Skip to content

Releases: h33tlit/Jbin-website-secret-scraper

Jbin 2.0 (Upgrade)

01 Jun 08:57
@h33tlit h33tlit
Jbin-V12.0
5a1528f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Jbin 2.0 (Upgrade) Latest
Latest 
Jbin-V12.0

Update README.md
Assets 3
Loading

Jbin V1.5

06 Mar 18:23
@h33tlit h33tlit
Jbin-V1.5
7c36f76
Compare
Choose a tag to compare
Jbin V1.5
  • Added the option to reduce power
  • Fixed the parser
Assets 3
Loading

Jbin V1.4

03 Mar 09:42
@h33tlit h33tlit
Jbin-V1.4
c467801
Compare
Choose a tag to compare
Jbin V1.4
  • Realtime task monitoring
  • Url validation
Assets 3
Loading

Jbin V1.3

28 Feb 19:50
@h33tlit h33tlit
Jbin-V1.3
bfa02b7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Jbin V1.3
  • Directory bruteforce option added
  • Custom wordlist
Assets 3
Loading

Jbin V1.2

28 Feb 09:39
@h33tlit h33tlit
Jbin-V1.2
acb070f
Compare
Choose a tag to compare
Jbin V1.2
  • Fixed the loading bar issues now you can go to "Settings" and set your default process count and it will help us track the actual background tasks.
  • Added wayback API URLs as a bonus with all the URLs we scrape
Assets 3
Loading

Jbin V1.1

26 Feb 20:43
@h33tlit h33tlit
Jbin-V1.1
80b339c
Compare
Choose a tag to compare
Jbin V1.1

Improvements such as multi-threading added and also users can now add custom regex to scan. Also you will have a nice excel report after the scan is done!

Assets 3
Loading

Jbin v1.0

26 Feb 18:34
@h33tlit h33tlit
Jbin-V1.0
afe27fd
Compare
Choose a tag to compare
Jbin v1.0

Jbin Website Secret Scraper V1.0

Installation

  1. Install flask pip install Flask
  2. Now set the environment variables export FLASK_APP=wsgi.py and export FLASK_ENV=debug
  3. Now you can just run the application flask run

[Note]: Make sure you verify that flask is installed flask --version

Testing

Url: https://peaceful-colden-270bad.netlify.app

Copy the url and put it to the tool, Select AWS Keys/IPV4/IPV6 from the options and verify it's capabilities

Usage

Now go to http://127.0.0.1:5000/ where by default the application will be launched but if that port is in used you can run this flask run --host=127.0.0.1 --port=ANY PORT NUMBER

Enter your target domain and select the regex which will scrape out the secrets.

Screenshot 2022-02-23 at 11 57 06 PM

Currently we are scraping these secrets:

 Google Maps API 
 Artifactory API 
 Artifactory Pass 
 Auth Tokens 
 AWS Access Keys 
 AWS MWS Auth Token 
 Base 64 
 Basic Auth Credentials 
 Cloudanary Basic Auth Tokens 
 Facebook Access Tokens 
 Facebook Oauth Tokens 
 Github Secrets 
 Google Cloud API 
 Google Oauth Tokens 
 Youtube Oauth Tokens 
 Heroku API Keys 
 IPV4 
 IPV6 
 URL Without http 
 URL With http 
 Generic API 
 RSA Private Keys 
 PGP Private Keys 
 Mailchamp API key 
 Mailgun API key 
 Picatic API 
 Slack Token 
 Slack Webhook 
 Stripe API Keys 
 Square Access Token 
 Square Oauth Secret 
 Twilio API key 
 Twitter Client ID 
 Twitter Oauth 
 Twitter Secret Keys 
 Vault Token 
 Firebase Secrets 
 Paypal Braintree Tokens

The result will be like this:
Screenshot 2022-02-24 at 12 05 46 AM

If we find a valid secret it will show like this:
Screenshot 2022-02-24 at 12 11 51 AM

Please do create issues if you face any error while using the application

Assets 3
Loading