Vulnerability Bounty Tool Recommendation: WIH

Hello hackers,

Today I’m introducing a very practical tool that can be quickly utilized in bounty projects.

Tool Introduction:

WebInfoHunter (abbreviated as WIH) is a powerful, user-friendly, and highly extensible command-line tool. It can quickly obtain various specific information from designated web pages. It is written in Golang. The tool is designed to quickly and in bulk find specific information within JS on specified web pages, such as subdomains, paths, URLs, emails, IPs, phone numbers, AK and SecretKey, etc. After finding AK and SK or JWT information, it can verify the validity of JWT Tokens and check the effectiveness of AK and SK in cloud APIs, saving verification time. In terms of output, WIH supports multiple formats including text, JSON, CSV, HTML, and Markdown, allowing users to choose the most suitable output format for their needs.

Tool URL:

Tool Interface:

Personal Experience:

In a recent red team operation, I used this tool to discover leaked access keys and secrets in the target JS files, which helped me acquire a lot of information from the target.

I also routinely use it in bounty projects to quickly obtain sensitive information from target JS files, thereby identifying vulnerabilities in a large number of target systems and enhancing my hunting efficiency!

It is also very simple to use, you just need to import the URL you want to crawl, and it will automatically perform the search. Of course, you can also enrich the crawling rules to save time.

Let’s enjoy hunting together!