Sensitive Data (API Key, JWT token, etc.) Exposed

API Discovery / Reco

Git Repos

Credentials in git repos

JS Files

Web Enumeration

Easiest way to find hidden api from js filesMedium

GitHub - BishopFox/jsluice: Extract URLs, paths, secrets, and other interesting bits from JavaScriptGitHub

GitHub - m4ll0k/SecretFinder: SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript filesGitHub

GitHub - MrEmpy/mantra: 「🔑」A tool used to hunt down API key leaks in JS files and pagesGitHub

API Leaks

API Leaks

Validate different API keys found

GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.GitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• Hacking APIs: Breaking Web Application Programming Interfaces A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

• Black Hat GraphQL: Attacking Next Generation APIs This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.