Scribd
Upload
2 views2 pages

CCPS WPS

The document lists various sensitive information types such as AWS keys, passwords, and tokens, relevant for bug bounty and penetration testing. It outlines a method for collecting links and source code, particularly focusing on JavaScript files to find sensitive information. Additionally, it references tools like 'subjs' and 'katana' for further reconnaissance activities.

Uploaded by

sblue7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views2 pages

CCPS WPS

The document lists various sensitive information types such as AWS keys, passwords, and tokens, relevant for bug bounty and penetration testing. It outlines a method for collecting links and source code, particularly focusing on JavaScript files to find sensitive information. Additionally, it references tools like 'subjs' and 'katana' for further reconnaissance activities.

Uploaded by

sblue7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Mizanur Rahman Pranto

23:37
aws_access_key | aws_secret_key | apikey | passwd | pwd | heroku | slack
| firebase | swagger | aws_secret_key | laws key | password | ftp password
| jdbc | db | sql | secret jet | config | admin | pwd | json | gcp l htaccess
| .env | ssh key | .git | access key | secret token | oauth_token |
oauth_token_secret"  
- Tatget domain - Any Sob-domain ( For bug bounty all, For PenTest
which is required) - Collect all the links - Go for Source Code - Enter .js
and check all the files - Open .js file in a new tab - Collect all the
Javascript Link - Open JavaScript Link - Find the sensitive info

| aws_secret_key | apikey | passwd | pwd | heroku | slack | firebase |


swagger | aws_secret_key | laws key | password | ftp password | jdbc | db
| sql | secret jet | config | admin | pwd | json | gcp l htaccess | .env | ssh
key | .git | access key | secret token | oauth_token | oauth_token_secret"
 
- Tatget domain - Any Sob-domain ( For bug bounty all, For PenTest
which is required) - Collect all the links - Go for Source Code - Enter .js
and check all the files - Open .js file in a new tab - Collect all the
Javascript Link - Open JavaScript Link - Find the sensitive info

tar xvf subjs_1.0.0_linux_amd64.tar.gz $ mv subjs /usr/bin/subjs


https://github.com/lc/subjs
Dork
https://github.com/cipher387/Dorks-collections-list?tab=readme-ov-
file#githubdorks

katana
subjs
JSLeskRecon

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy