V2.2.0 Beta

This release is meant to include a new feature called Secrets Hunter. This feature is intended to help discover when parameters that are intended to be secret (e.g. passwords, tokens, account numbers, usernames, etc...) are either exposed in the URL or inadvertently sent to any out-of-scope host. A common example of where this might happen is a web-analytics provider.

To use Secrets Hunter, start by running a normal paramalyzer scan. Once that is complete, you will notice that some of the parameters are market as secrets with a checkmark. Switch to the secrets tab and use the Import Secrets button to copy those parameters over. Make any adjustments to your list, and press the Hunt Secrets! button. After the process completes you can analyze the results.