InfoScraper is a Python implementation of sudosuraj's secret scanning JavaScript one-liner and the JavaScript payload for creating wordlists of renniepak to help with bug bounty and penetration testing.
Clone the repository and install requirements if necessary.
$ git clone https://github.com/0xsyr0/InfoScraper.git$ pip3 install -r requirements.txtTo get a list of all options and switches simple execute the script.
$ python3 infoscraper.py
+-+-+-+-+-+-+-+-+-+-+-+
|I|n|f|o|S|c|r|a|p|e|r|
+-+-+-+-+-+-+-+-+-+-+-+
usage: infoscraper.py [-h] [-u URL] [-s] [-w] [-o OUTPUT]
InfoScraper - Extract secrets and/or wordlists from a target URL.
options:
-h, --help show this help message and exit
-u, --url URL Target URL to scan
-s, --secrets Scan for secrets in page content
-w, --wordlist Generate a wordlist from the page content
-o, --output OUTPUT Output file to save results (optional for both modes)You can test with the test.html before firing it against your target.
$ python3 -m http.server 80$ python3 infoscraper.py -u http://localhost/test.html -s
+-+-+-+-+-+-+-+-+-+-+-+
|I|n|f|o|S|c|r|a|p|e|r|
+-+-+-+-+-+-+-+-+-+-+-+
[!] Potential secrets found:
CREDENTIALS
- Enumeration
- SuperSecret123!
- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
- api_key=12345-abcde-67890-fghij
- Test
JWT
- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
IPS
- 192.168.1.100
AWSKEYS
- AKIAIOSFODNN7EXAMPLE
EMAILS
- [email protected]$ python3 infoscraper.py -u http://localhost/test.html -w
+-+-+-+-+-+-+-+-+-+-+-+
|I|n|f|o|S|c|r|a|p|e|r|
+-+-+-+-+-+-+-+-+-+-+-+
[+] Wordlist (119 words):
<--- CUT FOR BREVITY --->
API
AWS
Code
Credentials
DOCTYPE
EXAMPLE
Email
Embedded
Enumeration
Fake
Form
HTML
Hidden
IjoxNTE
IkpXVCJ
IkpvaG
JWT
JavaScript
Key
Login
<--- CUT FOR BREVITY --->