 3cr3sc3nt pherisw blockchainguard hollow667 ltgrp ajm41 itsecres-nandant polling-repo-continua anotherwayin wh014m johndoehack ajaysenr im403 cyberhack255 s4ur4bh ameg-yag ohoud21 abhhi-101 rijinrij inosec tamersp25 ipk1 creazygan nahoragg an0nym0u5101 0x03-two kingking888 m3g4byt3 tim1512 krouser conan25216 tobey123 pyking jitendersrivastava vishal9066 sheldonx97 alekkras y0d4a w9w bemonolit thawhakyi binhan98 outlook-com xaquille gvvynplaine 0xnoobie1100 jsav0 punt0 masterscott muhaprime coolaf xtenex kid-joe slooppe ravipraj mandedevelopments bla3e316

secretfinder's Issues

index error

Traceback (most recent call last):
File "/home/secretfinder/SecretFinder.py", line 458, in
match.get('context')[0],
IndexError: list index out of range

writer.com

dada

My scret tool

Error while scanning directory with source code

Hello,

The program does not support the directory containing the source code files.

I have a directory with files:

directory/
*file1
*file2
*file3

I wanted to scan them using SecretFinder but with no luck, everytime i see this error:

python3 /home/karmaz/tools/SecretFinder/SecretFinder.py -i all_source_code

[ + ] URL: file:///home/karmaz/all_source_code
cat: standard output: Bad file descriptor

Could you please add this functionality to your SecretFinder

Have a nice day,
Karmaz

error ssl

HTTPSConnectionPool(host='www.rockstarnorth.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),)) on trying on some websites gving this error

/SecretFinder.py -o cli -e -i https://www.rockstarnorth.com/

Getting Error

Traceback (most recent call last):
File "SecretFinder.py", line 434, in
matched = parser_file(file,mode)
File "SecretFinder.py", line 181, in parser_file
items = getContext(all_matches,content,regex[0])
File "SecretFinder.py", line 157, in getContext
context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
File "/usr/lib/python3.7/re.py", line 223, in findall
return _compile(pattern, flags).findall(string)
File "/usr/lib/python3.7/re.py", line 286, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.7/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.7/sre_parse.py", line 938, in parse
raise source.error("unbalanced parenthesis")
re.error: unbalanced parenthesis at position 12

ssl error

Dear Sir,

After running the code, I got error that max retries exceeded with url. Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available."))
I installed openssl module but still problem persists.
Could you please suggest how should I solve this issue.

Best Regards,

Ashish

Getting Error

Feature: Accept a list of JS files as input

If possible, can we pass a list of JS files collected via recon to check for API keys. Add a switch to pass the filename where there is a list of URLs of JS files.

More regexes

Some missing regex that I use under gf

"vtex-key":r"vtex-api-(appkey|apptoken)",
"amazon_key":r"([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}",
"Authorization":r"^Bearer\s[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", # This one already exists, just need to check implementation since I'm no regex master
"Slack Token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", # The one that coded checks for the existence of api_token, which is not always true.
"SSH (OPENSSH) private key": "-----BEGIN OPENSSH PRIVATE KEY-----",
"Facebook Oauth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].{0,30}['\"\\s][0-9a-f]{32}['\"\\s]",
"Twitter Oauth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]",
"GitHub": "[g|G][i|I][t|T][h|H][u|U][b|B].{0,30}['\"\\s][0-9a-zA-Z]{35,40}['\"\\s]",
"Generic Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]", # can generate false positives
"Generic API Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]", # can generate false positives
"Slack Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
"SlackInternal": "slack-corp"

The regexes are already escaped, if I find time I will add a PR without the escaping in order to work with this project

cat: standard output: Bad file descriptor

Anyone gets the error cat: standard output: Bad file descriptor when trying to run the whole website?
python3 SecretFinder.py -i https://web-site.com -e

Cannot run SecretFinder because ModuleNotFoundError

I'm using python 3.6.8 on mac osx 10.14.1

secretfinder$ python SecretFinder.py -i https://code.jquery.com/jquery-3.3.1.js -o cli
Traceback (most recent call last):
File "SecretFinder.py", line 16, in
import jsbeautifier
ModuleNotFoundError: No module named 'jsbeautifier'

Error with list index

Traceback (most recent call last):
File "/root/secretfinder/SecretFinder.py", line 459, in
match.get('context')[0],
IndexError: list index out of range

user

Certificate Warning

Urlib.disable_warnings()
is not working
need to be edited to:
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Unbalanced parenthesis at position 17

Hello,

I'm using this command to trigger scan

python SecretFinder.py -i https://www.mywebsite.com -e

but after enumerating some JavaScript files , it throws an error like this

Traceback (most recent call last): File "SecretFinder.py", line 435, in <module> matched = parser_file(file,mode) File "SecretFinder.py", line 182, in parser_file items = getContext(all_matches,content,regex[0]) File "SecretFinder.py", line 158, in getContext context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE) File "C:\Users\user\AppData\Local\Programs\Python\Python37\lib\re.py", line 225, in findall return _compile(pattern, flags).findall(string) File "C:\Users\user\AppData\Local\Programs\Python\Python37\lib\re.py", line 288, in _compile p = sre_compile.compile(pattern, flags) File "C:\Users\user\AppData\Local\Programs\Python\Python37\lib\sre_compile.py", line 764, in compile p = sre_parse.parse(p, flags) File "C:\Users\user\AppData\Local\Programs\Python\Python37\lib\sre_parse.py", line 938, in parse raise source.error("unbalanced parenthesis") re.error: unbalanced parenthesis at position 17

upon googling I found out that it is related to escaping character in Regex, but still not able to solve the problem. Any solution?

an error

my os kali
[902504:902504:0609/120954.212620:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

giving error if we giving burp file burp.xml

python3 ~/tools/secretfinder/SecretFinder.py -i burp.xml -b -o cli -r ^/

Traceback (most recent call last):
File "SecretFinder.py", line 428, in
print('[ + ] URL: '+url)
TypeError: must be str, not dict

Error when loading Burp version 2020.12

Getting an error when loading in Burp:

`Traceback (most recent call last):
File "C:\tools\SecretFinder-master\SecretFinder.py", line 10, in
sys.exit(0)
SystemExit: 0

at org.python.core.PySystemState.exit(PySystemState.java:1505)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:188)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:206)
at org.python.core.PyObject.__call__(PyObject.java:497)
at org.python.core.PyObject.__call__(PyObject.java:501)
at org.python.core.PyMethod.__call__(PyMethod.java:141)
at org.python.pycode._pyx4.f$0(C:/tools/SecretFinder-master/SecretFinder.py:463)
at org.python.pycode._pyx4.call_function(C:/tools/SecretFinder-master/SecretFinder.py)
at org.python.core.PyTableCode.call(PyTableCode.java:171)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1614)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at burp.avb.<init>(Unknown Source)
at burp.co7.a(Unknown Source)
at burp.d_u.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)

Error while scanning domain for sensative information in JS files

Hello, hope all is well. Just had a quick question concerning the scanner. When I tried to scan a domain, I ended up getting the following error after it found a few java script files and then froze:

Traceback (most recent call last):
  File "/home/username/secretfinder/SecretFinder.py", line 435, in <module>
    matched = parser_file(file,mode)
  File "/home/username/secretfinder/SecretFinder.py", line 182, in parser_file
    items = getContext(all_matches,content,regex[0])
  File "/home/username/secretfinder/SecretFinder.py", line 158, in getContext
    context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
  File "/usr/lib/python3.8/re.py", line 241, in findall
    return _compile(pattern, flags).findall(string)
  File "/usr/lib/python3.8/re.py", line 304, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib/python3.8/sre_compile.py", line 764, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib/python3.8/sre_parse.py", line 948, in parse
    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
  File "/usr/lib/python3.8/sre_parse.py", line 443, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
  File "/usr/lib/python3.8/sre_parse.py", line 549, in _parse
    raise source.error("unterminated character set",
re.error: unterminated character set at position 13

The command I used was "python3 SecretFinder.py -i domain.com -e -o /directory/output.html". I checked to make sure that all of the requirements were installed. Thanks! Love the tool!

error line 456

Traceback (most recent call last):
File "SecretFinder.py", line 456, in
body += '

'%(match.get('context')[0])

args.header.split('\\n') should be args.headers.split('\\n') in line 354

Hi, in the line 354 of SecretFinder.py there is a call to args.header, but the correct according to the object is headers

so line 354 becomes args.headers.split('\n')

help

how fix it

Traceback (most recent call last):
File "/home/kali/secretfinder/SecretFinder.py", line 435, in
matched = parser_file(file,mode)
File "/home/kali/secretfinder/SecretFinder.py", line 182, in parser_file
items = getContext(all_matches,content,regex[0])
File "/home/kali/secretfinder/SecretFinder.py", line 158, in getContext
context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
File "/usr/lib/python3.10/re.py", line 240, in findall
return _compile(pattern, flags).findall(string)
File "/usr/lib/python3.10/re.py", line 303, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.10/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.10/sre_parse.py", line 950, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
File "/usr/lib/python3.10/sre_parse.py", line 443, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
File "/usr/lib/python3.10/sre_parse.py", line 838, in _parse
raise source.error("missing ), unterminated subpattern",
re.error: missing ), unterminated subpattern at position 15

thx

https://mail.yashodamail.com

there is a error in line 356 args.header should be args.headers

line 356 args.header should be args.headers

Can I run SecretFinder Inside a .txt files containing JS files ?

Hey M4ll0k,

Please I just want to know if the .js file need to be inside one text file or how ?

for example

Subfinder -d example.com | gauplus | subjs | sort -u >> jsfiles.txt

Is there anyway to run secretfinder inside this .txt file containing the jsfiles ?

Can't load .js files from the folder

I have downloaded .js files from gau then I want to process it with this script.
But it just dumps the names of all files on cli and doesn't works.

Command I tried.

python3 SecretFinder.py -i ../location/to/jsfiles/*

python3 SecretFinder.py -i ../location/to/jsfiles/

help error message after setup and start use

/home/maxemos/.local/lib/python3.9/site-packages/requests/packages/urllib3/connectionpool.py:764: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
warnings.warn((

┌──(maxemos㉿kali)-[~/secretfinder]
└─$ [2709:2709:0625/013933.874314:ERROR:gpu_init.cc(426)] Passthrough is not supported, GL is desktop

Secret finder hangs when trying with -i switch

script hangs when I user below command:

python SecretFinder.py -i https://www.xyz.com:443/static/js/main.3437702a.chunk.js

Error on scanning through BurpSuite

I'm trying to use the secret finder extension in burp suite, I'm getting the following error and no match is reported in Dashboard.

Kindly look into this when u have time.

Let me know If you need additional details of this issue. We can also collaborate and fix this issue if you wish :)

	at org.python.pycode._pyx4.call_function(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py)
	at org.python.core.PyTableCode.call(PyTableCode.java:173)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
	at org.python.core.PyFunction.__call__(PyFunction.java:485)
	at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
	at org.python.core.PyMethod.__call__(PyMethod.java:228)
	at org.python.core.PyMethod.__call__(PyMethod.java:218)
	at org.python.core.PyMethod.__call__(PyMethod.java:213)
	at org.python.core.PyObject._jcallexc(PyObject.java:3565)
	at org.python.core.PyObject._jcall(PyObject.java:3598)
	at org.python.proxies.__main__$BurpExtender$7.doPassiveScan(Unknown Source)
	at burp.g5c.run(Unknown Source)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Traceback (most recent call last):
  File "/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py", line 109, in doPassiveScan
    BurpExtender.issuename%(' '.join([x.title() for x in reg[0].split('_')])), 
  File "/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py", line 140, in findRegEx
    encoded_resp=binascii.b2a_base64(self._helpers.bytesToString(response))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 4738-4740: ordinal not in range(128)

	at org.python.core.codecs.strict_errors(codecs.java:206)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.python.core.JavaFunc.__call__(Py.java:2895)
	at org.python.core.PyObject.__call__(PyObject.java:433)
	at org.python.core.codecs.encoding_error(codecs.java:1537)
	at org.python.core.codecs.PyUnicode_EncodeIntLimited(codecs.java:1210)
	at org.python.core.codecs.PyUnicode_EncodeASCII(codecs.java:1169)
	at org.python.core.codecs.encode(codecs.java:163)
	at org.python.core.PyString.encode(PyString.java:3995)
	at org.python.core.PyString.encode(PyString.java:3987)
	at org.python.modules.binascii.getByteBuffer(binascii.java:1056)
	at org.python.modules.binascii.b2a_base64(binascii.java:452)
	at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190)
	at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:208)
	at org.python.core.PyObject.__call__(PyObject.java:461)
	at org.python.core.PyObject.__call__(PyObject.java:465)
	at org.python.pycode._pyx4.findRegEx$8(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py:163)
	at org.python.pycode._pyx4.call_function(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py)
	at org.python.core.PyTableCode.call(PyTableCode.java:173)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
	at org.python.core.PyFunction.__call__(PyFunction.java:485)
	at org.python.core.PyMethod.__call__(PyMethod.java:187)
	at org.python.pycode._pyx4.doPassiveScan$5(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py:118)
	at org.python.pycode._pyx4.call_function(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py)
	at org.python.core.PyTableCode.call(PyTableCode.java:173)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
	at org.python.core.PyFunction.__call__(PyFunction.java:485)
	at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
	at org.python.core.PyMethod.__call__(PyMethod.java:228)
	at org.python.core.PyMethod.__call__(PyMethod.java:218)
	at org.python.core.PyMethod.__call__(PyMethod.java:213)
	at org.python.core.PyObject._jcallexc(PyObject.java:3565)
	at org.python.core.PyObject._jcall(PyObject.java:3598)
	at org.python.proxies.__main__$BurpExtender$7.doPassiveScan(Unknown Source)
	at burp.g5c.run(Unknown Source)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Traceback (most recent call last):
  File "/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py", line 109, in doPassiveScan
    BurpExtender.issuename%(' '.join([x.title() for x in reg[0].split('_')])), 
  File "/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py", line 140, in findRegEx
    encoded_resp=binascii.b2a_base64(self._helpers.bytesToString(response))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 19399-19401: ordinal not in range(128)

	at org.python.core.codecs.strict_errors(codecs.java:206)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.python.core.JavaFunc.__call__(Py.java:2895)
	at org.python.core.PyObject.__call__(PyObject.java:433)
	at org.python.core.codecs.encoding_error(codecs.java:1537)
	at org.python.core.codecs.PyUnicode_EncodeIntLimited(codecs.java:1210)
	at org.python.core.codecs.PyUnicode_EncodeASCII(codecs.java:1169)
	at org.python.core.codecs.encode(codecs.java:163)
	at org.python.core.PyString.encode(PyString.java:3995)
	at org.python.core.PyString.encode(PyString.java:3987)
	at org.python.modules.binascii.getByteBuffer(binascii.java:1056)
	at org.python.modules.binascii.b2a_base64(binascii.java:452)
	at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190)
	at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:208)
	at org.python.core.PyObject.__call__(PyObject.java:461)
	at org.python.core.PyObject.__call__(PyObject.java:465)
	at org.python.pycode._pyx4.findRegEx$8(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py:163)
	at org.python.pycode._pyx4.call_function(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py)
	at org.python.core.PyTableCode.call(PyTableCode.java:173)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
	at org.python.core.PyFunction.__call__(PyFunction.java:485)
	at org.python.core.PyMethod.__call__(PyMethod.java:187)
	at org.python.pycode._pyx4.doPassiveScan$5(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py:118)
	at org.python.pycode._pyx4.call_function(/home/user/Bug_Hunter/BurpSuite-Secret_Finder-master/SecretFinder.py)
	at org.python.core.PyTableCode.call(PyTableCode.java:173)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
	at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
	at org.python.core.PyFunction.__call__(PyFunction.java:485)
	at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
	at org.python.core.PyMethod.__call__(PyMethod.java:228)
	at org.python.core.PyMethod.__call__(PyMethod.java:218)
	at org.python.core.PyMethod.__call__(PyMethod.java:213)
	at org.python.core.PyObject._jcallexc(PyObject.java:3565)
	at org.python.core.PyObject._jcall(PyObject.java:3598)
	at org.python.proxies.__main__$BurpExtender$7.doPassiveScan(Unknown Source)
	at burp.g5c.run(Unknown Source)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

error

Traceback (most recent call last):
File "SecretFinder.py", line 456, in
body += '

'%(match.get('context')[0])
IndexError: list index out of range

unterminated character set at position 13

python3 SecretFinder.py -i 'example.com_jsfiles/*' -o results.html

[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\dist\assets\js\assets\landing\swiper\assets\js\gsap\gsap.min.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\dist\assets\global\js\assets\global\js\browser-detection.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\assets\landing\assets\global\js\assets\js\assets\js\gsap\ScrollToPlugin.min.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\assets\landing\assets\global\js\environment.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\zone.js\dist\assets\landing\swiper\assets\js\assets\global\js\browser-detection.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\zone.js\dist\assets\js\assets\landing\gsap\assets\global\js\browser-detection.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\assets\landing\assets\js\assets\js\assets\js\jquery-3.5.1.slim.min.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\zone.js\dist\assets\js\assets\global\js\assets\js\gsap\ScrollToPlugin.min.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\vendor.d9c3b571db2d7a824753.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\zone.js\dist\assets\global\js\assets\landing\gsap\TweenMax.min.js
[ + ] URL: file:/example.com_jsfiles\www.example.com\zone.js\main.73bb990592b4d36257fd.js

Traceback (most recent call last):
File "/home/kali/C2/SecretFinder.py", line 434, in
matched = parser_file(file,mode)
File "/home/kali/C2/SecretFinder.py", line 181, in parser_file
items = getContext(all_matches,content,regex[0])
File "/home/kali/C2/SecretFinder.py", line 157, in getContext
context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
File "/usr/lib/python3.9/re.py", line 241, in findall
return _compile(pattern, flags).findall(string)
File "/usr/lib/python3.9/re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.9/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.9/sre_parse.py", line 948, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
File "/usr/lib/python3.9/sre_parse.py", line 443, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
File "/usr/lib/python3.9/sre_parse.py", line 549, in _parse
raise source.error("unterminated character set",
re.error: unterminated character set at position 13

Error

root@kali:~/Music/SecretFinder# [1978:1978:0401/192606.280400:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported.

Can't run anything after install in Kali Linux

Traceback (most recent call last):
File "/root/Downloads/secretfinder/SecretFinder.py", line 435, in
matched = parser_file(file,mode)
File "/root/Downloads/secretfinder/SecretFinder.py", line 182, in parser_file
items = getContext(all_matches,content,regex[0])
File "/root/Downloads/secretfinder/SecretFinder.py", line 158, in getContext
context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
File "/usr/lib/python3.9/re.py", line 241, in findall
return _compile(pattern, flags).findall(string)
File "/usr/lib/python3.9/re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.9/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.9/sre_parse.py", line 962, in parse
raise source.error("unbalanced parenthesis")
re.error: unbalanced parenthesis at position 21

The Code is giving me Errors

/usr/bin/sensible-browser: 8: open: not found
Start : This command cannot be run due to the error: The system cannot find the file specified.
At line:1 char:1

Start "/home/sanath/tools/SecretFinder/output.html"

  + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
  + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

iam using wsl Ubuntu
i have properly installed sensible-browser
i am able to open firefox and chrome from sensible-browser

No module named 'jsbeautifier'

when i run the script it show this error

Traceback (most recent call last):
File "SecretFinder.py", line 16, in
import jsbeautifier
ModuleNotFoundError: No module named 'jsbeautifier'

error again

Traceback (most recent call last):
File "SecretFinder.py", line 434, in
matched = parser_file(file,mode)
File "SecretFinder.py", line 181, in parser_file
items = getContext(all_matches,content,regex[0])
File "SecretFinder.py", line 157, in getContext
context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
File "/usr/lib/python3.8/re.py", line 241, in findall
return _compile(pattern, flags).findall(string)
File "/usr/lib/python3.8/re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.8/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.8/sre_parse.py", line 962, in parse
raise source.error("unbalanced parenthesis")
re.error: unbalanced parenthesis at position 13

Error when extracting output or scanning domain for js files

[11837:11837:0622/221827.226495:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
[0622/221831.006644:ERROR:nacl_helper_linux.cc(308)] NaCl helper process running without a sandbox!
Most likely you need to configure your SUID sandbox correctly
[0622/221831.007386:ERROR:nacl_helper_linux.cc(308)] NaCl helper process running without a sandbox!
Most likely you need to configure your SUID sandbox correctly

I think -i is not working with folders

Hi man!

I tried the -i option with a folder, but I think it's not working. Please see the img attached.

Thanks.

Marcos

Error

Getting following error in secretfinder

/usr/local/lib/python3.8/dist-packages/requests-2.7.0-py3.8.egg/requests/packages/urllib3/connectionpool.py:764: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
warnings.warn((

webbrowser dependency

Hey there, I was wondering which package is exacly "webbrowser", as when I try to install the dependencies I get this:


ERROR: Could not find a version that satisfies the requirement webbrowser (from -r requirements.txt (line 5)) (from versions: none)
ERROR: No matching distribution found for webbrowser (from -r requirements.txt (line 5))

"SecretFinder"installation issue.

I have to install SecretFinder with git clone in kali then install all requirements with file "requirements.txt" then I try to execute "SecretFinder.py" this executable file but they give me this error
"[ + ] Run this tool with python version 3.+" but I have already "Python 3.8.3" this python version so what i do? plz any help....

thank you....

IndexError: list index out of range

Hello,

Unfortunately when i run the tool while given it a jsfile as input it throw this error,

Traceback (most recent call last):
  File "/tools/SecretFinder/SecretFinder.py", line 429, in <module>
    body += '</a><div class="container">%s</div></div>'%(match.get('context')[0])
IndexError: list index out of range

Thanks

Error while runnning secretfinder.py - NoModuleFoundError

python3 SecretFinder.py
Traceback (most recent call last):
File "SecretFinder.py", line 20, in
import requests
ModuleNotFoundError: No module named 'requests'

File Example?

Trying to use a bit list of urls but getting no joy.

root@bb1:~/SecretFinder# python3 SecretFinder.py -i file://urls.txt -o output
[ + ] URL: file://urls.txt
Traceback (most recent call last):
  File "SecretFinder.py", line 402, in <module>
    file = send_request(url)
  File "SecretFinder.py", line 320, in send_request
    return s.get(url).content.decode('utf-8','replace')
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/requests_file.py", line 34, in send
    raise ValueError("file: URLs with hostname components are not permitted")
ValueError: file: URLs with hostname components are not permitted

Getting Errors , help needed.

while running this tool with "-e" for example : python3 SecretFinder.py -i https://www.domain.com -e

It is giving this error ,

Traceback (most recent call last):
File "SecretFinder.py", line 433, in
matched = parser_file(file,mode)
File "SecretFinder.py", line 180, in parser_file
items = getContext(all_matches,content,regex[0])
File "SecretFinder.py", line 156, in getContext
context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)

Also this tool was working amazingly few days before but as i update mp ubuntu to newer version and installed it again this tool is not working fine .

Please help.

m4ll0k / secretfinder Goto Github PK

secretfinder's Introduction

about SecretFinder

Help

Installation

Usage

add Regex

secretfinder's People

Contributors

Stargazers

Watchers

Forkers

secretfinder's Issues

Recommend Projects

Recommend Topics

Recommend Org