From 35e41d4c660e21de47e54b0a3642e428c239d236 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Thu, 31 Dec 2020 01:30:52 +0000
Subject: [PATCH] GitBook: [master] one page modified

---
 external-recon-methodology.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/external-recon-methodology.md b/external-recon-methodology.md
index dd2afb58..439c364c 100644
--- a/external-recon-methodology.md
+++ b/external-recon-methodology.md
@@ -320,6 +320,8 @@ Now that we have built the list of assets of our scope it's time to search for s
 * extension:js jsforce conn.login
 * extension:json googleusercontent client\_secret
 
+You can also search for leaked secrets in all open repository platforms using: [https://searchcode.com/?q=auth\_key](https://searchcode.com/?q=auth_key)
+
 ## [**Pentesting Web Methodology**](pentesting/pentesting-web/)\*\*\*\*
 
 Anyway, the **majority of the vulnerabilities** found by bug hunters resides inside **web applications**, so at this point I would like to talk about a **web application testing methodology**, and you can [**find this information here**](pentesting/pentesting-web/).