I was getting lots of requests and msg on Whatsapp, LinkedIn, Twitter about the source code analysis, and exploitation of API Keys. So I will share my approach and also some blogs and writeups which you can refer to get a clear understanding.

Google Images

_So whenever we think of source code analysis, one thing which comes to my mind is how can I check thousands line of code manually. It’s not impossible but it’s time-consuming. So when I started learning about this Source Code Analysis, I asked _Aditya Shende (Follow him on Twitter for tips on Bug Hunting) regarding this and he explained to me that try to use some keywords and focus on searching .js file (Don’t look min.js).

But now the problem is there are many .js file and I am very lazy to search all so what to do???

Secret Finder-It is a python script based on LinkFinder, written to discover sensitive data like API keys, access token, authorizations, jwt,…etc in JavaScript files. This tool scrapes the js data from a particular domain and gives you output on the terminal on the basis of keywords defined in its regex.

#infosec #bug-bounty #bug-bounty-tips #data-analysis