🔑 gf-secrets
Secret and/or credential patterns used for gf.
Requirements ✨
- Have
gfin your machine. Install now if not ready!
Getting started 💫
Clone this repository.
▶ git clone https://github.com/dwisiswant0/gf-secretsThen copy all JSON pattern files into ~/.gf directory.
▶ cd gf-secrets/
▶ cp -a .gf/ $HOMESee also:
- secpat2gf: convert secret patterns to gf compatible.
Workaround ♻️
Finding for testing point with gau and fff.
▶ gau -subs [host] | cut -d"?" -f1 | grep -E "\.js(onp?)?$" | tee urls.txt
▶ sort -u urls.txt | fff -s 200 -o out/After we save response from known URLs, it's time to digging for secrets.
Usage 💬
▶ ./gf-secrets.shYou will see stdout results in your terminal if grep recursively turns match.
Contributing 👥
If you find a general pattern for secrets and/or credentials, feel free to open pull request. 💚
License 📄
The JSON files and documentation in this project are released under the MIT License.
Tools used with this project include third party materials.
