Information_Disclosures
Last updated
Was this helpful?
Last updated
Was this helpful?
Search for pastebin dumps using their API or tools like PasteHunter or can also automate the process. (./scrape.sh -g KEYWORD
)
Check for .git Directory (ex->https://example.com/.git
) if it listed contents u can download the Dir using wget -r example.com/.git
if it didn't listed and u got something like 403, check curl https://example.com/.git/config
and try access the .git/HEAD
, traverse through the directory and download the files u want
the work flow will be something like this ```
decompressing git files using python python -c 'import zlib, sys; print repr(zlib.decompress(sys.stdin.read()))' < OBJECT_FILE
Check the Page Source take note of where the application displays or uses your personal information.
use jsleak tool
Then right-click those pages and click View page source. You should see the HTML source code of the current page. Follow the links on this page to find other HTML files and JavaScript files ,grep every page for hardcoded credentials, API keys, and personal information with keywords like password and api_key. locate JavaScript files on a site by using tools like