swaggerHole - A Python3 Script Searching For Secret On Swaggerhub
Introduction
This tool is made to automate the process of retrieving secrets in the public APIs on [swaggerHub](https://app.swaggerhub.com/search). This tool is multithreaded and pipe mode is available :)
Requirements
- python3 (sudo apt install python3) - pip3 (sudo apt install python3-pip) ## Installation
pip3 install swaggerholegit clone https://github.com/Liodeus/swaggerHole.gitpip3 install .Usage
_____ _ __ ____ _ ____ _ ____ _ ___ _____ / ___/| | /| / // __ `// __ `// __ `// _ \ / ___/ (__ ) | |/ |/ // /_/ // /_/ // /_/ // __// / /____/ |__/|__/ \__,_/ \__, / \__, / \___//_/ __ __ __ /____/ /____/ / / / /____ / /___ / /_/ // __ \ / // _ \ / __ // /_/ // // __/ /_/ /_/ \____//_/ \___/ usage: swaggerhole [-h] [-s SEARCH] [-o OUT] [-t THREADS] [-j] [-q] [-du] [-de]optional arguments: -h, --help show this help message and exit -s SEARCH, --search SEARCH Term to search -o OUT, --out OUT Output directory -t THREADS, --threads THREADS Threads number (Default 25) -j, --json Json ouput -q, --quiet Remove banner -du, --deactivate_url Deactivate the URL filtering -de, --deactivate_email Deactivate the email filteringSearch for secret about a domain
swaggerHole -s test.comecho test.com | swaggerHoleSearch for secret about a domain and output to json
swaggerHole -s test.com --jsonecho test.com | swaggerHole --jsonSearch for secret about a domain and do it fast :)
swaggerHole -s test.com -t 100echo test.com | swaggerHole -t 100Output explanation
Normal output
`Finding_Type - Finding - [Swagger_Name][Date_Last_Update][Line:Number]`
Json output
`{"Finding_Type": Finding, "File": File_path, "Date": Date_Last_Update, "Line": Number}`
Deactivate url/email
Using -du or -de remove the filtering done by the tool. There is more false positive with those options.
Source: www.kitploit.com
swaggerHole - A Python3 Script Searching For Secret On Swaggerhub
Reviewed by Zion3R
on
4:06 AM
Rating:
Reviewed by Zion3R
on
4:06 AM
Rating:
