Sensitive Data (API Key, JWT token, etc.) Exposed

Git Repos

Credentials in git repos

JS Files

Web Enumeration

Easiest way to find hidden api from js filesMedium

GitHub - BishopFox/jsluice: Extract URLs, paths, secrets, and other interesting bits from JavaScriptGitHub

GitHub - m4ll0k/SecretFinder: SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript filesGitHub

GitHub - MrEmpy/mantra: 「🔑」A tool used to hunt down API key leaks in JS files and pagesGitHub

Validate different API keys found

GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.GitHub