.png)
8 months ago
69 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello
Today I will show you how to find hidden api’s from a js file
Let’s starts
## Requirements
extensorSecretFinderWaybackurlsgauwaymoresubfinderurlremoverLet’s starts
First we have to select target lets say indeed.com
Steps
Find subdomains using subfindersubfinder -d indeed.com -v -o subdomains.txt-d : Define domain-v : verbose result-o : output file2. After the subdomain enumeration use waymore ,gau and waybacurls to get manys urls as possible
First with waybackurls
cat subdomains.txt | waybackurls > waybackurls.txtsecond gau
cat subdomains.txt | gau > gau.txtthird and last waymore
waymore -i subdomains.txt -mode U > waymore.txt-i : file name of subdomains-mode U : so only urls capture3. Now will collect all urls into a single file naming as allurls
4. we will use extensor to find the endpoint file
after the extensor finish work
5. we use SecretFinder to find apikeys from js file
cat js.txt | while read url; do python3 /home/kali/tools/SecretFinder/SecretFinder.py -i $url -o cli; doneIt will run a while loop and find hidden api’s
It will shows all the possible credentials in js file
when you find it just report and enjoy the bounty
Thank you !!
Bengali (Bangladesh) · 
English (United States) ·