swaggerHole - A Python3 Script Searching For Secret On Swaggerhub


Introduction 

This tool is made to automate the process of retrieving secrets in the public APIs on [swaggerHub](https://app.swaggerhub.com/search). This tool is multithreaded and pipe mode is available :) 

Requirements 

 - python3 (sudo apt install python3) - pip3 (sudo apt install python3-pip) ## Installation
pip3 install swaggerhole
or cloning this repository and running
git clone https://github.com/Liodeus/swaggerHole.gitpip3 install .

Usage

   _____ _      __ ____ _ ____ _ ____ _ ___   _____  / ___/| | /| / // __ `// __ `// __ `// _ \ / ___/ (__  ) | |/ |/ // /_/ // /_/ // /_/ //  __// /    /____/  |__/|__/ \__,_/ \__, / \__, / \___//_/         __  __        __   /____/ /____/                  / / / /____   / /___                              / /_/ // __ \ / // _ \                            / __  // /_/ // //  __/                           /_/ /_/ \____//_/ \___/                            usage: swaggerhole [-h] [-s SEARCH] [-o OUT] [-t THREADS] [-j] [-q] [-du] [-de]optional arguments:  -h, --help            show this help message and exit  -s SEARCH, --search SEARCH                        Term to search  -o OUT, --out OUT     Output directory  -t THREADS, --threads THREADS                        Threads number (Default 25)  -j, --json            Json ouput  -q, --quiet           Remove banner  -du, --deactivate_url                        Deactivate the URL filtering  -de, --deactivate_email                        Deactivate the email filtering

Search for secret about a domain

swaggerHole -s test.comecho test.com | swaggerHole

Search for secret about a domain and output to json

swaggerHole -s test.com --jsonecho test.com | swaggerHole --json

Search for secret about a domain and do it fast :)

swaggerHole -s test.com -t 100echo test.com | swaggerHole -t 100

Output explanation

Normal output

 `Finding_Type - Finding - [Swagger_Name][Date_Last_Update][Line:Number]` 

Json output

 `{"Finding_Type": Finding, "File": File_path, "Date": Date_Last_Update, "Line": Number}` 

Deactivate url/email 

Using -du or -de remove the filtering done by the tool. There is more false positive with those options. 

Source: www.kitploit.com
swaggerHole - A Python3 Script Searching For Secret On Swaggerhub swaggerHole - A Python3 Script Searching For Secret On Swaggerhub Reviewed by Zion3R on 4:06 AM Rating: 5