Automate the process of retrieving secrets in the public APIs on swaggerHub
Project description
A python3 script searching for secret on swaggerhub
Introduction • Requirements • Installation • Usage • Output explanation • Thanks
Introduction
This tool is made to automate the process of retrieving secrets in the public APIs on swaggerHub. This tool is multithreaded and pipe mode is available :)
Requirements
- python3 (sudo apt install python3)
- pip3 (sudo apt install python3-pip)
Installation
pip3 install swaggerhole
or cloning this repository and running
git clone https://github.com/Liodeus/swaggerHole.git
pip3 install .
Usage
_____ _ __ ____ _ ____ _ ____ _ ___ _____
/ ___/| | /| / // __ `// __ `// __ `// _ \ / ___/
(__ ) | |/ |/ // /_/ // /_/ // /_/ // __// /
/____/ |__/|__/ \__,_/ \__, / \__, / \___//_/
__ __ __ /____/ /____/
/ / / /____ / /___
/ /_/ // __ \ / // _ \
/ __ // /_/ // // __/
/_/ /_/ \____//_/ \___/
usage: swaggerhole [-h] [-s SEARCH] [-o OUT] [-t THREADS] [-j] [-q] [-du] [-de]
optional arguments:
-h, --help show this help message and exit
-s SEARCH, --search SEARCH
Term to search
-o OUT, --out OUT Output directory
-t THREADS, --threads THREADS
Threads number (Default 25)
-j, --json Json ouput
-q, --quiet Remove banner
-du, --deactivate_url
Deactivate the URL filtering
-de, --deactivate_email
Deactivate the email filtering
Search for secret about a domain
swaggerHole -s test.com
echo test.com | swaggerHole
Search for secret about a domain and output to json
swaggerHole -s test.com --json
echo test.com | swaggerHole --json
Search for secret about a domain and do it fast :)
swaggerHole -s test.com -t 100
echo test.com | swaggerHole -t 100
Output explanation
Normal output
[Swagger_Name][Date_Last_Update][Line:Number] Finding_Type - Finding
Json output
{"File": File_path, "Date": Date_Last_Update, "Line": Number, "Finding_Type": Finding}
Deactivate url/email
Using -du or -de remove the filtering done by the tool. There is more false positive with those options.
Thanks
TODO
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for swaggerhole-1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 65221f8947c1eb4711a6447900b484b107cecfff5e35d86bbb1297d8f18f4fcb |
|
MD5 | a62d9443e572076e4b2e2b82cd39f70e |
|
BLAKE2b-256 | d90e56a945e0b5e917ffb42dc77251920a40eaec7f7a2a1b78e95b4a192b18a3 |