DomainSecretScanner automates secret extraction from JavaScript files, aiding bug bounty hunters, penetration testers, Security Researchers also developers. It simplifies collecting sensitive data like API keys and passwords, usernames, AWS Access keys, and others.
- Automated subdomain discovery.
- Collection of JavaScript files from discovered subdomains.
- Extraction of secrets from JavaScript files.
- Consolidation of extracted secrets into a single output file.
Follow these steps for Installation:
https://github.com/husnainsuleman/DomainSecretScanner.git
chmod +x install.sh domain_secret_scanner.sh
./install.sh
./domain_secret_scanner.sh
You can see in this ScreenShot all secrets extracted from the JavaScript file:
This tool is intended for educational and ethical testing purposes only. Users are responsible for complying with all applicable laws and regulations.